Hi,
I want to prevent others from attaching my database, is it possible? Imagine
that the administrator at customer's office stops SQL Server Service and
copies our DB. How can I protect it?
Any help is appreciated.
Leila
Leila
Remove them from sysadmin server role . If they aren't remove them from
dbcreator server role
"Leila" <Leilas@.hotpop.com> wrote in message
news:OB355eaAHHA.4592@.TK2MSFTNGP03.phx.gbl...
> Hi,
> I want to prevent others from attaching my database, is it possible?
> Imagine
> that the administrator at customer's office stops SQL Server Service and
> copies our DB. How can I protect it?
> Any help is appreciated.
> Leila
>
>
|||I do not think you can prevent them from doing that if they have full
control to their OWN computer ( and the SQL Server on that computer ).
"Leila" <Leilas@.hotpop.com> wrote in message
news:OB355eaAHHA.4592@.TK2MSFTNGP03.phx.gbl...
> Hi,
> I want to prevent others from attaching my database, is it possible?
> Imagine
> that the administrator at customer's office stops SQL Server Service and
> copies our DB. How can I protect it?
> Any help is appreciated.
> Leila
>
>
|||That won't work because admin of windows can stop sql server and copy mdf
and ldf files(even if he doesn't have any login in sql server)
"Uri Dimant" <urid@.iscar.co.il> wrote in message
news:OcVtQjaAHHA.3560@.TK2MSFTNGP03.phx.gbl...
> Leila
> Remove them from sysadmin server role . If they aren't remove them from
> dbcreator server role
>
> "Leila" <Leilas@.hotpop.com> wrote in message
> news:OB355eaAHHA.4592@.TK2MSFTNGP03.phx.gbl...
>
|||"Leila" <Leilas@.hotpop.com> wrote in message
news:OC9nkAdAHHA.1556@.TK2MSFTNGP03.phx.gbl...
> That won't work because admin of windows can stop sql server and copy mdf
> and ldf files(even if he doesn't have any login in sql server)
Quite honestly, at this point if you can't trust them, you've got other
issues.
>
> "Uri Dimant" <urid@.iscar.co.il> wrote in message
> news:OcVtQjaAHHA.3560@.TK2MSFTNGP03.phx.gbl...
>
|||Correct...you really can't. What are you trying to protect
though? If it's an intellectual property type of thing and
these are your customers, licensing/legal agreements is
probably what you'd want to focus on.
-Sue
On Mon, 6 Nov 2006 21:49:26 +0330, "Leila"
<Leilas@.hotpop.com> wrote:
>That won't work because admin of windows can stop sql server and copy mdf
>and ldf files(even if he doesn't have any login in sql server)
>
>"Uri Dimant" <urid@.iscar.co.il> wrote in message
>news:OcVtQjaAHHA.3560@.TK2MSFTNGP03.phx.gbl...
>
|||Leila
How many admins do you have at your shop? There are server fixed roles that
you add those people , not all of them should be members of sysadmin server
role
http://vyaskn.tripod.com/sql_server_security_best_practices.htm --security
best practices
"Leila" <Leilas@.hotpop.com> wrote in message
news:%23iljU%23kAHHA.1196@.TK2MSFTNGP03.phx.gbl...
>I don't agree! When a person becomes admin, only his skills are proved to
>the boss, not other things. Why should we trust him when there are
>sensitive data? Why is it advised to remove built-in administrators account
>from sql server logins? Why you can set a password for backup set? These
>prove that you cannot trust to all admins!
>
> "Greg D. Moore (Strider)" <mooregr_deleteth1s@.greenms.com> wrote in
> message
> news:ONHpg0gAHHA.996@.TK2MSFTNGP02.phx.gbl...
>
>
|||They are not member of sysadmin! The security threat is outside of sql
server, the windows admins!
"Uri Dimant" <urid@.iscar.co.il> wrote in message
news:OpSWIKlAHHA.4496@.TK2MSFTNGP02.phx.gbl...
> Leila
> How many admins do you have at your shop? There are server fixed roles
> that you add those people , not all of them should be members of sysadmin
> server role
> ttp://vyaskn.tripod.com/sql_server_security_best_practices.htm --security
> best practices
>
> "Leila" <Leilas@.hotpop.com> wrote in message
> news:%23iljU%23kAHHA.1196@.TK2MSFTNGP03.phx.gbl...
>
|||The machine admins can always get access to your data, especially if they
also have physical access to the machine. They can debug the process, they
can dump the memory, they can install key loggers, they can patch the
server, and so on. The only way to really protect your data against them is
to not give it to them in clear. Encrypt it before you pass it to the server
and decrypt it after you get it back. However, this is probably not
something that you can afford to do. So, you'll have to rely instead on
auditing, so if an admin does something bad, you can at least collect some
proof of what they did and use it to get legal compensation for the damages
caused by the data theft. You can also use other measures, to make getting
at the data harder, but you have to keep in mind that all these measures
would only slow down an attacker; you cannot build an impenetrable barrier
against the guy that can do whatever he wants with the physical machine. You
could use, for example, encryption, so a machine admin would have to find a
way to get at the keys to decrypt the data, and this would slow him down,
but it wouldn't necessarily stop him. So, the right question to ask is not
how you can stop machine administrators from getting the data, but how can
you deter them from doing so.
Some suggestions for deterring access:
- Have an auditing policy in place - verify audit trails and investigate
suspicious activity.
- Encrypt your sensitive data
- If possible, have administrators work without physical access to the
machine and have a different person perform the physical maintenance of the
machine
Thanks
Laurentiu Cristofor [MSFT]
Software Development Engineer
SQL Server Engine
http://blogs.msdn.com/lcris/
This posting is provided "AS IS" with no warranties, and confers no rights.
"Leila" <Leilas@.hotpop.com> wrote in message
news:eTwSvulAHHA.4024@.TK2MSFTNGP04.phx.gbl...
> They are not member of sysadmin! The security threat is outside of sql
> server, the windows admins!
>
> "Uri Dimant" <urid@.iscar.co.il> wrote in message
> news:OpSWIKlAHHA.4496@.TK2MSFTNGP02.phx.gbl...
>
|||"Leila" <Leilas@.hotpop.com> wrote in message
news:%23iljU%23kAHHA.1196@.TK2MSFTNGP03.phx.gbl...
>I don't agree! When a person becomes admin, only his skills are proved to
>the boss, not other things. Why should we trust him when there are
>sensitive data?
Because you gave him the job. Quite honestly if the only criteria you set
is skill then I would argue that's a mistake.
> Why is it advised to remove built-in administrators account from sql
> server logins? Why you can set a password for backup set? These prove that
> you cannot trust to all admins!
>
> "Greg D. Moore (Strider)" <mooregr_deleteth1s@.greenms.com> wrote in
> message
> news:ONHpg0gAHHA.996@.TK2MSFTNGP02.phx.gbl...
>
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment