SQL Server 2005 Security and the Microsoft Developer's Security Resource Kit

Authentication

SQL Server 2005 clustering supports Kerberos authentication against a SQL Server 2005 virtual server. Administrators can specify Microsoft Windows-style policies on standard logins so that a consistent policy is applied across all accounts in the domain.

Native Encryption

SQL Server 2005 supports encryption capabilities within the database itself, fully integrated with a key management infrastructure. By default, client/server communications are encrypted. To centralize security assurance, server policy can be defined to reject unencrypted communications.

SQL Server and Trustworthy Computing

The Microsoft Trustworthy Computing initiative outlines a framework that defines the steps necessary to support more secure computing as well as measures that help you deploy and maintain a more secure environment. These steps help to protect the confidentiality, integrity, and availability of data and systems at every phase of the software life cycle — from design, to delivery, to maintenance. To uphold the four tenets of the Trustworthy Computing initiative, Microsoft and the SQL Server team have addressed the following issues:

• Secure by design. The SQL Server development team conducted multiple security audits and spent more than two months studying SQL Server components and the interaction between them. For each potential security threat, the team did a threat analysis to evaluate the issue and completed additional design and testing work to neutralize potential security issues. Because of these design efforts, SQL Server 2005 includes many new server security features.
• Secure by default. Upon installation, SQL Server 2005 chooses the right set of configuration values for all setup options, ensuring that when a new system is installed, it will be in a secure state by default.
• Secure in deployment. Microsoft has created content to help organizations deploy SQL Server using the proper security credentials and to fully understand the steps and permissions required. SQL Server deployment tools provide the information necessary to understand the decisions you need to make during deployment. Security updates are easy to find and install — and if you choose the option, the updates install automatically. Tools are also available to help you assess and manage security risks across organizations.

How does one get a copy of the Microsoft Developer's Security Resource Kit?

To order a copy of the resource kit, click the following link and follow the simple steps to get your own resource kit.

http://go.microsoft.com/fwlink/?LinkId=62744

The Microsoft Developer Security Resource Kit is available free for a limited time. Users pay only a small shipping & handling charge