{"id":757,"date":"2020-09-15T22:52:36","date_gmt":"2020-09-16T01:52:36","guid":{"rendered":"https:\/\/maurobernal.com.ar\/blog\/?p=757"},"modified":"2020-09-15T22:54:57","modified_gmt":"2020-09-16T01:54:57","slug":"consejos-para-asegurar-tu-ms-sql-server","status":"publish","type":"post","link":"https:\/\/maurobernal.com.ar\/blog\/consejos-para-asegurar-tu-ms-sql-server\/","title":{"rendered":"Consejos para asegurar tu MS SQL Server"},"content":{"rendered":"\n<p><strong>Microsoft SQL Server<\/strong>\u00a0es un sistema de administraci\u00f3n de bases de datos relacionales (RDBMS) que contiene pocos componentes y subcomponentes. Cada componente en\u00a0<strong>SQL Server<\/strong>\u00a0tiene su propio mecanismo de seguridad que est\u00e1 casi separado el uno del otro. La\u00a0<strong>seguridad de Database Engine<\/strong>\u00a0incluye la cuenta de servicio, la instancia y la seguridad de las bases de datos.<\/p>\n\n\n\n<p>Como DBA y Sysadmin debes pensar en diferentes mecanismo para asegurar tus motores de bases de datos. No solo por la criticidad de la informaci\u00f3n, sino por el costo de no estar en producci\u00f3n. <\/p>\n\n\n\n<p>Lo primero que debes pensar es a nivel de networking que medidas tomar<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Cambia el puerto predeterminado de tu SQL Server (<a href=\"https:\/\/maurobernal.com.ar\/blog\/blog\/mssql\/cambiar-el-puerto-del-ms-sql-server\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/maurobernal.com.ar\/blog\/blog\/mssql\/cambiar-el-puerto-del-ms-sql-server<\/a>)<\/li><li>SQL Server puede encriptar el protocolo TDS con protocolo SSL. Para habilitar el protocolo SSL, SQL Server necesita un certificado auto firmado o un certificado autorizado de los proveedores de certificados.<\/li><li>Revisa y crea las reglas en tu firewall en base a tu puerto<ul><li>Por ejemplo: limita las conexiones entrantes solo a tu segmento de red permitido<\/li><\/ul><\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>netsh advfirewall firewall add rule name=\"SQL Access\" ^\r\ndir=in action=allow ^\r\nprogram=\"%programfiles%\\Microsoft SQL Server\\MSSQL12.MSSQLSERVER\\MSSQL\\Binn\\sqlservr.exe\" ^\r\nremoteip=LOCAL_SUBNET<\/code><\/pre>\n\n\n\n<p>Seguido a este puedes tener en cuenta estas recomendaciones a nivel de sistema operativo:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>De forma predetermina el servicio del MS SQL Server corre con su propio usuario que tiene permisos limitados a los archivos, a la red y al registro. Mi consejo es que trabajes siempre dentro de un entorno de directorio activo (DC) y que crees un usuario nuevo, \u00fanico para cada instancia de SQL Server<\/li><li>Este usuario debe ser extremadamente limitado, solo para correr el servicio.<\/li><li>Recuerda que complementario al servicio del SQL Server, tendr\u00e1s el del agente, encargado entre otras cosas de efectuar tu backup. Haz lo mismo y limita su ambito solo al directorio de backups, el c\u00faal no deber\u00eda estar disponible para usuarios normales del directorio activo<\/li><\/ul>\n\n\n\n<p>A nivel de aplicaci\u00f3n, ten tu informaci\u00f3n encriptada y cifrada<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Puedes encriptar la informaci\u00f3n almacenada en tus tablas, limit\u00e1ndose a campos extremadamente sensibles (como tarjetas de cr\u00e9dito, cuentas bancarias, etc)<\/li><li>Pero tambi\u00e9n puedes cifrar toda la base de datos. <\/li><\/ul>\n\n\n\n<p>Mas adelante te mostrar\u00e9 como hacer estos dos \u00faltimos puntos&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft SQL Server\u00a0es un sistema de administraci\u00f3n de bases de datos relacionales (RDBMS) que