Security is always a hot topic and for good reason. It should always be forefront in the mind of a DBA, something we take into consideration with everything we do.
Some of the following configurations that we will talk about are not mandatory to run SQL Server but they are required if you want to be on the highest level of security that SQL Server can offer. This is often required when you want to follow Security Technical Implementation Guidelines (STIGs). In some companies these are not optional, rather they have very strict plans to follow.
SQL Server offers some features that rely on certificates and encryption to make it more secure. We can make SQL Server even more secure using different levels of security such as using cryptographic protocols to encrypt the communications, with data at rest or even with our backups.
In this chapter, we will take a look at some options that dbatools has to offer to easily configure and use these settings, thus making it easier to turn your system more secure.
By default, SQL Server does not encrypt connections. Therefore, one way to make your SQL Server more secure is to enable encrypted connections to the database engine. Having encrypted connection make the communication authorized between the SQL Server instance and any client application. This lead, for example, to an extra security layer that can prevent sensitive data leak.