SQL Server Performance Forum – Threads Archive

How to make your database secure

Data security experts are raising the alarm: viruses are getting increasingly more specialized and have lately attacked SQL Server installations that did not install the latest Microsoft security patches. http://www.scmagazine.com/features/…&newsUID=f2ed4cb2-071d-4ae6-8f42-681ca3be41e0

Is it possible to restrict the EM or QA to be password protected so that they will be opened only if password is given? (I am not familiar in DB security issues [<img src=’/community/emoticons/emotion-1.gif’ alt=’

‘ />]) Madhivanan Failing to plan is Planning to fail

When you are registering SQL Server, there is an option saying that always prompt for login name and password

Thats cool If that is not checked at the time of installation, how do I implement that in query?
Madhivanan Failing to plan is Planning to fail

The setting doesn’t affect queries. The setting is one for Enterprise Manager only: if the option is not activated then it depends on whether the server allows the current Windows login to access SQL Server and/or any of the databases. If the option is activated, EM opens only after you enter a valid login, even if you are using a Windows login that is a member of sysadmin. EDIT:
The login/password dialog box comes up when you access an instance of SQL Server within the EM program, not necessarily immediately when you open EM.

Well
Isnt it possible to make it prompting?
If possible I want to do this by query
Madhivanan Failing to plan is Planning to fail

Not possible I think, as you configure this setting for that server and until unless it is accessed the login/password dialog prompt will not be invoked. Satya SKJ
Moderator
http://www.SQL-Server-Performance.Com/forum
This posting is provided â€œAS ISâ€ with no rights for the sake of knowledge sharing.

If you allow Windows authentication at the database level, then the client app can be set up to use a "trusted connection" or require a password. So it would be easy to connect without entering the password, as long as the user is already logged on to Windows, and provided that the client app facilitates it. If you allow only SQL Server logins at the database level, and the client app forces the user to login to SQL Server, then the password must be entered at all times. In both cases you have to know if perhaps you have a client app using ODBC-linked tables with no forced relinking, in which case the connection is wide open once the client app is up and running.

Hi, though i am not expert but in my opinion : <blockquote id="quote">quote:<hr height="1" noshade id="quote">Originally posted by Madhivanan Is it possible to restrict the EM or QA to be password protected so that they will be opened only if password is given? (I am not familiar in DB security issues [<img src=’/community/emoticons/emotion-1.gif’ alt=’

‘ />]) Madhivanan Failing to plan is Planning to fail <hr height="1" noshade id="quote"></blockquote id="quote"> Its not their in MS OS / SQL Bineries but you can set NTFS permission, however you can have third party tool FILE / FOLDER PROTECTION with PASSWORD : http://www.password-protect-software.com/</a> http://www.winability.com/folderguard/</a> to name a few … and option for setting open with password / prompt for password affect only EM and not QA …. besides this we need to change / take care for the port (default is 1433) we use need to change to odd one, disable netbios over tcp/ip and no access without explicit permission to be set in local sercurity policy Regards hsGoswami [email protected] "Humans don’t have Caliber to PASS TIME , Time it self Pass or Fail Humans" – by Hemant Goswami

As the topic turns out to be a question/answer type, moving to General DBA section. Satya SKJ
Moderator
http://www.SQL-Server-Performance.Com/forum
This posting is provided â€œAS ISâ€ with no rights for the sake of knowledge sharing.

Seems to me you are all approaching the problem from the wrong angle. Opening EM or QA is not a vulnerability. The fact that you’ve chosen to register SQL Login details certainly is.
From TFA;
# A hacker starts an attack on physical database files in order to see or alter information; he can physically access the system even though he has no authorization. This occurs in the case of mobile client systems, for example. This is a physical security problem. # A data thief pretends to be an authorized user of a system, a database or an application. For this purpose there is software for the generation and automatic use of password lists. Often a simple phone call from the "user service" suffices, with a direct request for password and caller ID. This is a cultural problem # An attacker uses an existing database connection via a network, which has been set up by an authorized user (hijacking). A sniffer intercepts uncoded information while it is being transmitted via a network. This is a technical problem and can be resolved through using windows authentication, or ,if you have to use SQL logins, IPSEC or some protocol based encryption such as SSH or SSL. Once you have sorted out your authentication and authorisation mechanisms properly the rest is down to granting only the access people actually need to do their job – the principle of least privilege. This means that if you do tell someone your username and password, the damage they can do is limited. In short, don’t use ‘sa’ or any SQL logins if you can help it, and grant security access from none upwards, not sysadmin downwards.
If you want to restrict the application used, you can either abstract the connection through a web or application server and use a firewall, implement application roles so that users are granted login, but not directly granted database access, and use policy to prevent the installation and running of SQL tools.

