dedicated SQL Server boxes?
We have some varying views within our organization on what approach to take
to protecting the SQL Server.
We do not have any file shares, or IIS or any unneeded services running on
our dedicated SQL Server's -- thus I guess I do not see the merit of using
anti-virus software on the SQL Server itself when the attach vectors are
fairly minimized.
Our SQL Servers are all internal, no DMZ, no external. The only major
vulnerability would be internal threats (which are minimized by other
internal controls, i.e. AV at the desktop, etc.).
Is patch management, properly configured SQL Server security, and a good
understanding of what services are open on the particular box enough to
protect against 90-95% of the vulnerabilities that may exist?
Thanks for your opinion,
Aaron"Aaron Vance" <thisisnttheemailyourlookingfor@.nospam.com> wrote in message
news:u$mL3kF4DHA.3576@.TK2MSFTNGP11.phx.gbl...
quote:
> Do any of you run any anti-virus software on your SQL Servers -- for
> dedicated SQL Server boxes?
We run anti-virus software on ALL of our servers regardless of role.
quote:
> We have some varying views within our organization on what approach to
take
quote:
> to protecting the SQL Server.
> We do not have any file shares, or IIS or any unneeded services running on
> our dedicated SQL Server's -- thus I guess I do not see the merit of using
> anti-virus software on the SQL Server itself when the attach vectors are
> fairly minimized.
> Our SQL Servers are all internal, no DMZ, no external. The only major
> vulnerability would be internal threats (which are minimized by other
> internal controls, i.e. AV at the desktop, etc.).
> Is patch management, properly configured SQL Server security, and a good
> understanding of what services are open on the particular box enough to
> protect against 90-95% of the vulnerabilities that may exist?
Let's say you protect against 95% of all virus vulnerabilities, that still
leaves a 5% exposure. I understand the points you are making, however if one
of my servers were compromised, and I had to make an explanation to
management -- I would not be comfortable in saying that I took most steps in
protecting these servers but not all.
Steve|||> "Aaron Vance" <thisisnttheemailyourlookingfor@.nospam.com> wrote in message
quote:
> news:u$mL3kF4DHA.3576@.TK2MSFTNGP11.phx.gbl...
We run anti-virus software on ALL of our servers regardless of role.
[QUOTE]
> take
on[QUOTE]
using[QUOTE]
>
Let's say you protect against 95% of all virus vulnerabilities, that still
leaves a 5% exposure. I understand the points you are making, however if
one
of my servers were compromised, and I had to make an explanation to
management -- I would not be comfortable in saying that I took most steps
in
protecting these servers but not all.
Steve
没有评论:
发表评论