contiene pocos componentes y subcomponentes. Cada componente en\u00a0SQL Server\u00a0tiene su propio mecanismo de seguridad que est\u00e1&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[1],"tags":[],"class_list":["post-757","post","type-post","status-publish","format-standard","hentry","category-blog"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Consejos para asegurar tu MS SQL Server &#183; devops Mauro Bernal<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/maurobernal.com.ar\/blog\/consejos-para-asegurar-tu-ms-sql-server\/\" \/>\n<meta property=\"og:locale\" content=\"es_ES\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Consejos para asegurar tu MS SQL Server &#183; devops Mauro Bernal\" \/>\n<meta property=\"og:description\" content=\"Microsoft SQL Server\u00a0es un sistema de administraci\u00f3n de bases de datos relacionales (RDBMS) que contiene pocos componentes y subcomponentes. Cada componente en\u00a0SQL Server\u00a0tiene su propio mecanismo de seguridad que est\u00e1...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/maurobernal.com.ar\/blog\/consejos-para-asegurar-tu-ms-sql-server\/\" \/>\n<meta property=\"og:site_name\" content=\"devops Mauro Bernal\" \/>\n<meta property=\"article:published_time\" content=\"2020-09-16T01:52:36+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-09-16T01:54:57+00:00\" \/>\n<meta name=\"author\" content=\"Mauro Bernal\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@_maurobernal\" \/>\n<meta name=\"twitter:site\" content=\"@_maurobernal\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mauro Bernal\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tiempo de lectura\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/maurobernal.com.ar\\\/blog\\\/consejos-para-asegurar-tu-ms-sql-server\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/maurobernal.com.ar\\\/blog\\\/consejos-para-asegurar-tu-ms-sql-server\\\/\"},\"author\":{\"name\":\"Mauro Bernal\",\"@id\":\"https:\\\/\\\/maurobernal.com.ar\\\/blog\\\/#\\\/schema\\\/person\\\/09c4dbdfb59b20e015c703fd19713283\"},\"headline\":\"Consejos para asegurar tu MS SQL Server\",\"datePublished\":\"2020-09-16T01:52:36+00:00\",\"dateModified\":\"2020-09-16T01:54:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/maurobernal.com.ar\\\/blog\\\/consejos-para-asegurar-tu-ms-sql-server\\\/\"},\"wordCount\":370,\"commentCount\":2,\"publisher\":{\"@id\":\"https:\\\/\\\/maurobernal.com.ar\\\/blog\\\/#\\\/schema\\\/person\\\/09c4dbdfb59b20e015c703fd19713283\"},\"articleSection\":[\"Blog\"],\"inLanguage\":\"es\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/maurobernal.com.ar\\\/blog\\\/consejos-para-asegurar-tu-ms-sql-server\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/maurobernal.com.ar\\\/blog\\\/consejos-para-asegurar-tu-ms-sql-server\\\/\",\"url\":\"https:\\\/\\\/maurobernal.com.ar\\\/blog\\\/consejos-para-asegurar-tu-ms-sql-server\\\/\",\"name\":\"Consejos para asegurar tu MS SQL Server &#183; devops Mauro Bernal\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/maurobernal.com.ar\\\/blog\\\/#website\"},\"datePublished\":\"2020-09-16T01:52:36+00:00\",\"dateModified\":\"2020-09-16T01:54:57+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/maurobernal.com.ar\\\/blog\\\/consejos-para-asegurar-tu-ms-sql-server\\\/#breadcrumb\"},\"inLanguage\":\"es\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/maurobernal.com.ar\\\/blog\\\/consejos-para-asegurar-tu-ms-sql-server\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/maurobernal.com.ar\\\/blog\\\/consejos-para-asegurar-tu-ms-sql-server\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Portada\",\"item\":\"https:\\\/\\\/maurobernal.com.ar\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Consejos para asegurar tu MS SQL Server\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/maurobernal.com.ar\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/maurobernal.com.ar\\\/blog\\\/\",\"name\":\"devops Mauro Bernal\",\"description\":\"Cuando tu trabajo es hacer que las cosas funcionen bien...