As the focus on security has grown within the IT industry, the security features supported within SQL Server have also grown, well beyond the basics of authentication, authorization, permissions, and securables. SQL Server network encryption between the instance and the client has been available since SQL Server 2000, whereas newer features such as encrypting data at rest and column encryption were introduced in SQL Server 2008 and SQL Server 2016, respectively. With modern versions of SQL Server, you can encrypt the following:
SQL Server also supports enforcing Extended Protection and hiding your SQL Server instances, each of which helps to reduce your attack surface.
If your organization is required to comply with security standards such as CIS benchmarks or DISA STIGs, dbatools can help; we built many of the commands as we went through our own audits—and as we wrote this book! In this chapter, we will take a a closer look at these commands, which can help to secure your SQL Server estate.