Hi mullhall, <blockquote id="quote">quote:<hr height="1" noshade id="quote">Originally posted by mulhall Seems to me you are all approaching the problem from the wrong angle. Opening EM or QA is not a vulnerability. <hr height="1" noshade id="quote"></blockquote id="quote"> we are not interpret it as vulnerable , but discussing it as if their’s such option of setting QA / EM password protected , however information given by you is very usefull <blockquote id="quote">quote:<hr height="1" noshade id="quote"> # An attacker uses an existing database connection via a network, which has been set up by an authorized user (hijacking). A sniffer intercepts uncoded information while it is being transmitted via a network. This is a technical problem and can be resolved through using windows authentication, or ,if you have to use SQL logins, IPSEC or some protocol based encryption such as SSH or SSL. Once you have sorted out your authentication and authorisation mechanisms properly the rest is down to granting only the access people actually need to do their job – the principle of least privilege. This means that if you do tell someone your username and password, the damage they can do is limited. <hr height="1" noshade id="quote"></blockquote id="quote"> But what if we used SSL and MCHAP , IPSEC,secure dns zone and etc. !? if we use some stron mechanism of cryptogrphy or using 1024 bit algorithm then how much possibility to crack in to !?!!! i think tooo many years [?] <blockquote id="quote">quote:<hr height="1" noshade id="quote"> If you want to restrict the application used, you can either abstract the connection through a web or application server and use a firewall, implement application roles so that users are granted login, but not directly granted database access, and use policy to prevent the installation and running of SQL tools. <hr height="1" noshade id="quote"></blockquote id="quote"> and this is very nice idea not to install all client tool and only use CLIENT CONNECTIVITY (we do all this practice) but what if some tweak with "default / hidden share" (off course we can remove it but their are many options / methods with default share can be re generate ) ?!!! any idea how to prevent to intrude this ! point if i am wrong ! [<img src=’/community/emoticons/emotion-2.gif’ alt=’

‘ />] Regards hsGoswami [email protected] "Humans don’t have Caliber to PASS TIME , Time it self Pass or Fail Humans" – by Hemant Goswami

quote:Originally posted by ghemant Hi mullhall, we are not interpret it as vulnerable , but discussing it as if their’s such option of setting QA / EM password protected , however information given by you is very usefull

The problem is that it would engender a false sense of security. The fact they can’t use EM or QA is neither here nor there as another application could be used – you forgot osql, for example.

quote:Originally posted by ghemant
But what if we used SSL and MCHAP , IPSEC,secure dns zone and etc. !? if we use some stron mechanism of cryptogrphy or using 1024 bit algorithm then how much possibility to crack in to !?!!! i think tooo many years [?]

Absolutely, as I said implementing these technologies will help. Note that you are still vulnerable to man in the middle attacks if you use SSL.

quote:Originally posted by ghemant
and this is very nice idea not to install all client tool and only use CLIENT CONNECTIVITY (we do all this practice) but what if some tweak with "default / hidden share" (off course we can remove it but their are many options / methods with default share can be re generate ) ?!!! any idea how to prevent to intrude this ! point if i am wrong !

Sorry not sure what you mean here.

HI,
as you say still man in the middle attacks possible yes possible but if we use private-public key to transfer data then is it possible ! and i was asking about the hidden share ,using hidden share / administration share one can play around with the system and how to prevent this to happen ! hsGoswami
[email protected]
"Humans don’t have Caliber to PASS TIME , Time it self Pass or Fail Humans" – by Hemant Goswami

quote:Originally posted by ghemant HI,
as you say still man in the middle attacks possible yes possible but if we use private-public key to transfer data then is it possible !

Yes, but this is not always possible depending on the topology of the application. The right tool for the right job and all that…

quote:Originally posted by ghemant
and i was asking about the hidden share ,using hidden share / administration share one can play around with the system and how to prevent this to happen ! hsGoswami
[email protected]
"Humans don’t have Caliber to PASS TIME , Time it self Pass or Fail Humans" – by Hemant Goswami

Ah, you mean c$ admin$ etc. – securing them with ACLs and proper group administration should be enough in most situations but for high security they can be removed (make sure you have a custom share for replication first): HKEY_LOCAL_MACHINE System CurrentControlSet Services lanmanserver parameters Insert a value with the following details: Data Type: DWORD
Value Name: AutoShareServer (if using a Windows 2000 or Windows 2003 Server variant)
AutoShareWks (if using Windows XP or Windows 2000 Professional)
Value: 0

Hi mulhall,

quote:Originally posted by mulhall

Originally posted by ghemant
Ah, you mean c$ admin$ etc. – securing them with ACLs and proper group administration should be enough in most situations but for high security they can be removed (make sure you have a custom share for replication first): HKEY_LOCAL_MACHINE System CurrentControlSet Services lanmanserver parameters Insert a value with the following details: Data Type: DWORD
Value Name: AutoShareServer (if using a Windows 2000 or Windows 2003 Server variant)
AutoShareWks (if using Windows XP or Windows 2000 Professional)
Value: 0

i have read this before somewhere on altavista.box but theirs another methods too to tweak with registry and reactivate using passive attacking system and to compromising with it…. !!! is it so then no system is out of vulnerability ! isn’t it [?]
Hemantgiri S. Goswami
[email protected]
"Humans don’t have Caliber to PASS TIME , Time it self Pass or Fail Humans" – by Hemant Goswami

quote:Originally posted by ghemant
…but theirs another methods too to tweak with registry and reactivate using passive attacking system and to compromising with it…. !!! is it so then no system is out of vulnerability ! isn’t it [?]

Can you provide more details?

]]>