Specifications
Best practice Description
Protect the Microsoft SQL Server
installation from Internet-based attacks.
Consider the following guidelines:
• Require Windows Authentication Mode for connections to the Microsoft
SQL Server to restrict connections to Windows user accounts and
domain user accounts, and turn on credentials delegation. Windows
Authentication Mode does not require you to store passwords on the
computer.
• Use stronger authentication protocols, required password complexity,
and required expiration times.
Use a secure file system. Consider the following guidelines:
• Use NTFS for the Microsoft SQL Server because it is more stable and
recoverable than FAT file systems, and NTFS permits security options
such as file and directory ACLs and EFS.
• Do not change the permissions that the Microsoft SQL Server specifies
during the Microsoft SQL Server installation process. The Microsoft SQL
Server creates appropriate ACLs on registry keys and files if it detects
NTFS.
• If you must change the account that runs the Microsoft SQL Server,
decrypt the files that you could access using the old account and encrypt
them again for access using the new account.
Use Microsoft SQL Server Management
Studio.
Consider the following guidelines:
• Use Microsoft SQL Server Management Studio to change the account
that is associated with a Microsoft SQL Server service, if required.
Microsoft SQL Server Management Studio configures the appropriate
permissions on the files and registry keys that the Microsoft SQL Server
uses.
• Do not use the Microsoft Management Console Services applet to
change the account that is associated with a Microsoft SQL Server
service. To use this applet, you must manually change the Windows
registry, the permissions for the NTFS file system, and Windows user
rights.
For more information, visit www.support.microsoft.com to read article
KB283811.
Security Technical Overview Protecting the data that the BlackBerry Device Service stores in your organization's environment
119