Best practices for physical security strictly limit access to the physical server and hardware components. For example, use locked rooms with restricted access for the database server hardware and networking devices. In addition, limit access to backup media by storing it at a secure offsite location.

Implementing physical network security starts with keeping unauthorized users off the network. The following table contains more information about networking security information.

Operating system service packs and upgrades include important security enhancements. Apply all updates and upgrades to the operating system after you test them with the database applications.

Firewalls also provide effective ways to implement security. Logically, a firewall is a separator or restrictor of network traffic, which can be configured to enforce your organization's data security policy. If you use a firewall, you will increase security at the operating system level by providing a chokepoint where your security measures can be focused. The following table contains more information about how to use a firewall with SQL Server.

Surface area reduction is a security measure that involves stopping or disabling unused components. Surface area reduction helps improve security by providing fewer avenues for potential attacks on a system. The key to limiting the surface area of SQL Server includes running required services that have "least privilege" by granting services and users only the appropriate rights. The following table contains more information about services and system access.

If your SQL Server system uses Internet Information Services (IIS), additional steps are required to help secure the surface of the platform. The following table contains information about SQL Server and Internet Information Services.

SQL Server uses operating system files for operation and data storage. Best practices for file security requires that you restrict access to these files. The following table contains information about these files.

SQL Server service packs and upgrades provide enhanced security. To determine the latest available service pack available for SQL Server, see the SQL Server Web site.

You can use the following script to determine the service pack installed on the system.

SELECT CONVERT(char(20), SERVERPROPERTY('productlevel'));
GO

Encryption does not solve access control problems. However, it enhances security by limiting data loss even in the rare occurrence that access controls are bypassed. For example, if the database host computer is misconfigured and a malicious user obtains sensitive data, such as credit card numbers, that stolen information might be useless if it is encrypted. The following table contains more information about encryption in SQL Server.

Certificates are software "keys" shared between two servers that enable secure communications by way of strong authentication. You can create and use certificates in SQL Server to enhance object and connection security. The following table contains information about how to use certificates with SQL Server.

The following table contains information about SQL Server tools and utilities that you can use to configure and administer security.

The Database Engine exposes security information in several views and functions that are optimized for performance and utility. The following table contains information about security views and functions.