Step by Step - Hardening SQL Server 2019

Hardening SQL Server

Step 1. Disable the -sa user account. 

Step 2. TCP 1433 is the default port for SQL. But this port needs to be changed to secure the server. 

Step 3. Create and configure password policy for SQL Server.  Follow the path to change the password policy:

• Group Policy Management Editor - “Computer Configuration - Policies - Windows Settings - Security Settings”  -  Account Policies.

Step 4. Disable "xpcmdshell" in order to block sending commands. 

Step 5. Right Click to “Security – Logins – Audits” in order to create audit policy.

Step 6. Enable audit policy after creation.

Step 7. Disable all unnecessary ports including NETBIOS and SMB.

Step 8. Scan the databases for vulnerabilities by using SQL Vulnerability Assesment.

Step 9. Check, review and update hardening configurations according to resaults of vulnerability scan.