SQL 2000/Active directory integration. HELP!!!

Discussion in 'Tech Talk' started by sushi600, Apr 12, 2005.

  1. sushi600

    sushi600 What smells?

    Messages:
    95
    Likes Received:
    0
    Joined:
    Mar 13, 2002
    SCRATCH the original question :)
    First step of install answered my Q :)

    Rarely touch databases, so any help/suggestions/quick walkthroughs on what should be done would be appreciated.

    Basically, have it installing right now using a local system account, Windows Authentication. Going to be a single public box (website, SQL). W2K OS should be locked down OK, but dunno what additional things MSSQL brings to the picture...Anyone have any suggestions on security?
     
  2. Cirric

    Cirric technogoob

    Messages:
    24
    Likes Received:
    0
    Joined:
    Apr 7, 2005
    Location:
    Left o' the Sound, WA
    There probably isn't a short and sweet answer to your questions. (Sorry).

    Things you need to think about:

    SQL has TCP Ports you might want to block at the router.
    SQL Code (T-SQL) can add security issues - Read up on SQL Injection attacks.
    MDAC/RDO can be a security risk - make sure you have the latest versions and are up to date on patches.
    Read the MS Best Practice white papers on the Microsoft site, and MSDN for SQL-Web integration.

    I've set up a few SQL Servers, mostly on separate boxes from the website, but if you want to PM me, I'll try to answer any question you have, as you could fill up this entire site with options...

    Cirric.
     

  3. grantglock

    grantglock /dev/null

    Messages:
    219
    Likes Received:
    0
    Joined:
    Feb 20, 2004
    Location:
    Iowa
    if you didnt install sql sp3 before you connected to the network you should start over b/c you probably already have the sql slammer worm. win2k iis with sql server is the last thing i would put on a public ip, thats just asking for trouble unless properly secured.
     
  4. sushi600

    sushi600 What smells?

    Messages:
    95
    Likes Received:
    0
    Joined:
    Mar 13, 2002
    Cirric: Thx for the reply. PM sent.

    grantglock: Yup :) Installed everything first (no network connection) and installed SP4 for W2K and SP3 for SQL2K off a CD before I connected anything to the network. Hardened system, closed all TCP ports except 80 and 53, and then plugged in and visited windowsupdate to get remaining patches.
     
  5. grantglock

    grantglock /dev/null

    Messages:
    219
    Likes Received:
    0
    Joined:
    Feb 20, 2004
    Location:
    Iowa
    should be good to go then
     
  6. sushi600

    sushi600 What smells?

    Messages:
    95
    Likes Received:
    0
    Joined:
    Mar 13, 2002
    Cirric and grantglock, thanks again for the responses. Everything went OK for the test.