Security!! A word – that everybody want, whatever it may for - a life, money or a job. In an IT world this term is often used, and asked by the client, the customer or the end user because it is closely attached to the information they are providing or storing or exchanging with each other. It can create a chaos if an ounce of the information is leaked or spread publicly; refer the case about classified US Military info available, reported in July-2007 by Network World.
So, what we really have to care about that every piece of work that we do should be secure - by default, and this applies to every technology. That means whatever we work on, we should follow and implement the security policies to build the robust and secure product. Recently, I was researching about security and I found a link about Microsoft Security Development Lifecycle (SDL). It is since 2004 that Microsoft has made SDL mandatory to follow for its entire product range. I would advise you to follow the same when you make a product for a business environment, communication software such as messenger or dealing with the sensitive information.
Since 2004, most of the product from Microsoft has built-in features to tighten security. This applies to SQL server as well; you can see that SQL Server 2005 has great security features i.e. you can enforce password policy on your database server to ensure that the passwords that your users are crating are strong. Apart from this now it is not necessary to assign system administrator rights to run profile, the only permission user requires is ALTER TRACE to run profiler. You may refer my article on how to secure SQL server for more pointers.
Microsoft publish security bulletin every month which will give advice you if you required installing any patch on your system. And to make this procedure easy for Windows operating systems and Office product Microsoft is offering Security Compliance Management Toolkit Series. Also to keep your system free from Viruses or malware Microsoft Assessment and Planning (MAP) toolkit is useful.
So, all in all we all should be more cautious when we are dealing with sensitive data and should improve by following SDL.
