Printable View
I have build a project with SQL on the backend to handle my database and VB.NET on the front end for users convenience. So for handling SQL server I want to know every aspect of my SQL server. I came across a term known as surface area attack recently. I would like to know what does it mean. Can anyone explain me what is surface area attack means?
Surface Area is defined as the parts of an application or server exposed to attack — some examples would be interfaces or enabled services. It can also be defined as everything that can be seen from the network on the SQL server. Every feature that is added to an application adds a certain amount of risk to the overall application. So to reduce the overall risk, we reduce the attack surface area.
Many of the features in SQL server 2005 are disabled by default. The basic idea behind this is that the installation assumed to be more secure by default. SQL server 2005 also comes with a Surface Area Configuration tool to allow the balance between enabled services and features to be controlled. For example, a web application implements online help with a search function. However, if the help feature was re-written to eliminate the search function, this must eliminate the attack surface area.