\",\"publisher\":{\"@id\":\"https:\\\/\\\/maurobernal.com.ar\\\/blog\\\/#\\\/schema\\\/person\\\/09c4dbdfb59b20e015c703fd19713283\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/maurobernal.com.ar\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"es\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/maurobernal.com.ar\\\/blog\\\/#\\\/schema\\\/person\\\/09c4dbdfb59b20e015c703fd19713283\",\"name\":\"Mauro Bernal\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/maurobernal.com.ar\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/07\\\/logo-maurobernal.png?fit=1740%2C1740&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/maurobernal.com.ar\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/07\\\/logo-maurobernal.png?fit=1740%2C1740&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/maurobernal.com.ar\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/07\\\/logo-maurobernal.png?fit=1740%2C1740&ssl=1\",\"width\":1740,\"height\":1740,\"caption\":\"Mauro Bernal\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/maurobernal.com.ar\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/07\\\/logo-maurobernal.png?fit=1740%2C1740&ssl=1\"},\"description\":\"Desarrollo de Sistemas en .Net, IT Callcenters, DBA de SQL Server, Mikrotik, Pentest y T\u00e9cnico consultor de Sistemas Bejerman\",\"sameAs\":[\"https:\\\/\\\/maurobernal.com.ar\",\"https:\\\/\\\/x.com\\\/_maurobernal\",\"https:\\\/\\\/youtube.com\\\/maurobernal\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Consejos para asegurar tu MS SQL Server &#183; devops Mauro Bernal","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/maurobernal.com.ar\/blog\/consejos-para-asegurar-tu-ms-sql-server\/","og_locale":"es_ES","og_type":"article","og_title":"Consejos para asegurar tu MS SQL Server &#183; devops Mauro Bernal","og_description":"Microsoft SQL Server\u00a0es un sistema de administraci\u00f3n de bases de datos relacionales (RDBMS) que contiene pocos componentes y subcomponentes. Cada componente en\u00a0SQL Server\u00a0tiene su propio mecanismo de seguridad que est\u00e1...","og_url":"https:\/\/maurobernal.com.ar\/blog\/consejos-para-asegurar-tu-ms-sql-server\/","og_site_name":"devops Mauro Bernal","article_published_time":"2020-09-16T01:52:36+00:00","article_modified_time":"2020-09-16T01:54:57+00:00","author":"Mauro Bernal","twitter_card":"summary_large_image","twitter_creator":"@_maurobernal","twitter_site":"@_maurobernal","twitter_misc":{"Escrito por":"Mauro Bernal","Tiempo de lectura":"2 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/maurobernal.com.ar\/blog\/consejos-para-asegurar-tu-ms-sql-server\/#article","isPartOf":{"@id":"https:\/\/maurobernal.com.ar\/blog\/consejos-para-asegurar-tu-ms-sql-server\/"},"author":{"name":"Mauro Bernal","@id":"https:\/\/maurobernal.com.ar\/blog\/#\/schema\/person\/09c4dbdfb59b20e015c703fd19713283"},"headline":"Consejos para asegurar tu MS SQL Server","datePublished":"2020-09-16T01:52:36+00:00","dateModified":"2020-09-16T01:54:57+00:00","mainEntityOfPage":{"@id":"https:\/\/maurobernal.com.ar\/blog\/consejos-para-asegurar-tu-ms-sql-server\/"},"wordCount":370,"commentCount":2,"publisher":{"@id":"https:\/\/maurobernal.com.ar\/blog\/#\/schema\/person\/09c4dbdfb59b20e015c703fd19713283"},"articleSection":["Blog"],"inLanguage":"es","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/maurobernal.com.ar\/blog\/consejos-para-asegurar-tu-ms-sql-server\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/maurobernal.com.ar\/blog\/consejos-para-asegurar-tu-ms-sql-server\/","url":"https:\/\/maurobernal.com.ar\/blog\/consejos-para-asegurar-tu-ms-sql-server\/","name":"Consejos