|
Home > Archive > MS SQL Server > November 2006 > Attaching DB & Security
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Attaching DB & Security
|
|
|
| Hi,
I want to prevent others from attaching my database, is it possible? Imagine
that the administrator at customer's office stops SQL Server Service and
copies our DB. How can I protect it?
Any help is appreciated.
Leila
| |
| Uri Dimant 2006-11-07, 7:12 pm |
| Leila
Remove them from sysadmin server role . If they aren't remove them from
dbcreator server role
"Leila" <Leilas@hotpop.com> wrote in message
news:OB355eaAHHA.4592@TK2MSFTNGP03.phx.gbl...
> Hi,
> I want to prevent others from attaching my database, is it possible?
> Imagine
> that the administrator at customer's office stops SQL Server Service and
> copies our DB. How can I protect it?
> Any help is appreciated.
> Leila
>
>
>
| |
| Norman Yuan 2006-11-07, 7:12 pm |
| I do not think you can prevent them from doing that if they have full
control to their OWN computer ( and the SQL Server on that computer ).
"Leila" <Leilas@hotpop.com> wrote in message
news:OB355eaAHHA.4592@TK2MSFTNGP03.phx.gbl...
> Hi,
> I want to prevent others from attaching my database, is it possible?
> Imagine
> that the administrator at customer's office stops SQL Server Service and
> copies our DB. How can I protect it?
> Any help is appreciated.
> Leila
>
>
>
| |
|
| That won't work because admin of windows can stop sql server and copy mdf
and ldf files(even if he doesn't have any login in sql server)
"Uri Dimant" <urid@iscar.co.il> wrote in message
news:OcVtQjaAHHA.3560@TK2MSFTNGP03.phx.gbl...
> Leila
>
> Remove them from sysadmin server role . If they aren't remove them from
> dbcreator server role
>
>
>
> "Leila" <Leilas@hotpop.com> wrote in message
> news:OB355eaAHHA.4592@TK2MSFTNGP03.phx.gbl...
>
>
| |
| Greg D. Moore \(Strider\) 2006-11-07, 7:12 pm |
|
"Leila" <Leilas@hotpop.com> wrote in message
news:OC9nkAdAHHA.1556@TK2MSFTNGP03.phx.gbl...
> That won't work because admin of windows can stop sql server and copy mdf
> and ldf files(even if he doesn't have any login in sql server)
Quite honestly, at this point if you can't trust them, you've got other
issues.
>
>
> "Uri Dimant" <urid@iscar.co.il> wrote in message
> news:OcVtQjaAHHA.3560@TK2MSFTNGP03.phx.gbl...
>
>
| |
| Sue Hoegemeier 2006-11-07, 7:12 pm |
| Correct...you really can't. What are you trying to protect
though? If it's an intellectual property type of thing and
these are your customers, licensing/legal agreements is
probably what you'd want to focus on.
-Sue
On Mon, 6 Nov 2006 21:49:26 +0330, "Leila"
<Leilas@hotpop.com> wrote:
>That won't work because admin of windows can stop sql server and copy mdf
>and ldf files(even if he doesn't have any login in sql server)
>
>
>"Uri Dimant" <urid@iscar.co.il> wrote in message
>news:OcVtQjaAHHA.3560@TK2MSFTNGP03.phx.gbl...
>
| |
|
| I don't agree! When a person becomes admin, only his skills are proved to
the boss, not other things. Why should we trust him when there are sensitive
data? Why is it advised to remove built-in administrators account from sql
server logins? Why you can set a password for backup set? These prove that
you cannot trust to all admins!
"Greg D. Moore (Strider)" < mooregr_deleteth1s@g
reenms.com> wrote in message
news:ONHpg0gAHHA.996@TK2MSFTNGP02.phx.gbl...
>
> "Leila" <Leilas@hotpop.com> wrote in message
> news:OC9nkAdAHHA.1556@TK2MSFTNGP03.phx.gbl...
>
> Quite honestly, at this point if you can't trust them, you've got other
> issues.
>
>
>
>
| |
| Uri Dimant 2006-11-07, 7:12 pm |
| Leila
How many admins do you have at your shop? There are server fixed roles that
you add those people , not all of them should be members of sysadmin server
role
http://vyaskn.tripod.com/ sql_serve...t_practices.htm --------security
best practices
"Leila" <Leilas@hotpop.com> wrote in message
news:%23iljU%23kAHHA
.1196@TK2MSFTNGP03.phx.gbl...
>I don't agree! When a person becomes admin, only his skills are proved to
>the boss, not other things. Why should we trust him when there are
>sensitive data? Why is it advised to remove built-in administrators account
>from sql server logins? Why you can set a password for backup set? These
>prove that you cannot trust to all admins!
>
>
> "Greg D. Moore (Strider)" < mooregr_deleteth1s@g
reenms.com> wrote in
> message
> news:ONHpg0gAHHA.996@TK2MSFTNGP02.phx.gbl...
>
>
>
| |
|
| They are not member of sysadmin! The security threat is outside of sql
server, the windows admins!
"Uri Dimant" <urid@iscar.co.il> wrote in message
news:OpSWIKlAHHA.4496@TK2MSFTNGP02.phx.gbl...
> Leila
> How many admins do you have at your shop? There are server fixed roles
> that you add those people , not all of them should be members of sysadmin
> server role
>
> ttp://vyaskn.tripod.com/ sql_server_security_
best_practices.htm --------security
> best practices
>
>
>
> "Leila" <Leilas@hotpop.com> wrote in message
> news:%23iljU%23kAHHA
.1196@TK2MSFTNGP03.phx.gbl...
