Infrastructure at your Service

Stéphane Haby

SQL server security pre-conference @SQL Pass Summit 2018 in Seattle

After long hours of flights, Christophe Cosme and I finally arrived in Seattle at the SQL PASS Summit 2018. We picked up our badge and bag and now we are ready to begin…

welcome2

This first day for me started with the pre-conference about SQL Server Security with Denny Cherry.
Many topics were discussed like:

  • Network Designs (such as public IP vs. Private IP)
  • Firewall configurations (such as Network Design between Public network, Internal network and DMZ)
  • Physical Security Options (such as Cloud security)
  • Data Encryption Options (such as Always Encrypted)
  • Password Protection Options (such as rules to set a sql login password)
  • Contained Databases (such as principle of contained Databases)
  • Always On Availability Groups Security (such as new roles and sysadmin role)
  • Internet-facing Applications (such as SQL CLR risks)
  • SQL injections (Ascii characters that aren’t actually ascii)
  • Backups (such as backups encryption using TDE or Backup encryption)
  • Antivirus (such as Best Practice for the Antivirus)
  • SAN Security Designs (such as disk encryption option)
  • SQL Server Auditing Options (such as setting up auditing)

It will be a tough to go through all these subjects and all are interesting…

 preconf2

I preferred focusing on the Antivirus topic and to give you a little update on that.
First, we know that Antivirus can cause issues (CPU, memory and IO) on SQL Server.
As I always tell my customers, it is better not to install an antivirus on a server with SQL Server.
Why? Performance can be impacted but also because it will corrupt your databases too.
In the case that you have an Antivirus installed on a SQL Server, Denny gave us a good way to verify if it will inject itself into SQL Server:

SELECT * FROM sys.dm_os_loaded_modules where company != 'Microsoft Corporation'

loaded_modules
This is also a good way to verify for other providers too and see a security break!
Beside this, do not forget to exclude files, folders and SQL Server from the Antivirus.
The list of exclusions is on the TechNet website here

A point I really ignored was that SQL Server 2016 & after, include and enabled Windows Defender but you can have very poor performance if is not setup correctly…

antivirus

As conclusion, I will just write that Antivirus is good but not for SQL Server! 8-)

Leave a Reply

Stéphane Haby
Stéphane Haby

Delivery Manager