Here are some security features from SQL 2000-2008 that I find relevant to SQL Server Security:

 

  • Transparent Data Encryption & External Key Management & Signed Modules
  • Auditing
  • User/Schema Separation
  • Change Data Capture
  • Policy Management
  • DDL Triggers
  • Code Access Security
  • SQL Login Policies
    • Strong Passwords/Match AD
  • Logon Triggers
  • Stop SQL Injection with SqlCommand Object in .NET
  • Module Execution Context
  • Fine-Grained Permission Granularity
    • Principles-Permissions-Securables
  • Grant-Revoke-Deny
  • Cell-level Encryption
  • Surface Area Configuration
  • Configuration Manager
  • Non-essential services shut down
  • Authentication Modes
  • Application Roles
  • SQL Browser moved to service, off by default
  • Windows & SQL Authentication
  • Domain Logons, NETWORK SERVICE, SYSTEM Logins
  • Secure by Design
  • Secure by Default
  • Server or Database Roles
  • Principles-Permissions-Securables
  • Cross Database Ownership Chaining
  1. 2008 http://www.microsoft.com/sqlserver/2008/en/us/Security.aspx
  2. 2005 http://www.microsoft.com/sqlserver/2005/en/us/Security.aspx
  3. 2000 http://technet.microsoft.com/en-us/library/cc966456.aspx

SQL Payment Card Industry Security

http://www.parentenet.com/news/0904_whitepaper.pdf

 

SQL Server 2008 Security

http://www.microsoft.com/sqlserver/2008/en/us/security.aspx

SQL Server Security Best Practices

  • 2008

http://www.microsoft.com/sqlserver/2008/en/us/Security.aspx

  • 2005

http://www.microsoft.com/sqlserver/2005/en/us/Security.aspx

  1. 2000

http://technet.microsoft.com/en-us/library/cc966456.aspx

http://technet.microsoft.com/en-us/cc984178.aspx

http://vyaskn.tripod.com/sql_server_security_best_practices.htm

Security Overview for DBAs

http://www.microsoft.com/sqlserver/2008/en/us/wp-sql-2008-security.aspx

SQL Server Common Criteria & SQL 2008

http://www.microsoft.com/sql/commoncriteria/certifications.mspx

http://www.cisecurity.org/bench_sqlserver.html

http://www.commoncriteriaportal.org/files/epfiles/0520a.pdf

SQL Server Compliance

http://www.microsoft.com/sql/compliance

http://sqlcat.com/msdnmirror/archive/2009/04/15/sql-resources-for-compliance.aspx

SQL Server Security Blog

http://blogs.msdn.com/sqlsecurity/default.aspx

Center for Security Benchmarks for SQL Server

http://www.cisecurity.org/bench_sqlserver.html

Dept. of Defense & SQL 2008 Security

http://iase.disa.mil/stigs/checklist/db_srr_checklist_sql_server_v8r1-2.pdf

Microsoft vs. Oracle DB Security

http://www.ngssoftware.com/research/papers/comparison.pdf

Implementing Row- and Cell-Level Security in SQL Server 2005

http://technet.microsoft.com/en-us/library/cc966395.aspx

Payment Industry Security Practices

http://www.parentenet.com/news/0904_whitepaper.pdf

Courseware

2787A        Designing Security for Microsoft SQL Server 2005

4614A        Designing Security for Microsoft® SQL Server 2005 Designing Security for Microsoft® SQL Server 2005

4615A        Designing Security for Microsoft SQL Server 2005

SQL Security NewsGroup

microsoft.public.sqlserver.security