Skip to main content

SQL Server Database

Each Bravura Security Fabric server is configured with a SQL Server database. Most commonly, the database server software is deployed on the same server as the Bravura Security Fabric application. It follows that the database must also be hardened.

Remove or disable unused services and components

Do not install anything beyond the core SQL server software. Specifically, leave out or disable:

  • SQL Server Analysis Services (SSAS).

  • SQL Server Integration Services (SSIS).

  • Full-Text Engine.

  • The Filter Daemon Launcher.

  • SQL Server Reporting Services (SSRS).

  • Active Directory Helper.

  • SQL Server VSS Writer service.

  • SQL Server Browser.

Disable TCP/IP access to MSSQL

Bravura Security Fabric will connect to the database locally, so network access can and should be disabled. Use SQL Configuration manager to disable all but shared memory access to the database.

Limit access to the database

After installing the SQL Server database software and Bravura Security Fabric , remove access by the OS Administrators group to the database and change the password for the sa account.

Configure a dedicated, local-admin account for use by The SQL Server Agent service, so that it runs in a different security context than the database itself.

In this section: