MS SQL Security Configuration Audit
Insufficient data protection requirements for databases and potential misuse or disclosure of data can fatally damage an organization's operations through reputational and financial losses, as well as legal consequences arising from unfulfilled obligations and duties to clients, business partners, and state institutions, thereby irreversibly harming the company's credibility in the eyes of its partners.
For this reason, hardening database systems is an appropriate security measure that can effectively protect against the misuse of stored data. The MS SQL database system is natively integrated with the MS Windows operating system on which it runs, which is why we offer Microsoft SQL Server database server auditing as an extension to a Security Configuration Audit of a MS Windows server.
Our database system configuration service identifies security weaknesses in your database setup and helps you apply technical recommendations to resolve them. Its implementation reduces the risk of successful attacks and ensures an optimal balance between security requirements and operational performance, tailored to your desired level of protection.
Supported platforms:
- Microsoft SQL Server 2005 / 2008 / 2008R2 / 2012 / 2014 / 2016 / 2017 / 2022 / 2025
- We support both 32-bit (SQL Server 2014 and older) and 64-bit deployments
Security baselines:
- DCIT standard
- DCIT high security
- Client-defined standard
Security Hardening Procedure
- Collecting information about the security configuration of the assessed database system (security audit)
- Comparing the assessed configuration with the requirements of the chosen baseline
- Identifying security deficiencies and recommending technical procedures for their remediation
- Application of expert recommendations (hardening)
- Iterating steps 1-4 until compliance with the required baseline is achieved.
The security audit is documented in a way that allows further developement by the customer without direct involvement of external consultants.
Audit scope
MS SQL Security Configuration Audit audit usually covers the following areas:
| ID | Area |
|---|---|
| 1. | Basic Configuration and Statistics |
| 2. | Access Protocols |
| 3. | System Services |
| 4. | SQL Agent |
| 5. | Authentication |
| 6. | Remote Access – Remote & Linked Servers |
| 7. | Server Permissions |
| 8. | Database Permissions |
In case of special customer requirements, we are prepared to adjust the scope of the audit.
Any questions?
If you are interested in more details please contact us.