Database Hardening

Following are the general guidelines used for DB hardening:

Complete server hardening checklist. Ideally, run on latest supported version (or at least a supported version) of the Operating System.

Use the latest generation of database server.

Install the latest vendor-provided patches for the database. Be sure to include patches for database support software that isn’t directly bundled with the database.

Remove default usernames and passwords

Manually reviews installed stored procedures and delete those that aren’t going to be used. In many cases, most or all stored procedures can be deleted.

Where possible, isolate sensitive databases to their own servers. Databases containing Personally Identifiable Information, or otherwise sensitive data should be

protected from the Internet by a network firewall, and administrative/DBA access should be limited to as few individuals as possible.

Ensure that application access to the database is limited to the minimal access necessary. For example, reporting applications that just require read-only access should be appropriately limited.

Manually validate that logging of successful and failed authentication attempts is working.

Use complex names for database users. Use especially complex passwords for these users.

Create alternative administrative users for each DBA, rather than allowing multiple individual users to regularly use the default administrative account.