>
>
| |
| Laurentiu Cristofor [MSFT] 2006-11-07, 7:12 pm |
| The machine admins can always get access to your data, especially if they
also have physical access to the machine. They can debug the process, they
can dump the memory, they can install key loggers, they can patch the
server, and so on. The only way to really protect your data against them is
to not give it to them in clear. Encrypt it before you pass it to the server
and decrypt it after you get it back. However, this is probably not
something that you can afford to do. So, you'll have to rely instead on
auditing, so if an admin does something bad, you can at least collect some
proof of what they did and use it to get legal compensation for the damages
caused by the data theft. You can also use other measures, to make getting
at the data harder, but you have to keep in mind that all these measures
would only slow down an attacker; you cannot build an impenetrable barrier
against the guy that can do whatever he wants with the physical machine. You
could use, for example, encryption, so a machine admin would have to find a
way to get at the keys to decrypt the data, and this would slow him down,
but it wouldn't necessarily stop him. So, the right question to ask is not
how you can stop machine administrators from getting the data, but how can
you deter them from doing so.
Some suggestions for deterring access:
- Have an auditing policy in place - verify audit trails and investigate
suspicious activity.
- Encrypt your sensitive data
- If possible, have administrators work without physical access to the
machine and have a different person perform the physical maintenance of the
machine
Thanks
--
Laurentiu Cristofor [MSFT]
Software Development Engineer
SQL Server Engine
http://blogs.msdn.com/lcris/
This posting is provided "AS IS" with no warranties, and confers no rights.
"Leila" <Leilas@hotpop.com> wrote in message
news:eTwSvulAHHA.4024@TK2MSFTNGP04.phx.gbl...
> They are not member of sysadmin! The security threat is outside of sql
> server, the windows admins!
>
>
>
> "Uri Dimant" <urid@iscar.co.il> wrote in message
> news:OpSWIKlAHHA.4496@TK2MSFTNGP02.phx.gbl...
>
>
| |
| Greg D. Moore \(Strider\) 2006-11-07, 7:12 pm |
|
"Leila" <Leilas@hotpop.com> wrote in message
news:%23iljU%23kAHHA
.1196@TK2MSFTNGP03.phx.gbl...
>I don't agree! When a person becomes admin, only his skills are proved to
>the boss, not other things. Why should we trust him when there are
>sensitive data?
Because you gave him the job. Quite honestly if the only criteria you set
is skill then I would argue that's a mistake.
> Why is it advised to remove built-in administrators account from sql
> server logins? Why you can set a password for backup set? These prove that
> you cannot trust to all admins!
>
>
> "Greg D. Moore (Strider)" < mooregr_deleteth1s@g
reenms.com> wrote in
> message
> news:ONHpg0gAHHA.996@TK2MSFTNGP02.phx.gbl...
>
>
>
| |
| Arnie Rowland 2006-11-08, 7:12 pm |
| Why is a person becoming a network administrator in a system that has
'sensitive' data without a criminal background check?
Why is it that the network admins are not trusted?
ANYONE that has physical access to the SQL Server and/or backups CAN
eventually 'hack' the databases -UNLESS very stringent and expensive*
security is put into place.
*expensive -Most often requires a SQL Server Security specialist to come in
and help. May require changes to current applications and programming
procedures.
--
Arnie Rowland, Ph.D.
Westwood Consulting, Inc
Most good judgment comes from experience.
Most experience comes from bad judgment.
- Anonymous
You can't help someone get up a hill without getting a little closer to the
top yourself.
- H. Norman Schwarzkopf
"Leila" <Leilas@hotpop.com> wrote in message
news:%23iljU%23kAHHA
.1196@TK2MSFTNGP03.phx.gbl...
>I don't agree! When a person becomes admin, only his skills are proved to
>the boss, not other things. Why should we trust him when there are
>sensitive data? Why is it advised to remove built-in administrators account
>from sql server logins? Why you can set a password for backup set? These
>prove that you cannot trust to all admins!
>
>
> "Greg D. Moore (Strider)" < mooregr_deleteth1s@g
reenms.com> wrote in
> message
> news:ONHpg0gAHHA.996@TK2MSFTNGP02.phx.gbl...
>
>
>
| |
| Edgardo Valdez, MCTS, MCITP, MCSD, MCDBA 2006-11-10, 7:14 pm |
| I am not aware of any password protection backup native in SQL Server yet.
May be, it would be something to submit to sqlwish@microsoft.com?
Although, if the concern is about protecting the contents of the database,
you may consider encryption, which it will require some extra steps (create
symmetric/asymmetric keys, etc.)
You can read about it at
http://www.microsoft.com/technet/it.../sqldatsec.mspx "Improving
Data Security by Using SQL Server 2005, a Technical White Paper"
"Leila" wrote:
> I don't agree! When a person becomes admin, only his skills are proved to
> the boss, not other things. Why should we trust him when there are sensitive
> data? Why is it advised to remove built-in administrators account from sql
> server logins? Why you can set a password for backup set? These prove that
> you cannot trust to all admins!
>
>
> "Greg D. Moore (Strider)" < mooregr_deleteth1s@g
reenms.com> wrote in message
> news:ONHpg0gAHHA.996@TK2MSFTNGP02.phx.gbl...
>
>
>
>
|
|
|
|
|