Think of SQL Server as your treasure chest. Here’s the cheeky rundown:
- Kill the SA monster: Disable or rename it. Hackers love that account.
- Service accounts on a diet: Run SQL services with skinny, low‑privilege accounts, not beefy admins.
- Switch off the toys you don’t need: xp_cmdshell, OLE automation, ad hoc queries… they’re hacker candy.
- Patch like it’s fashion week: Keep SQL, Windows, and .NET strutting the latest security runway.
- Encrypt everything: Connections, backups, sensitive columns. If it moves, lock it down.
- Network lockdown: Only let your app servers talk to SQL. Everyone else, buzz off.
- Least privilege is sexy: Stop handing out db_owner like party favors.
- Audit trails are your CCTV: Log who’s sneaking in, who’s changing roles, who’s restoring backups.
- Backups aren’t souvenirs: Encrypt them and hide them somewhere safe.
- Kerberos > NTLM: Configure SPNs properly, or you’re stuck in the past.
- Jump servers are your bouncers: Keep direct access to SQL tight and controlled.
SQL Server Security in 15 Tricks
Seyed Hamed Vahedi
Thu, 18 December, 2025