Don't think that you're responsible for security at your site? Maybe it's not your primary focus, but security, or the lack thereof, is too important for you to ignore just because "it's not my job." In this day and age, we all need to take some responsibility for the security of our database systems, even if that's not our official job function. With that in mind, I'd like to encourage you to read the Microsoft white paper "SQL Server 2000 SP3 Security Features and Best Practices,".
This paper includes deep technical information as well as a handy checklist, making it valuable whether you're directly or indirectly responsible for managing security at your organization. Written by some of the most knowledgeable security experts in the SQL Server development team—Girish Chander, James Hamilton, Willis Johnson, and Richard Waymire contributed their expertise—this paper is a must-read for SQL Server administrators, developers, and managers.
The paper focuses on SQL Server 2000 Service Pack 3 (SP3), but it's guidelines and best practices also apply to pre-SP3 installations. You'll find recommendations about SQL Server installation, administration, and deployment as well as under-the-cover details about SQL Server's security model.
If you don't have enough time to read the entire paper, at least review the comprehensive appendix, "Checklist: Security Best Practices." The checklist covers the most important lock-down items from a development, administration, and third-party Independent Software Vendor (ISV) perspective.
The amount of space devoted to security-related topics on the Microsoft SQL Server home page signals the company's increasing focus on best practices for SQL Server security. The Web site's "Focus on Security" section includes quick links to valuable security-related resources including a list of the top 10 things you can do today to improve the security of your SQL Server installations, available here.
Remember, we all need to assume some responsibility for security. Threats from serious and recreational hackers are too real and numerous to ignore. If you're involved with SQL Server in a technical or management capacity, take the time to read this white paper and get serious about security.
P.S. Many SQL Server Magazine UPDATE readers also enjoy the monthly print version of SQL Server Magazine, and I want to take a minute to congratulate the entire magazine staff and family of authors on a recent accomplishment. SQL Server Magazine recently received the prestigious "Magazine of the Year" award from the American Society for Business Publication Editors (ASBPE). Entries were judged on writing, reporting, and editing quality; value and usefulness to the reader; editorial organization and flow of content in the magazine; interaction with readers; and layout and design. The judges said, "SQL Server Magazine does a superb job for its audience." Congratulations, team!