para asegurar tu MS SQL Server &#183; devops Mauro Bernal","isPartOf":{"@id":"https:\/\/maurobernal.com.ar\/blog\/#website"},"datePublished":"2020-09-16T01:52:36+00:00","dateModified":"2020-09-16T01:54:57+00:00","breadcrumb":{"@id":"https:\/\/maurobernal.com.ar\/blog\/consejos-para-asegurar-tu-ms-sql-server\/#breadcrumb"},"inLanguage":"es","potentialAction":[{"@type":"ReadAction","target":["https:\/\/maurobernal.com.ar\/blog\/consejos-para-asegurar-tu-ms-sql-server\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/maurobernal.com.ar\/blog\/consejos-para-asegurar-tu-ms-sql-server\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Portada","item":"https:\/\/maurobernal.com.ar\/blog\/"},{"@type":"ListItem","position":2,"name":"Consejos para asegurar tu MS SQL Server"}]},{"@type":"WebSite","@id":"https:\/\/maurobernal.com.ar\/blog\/#website","url":"https:\/\/maurobernal.com.ar\/blog\/","name":"devops Mauro Bernal","description":"Cuando tu trabajo es hacer que las cosas funcionen bien...","publisher":{"@id":"https:\/\/maurobernal.com.ar\/blog\/#\/schema\/person\/09c4dbdfb59b20e015c703fd19713283"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/maurobernal.com.ar\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"es"},{"@type":["Person","Organization"],"@id":"https:\/\/maurobernal.com.ar\/blog\/#\/schema\/person\/09c4dbdfb59b20e015c703fd19713283","name":"Mauro Bernal","image":{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/i0.wp.com\/maurobernal.com.ar\/blog\/wp-content\/uploads\/2023\/07\/logo-maurobernal.png?fit=1740%2C1740&ssl=1","url":"https:\/\/i0.wp.com\/maurobernal.com.ar\/blog\/wp-content\/uploads\/2023\/07\/logo-maurobernal.png?fit=1740%2C1740&ssl=1","contentUrl":"https:\/\/i0.wp.com\/maurobernal.com.ar\/blog\/wp-content\/uploads\/2023\/07\/logo-maurobernal.png?fit=1740%2C1740&ssl=1","width":1740,"height":1740,"caption":"Mauro Bernal"},"logo":{"@id":"https:\/\/i0.wp.com\/maurobernal.com.ar\/blog\/wp-content\/uploads\/2023\/07\/logo-maurobernal.png?fit=1740%2C1740&ssl=1"},"description":"Desarrollo de Sistemas en .Net, IT Callcenters, DBA de SQL Server, Mikrotik, Pentest y T\u00e9cnico consultor de Sistemas Bejerman","sameAs":["https:\/\/maurobernal.com.ar","https:\/\/x.com\/_maurobernal","https:\/\/youtube.com\/maurobernal"]}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/maurobernal.com.ar\/blog\/wp-json\/wp\/v2\/posts\/757","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/maurobernal.com.ar\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/maurobernal.com.ar\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/maurobernal.com.ar\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/maurobernal.com.ar\/blog\/wp-json\/wp\/v2\/comments?post=757"}],"version-history":[{"count":2,"href":"https:\/\/maurobernal.com.ar\/blog\/wp-json\/wp\/v2\/posts\/757\/revisions"}],"predecessor-version":[{"id":761,"href":"https:\/\/maurobernal.com.ar\/blog\/wp-json\/wp\/v2\/posts\/757\/revisions\/761"}],"wp:attachment":[{"href":"https:\/\/maurobernal.com.ar\/blog\/wp-json\/wp\/v2\/media?parent=757"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/maurobernal.com.ar\/blog\/wp-json\/wp\/v2\/categories?post=757"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/maurobernal.com.ar\/blog\/wp-json\/wp\/v2\/tags?post=757"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}