Click here to get back home

Security Configuration Advice
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Security Configuration Advice DavidW 12-20-2005
Posted by DavidW on December 20, 2005, 3:00 am
Please log in for more thread options
 We have an application that stores sensitive information in a SQL Server 2000
database. Windows authentication is used for access to the application and
database. We are concerned that staff with network admin rights will be able
to access the application and are looking for security configurations that
will prevent such access. We have also implemented AD on our servers.

Posted by Roger Abell [MVP] on December 20, 2005, 9:03 am
Please log in for more thread options
 First, note that "network admin"s do not need to be SQL admins,
and in most cases should not be.
Without SQL "sa", then the accounts will only have access in SQL
as is configured within SQL for the database.
The application should be encrypting (with seeding) the fields in its
table(s) that contain sensitive information.
The data should be traveling with encryption as can be configured
in the SQL client and server networking.
If the application allows for configuring access control (as to what
accounts may use the application) then that control should be used
effectively. Whether the application accesses data as the user or by
use of an application role will control the extent of exposure posed
by the application itself depending on how it does or does not control
access. Nevertheless you could exert some (imperfect against network
admins) control over access to the application executable in normal
NTFS manner.

> We have an application that stores sensitive information in a SQL Server
> 2000
> database. Windows authentication is used for access to the application and
> database. We are concerned that staff with network admin rights will be
> able
> to access the application and are looking for security configurations that
> will prevent such access. We have also implemented AD on our servers.



Posted by DavidW on December 21, 2005, 2:55 am
Please log in for more thread options
Hi Roger,

Would it be possible for the network admins to reset a user's password and
then access the application as them? Is there any way of catering for this
type of circumstance?

Thanks
David

"Roger Abell [MVP]" wrote:

> First, note that "network admin"s do not need to be SQL admins,
> and in most cases should not be.
> Without SQL "sa", then the accounts will only have access in SQL
> as is configured within SQL for the database.
> The application should be encrypting (with seeding) the fields in its
> table(s) that contain sensitive information.
> The data should be traveling with encryption as can be configured
> in the SQL client and server networking.
> If the application allows for configuring access control (as to what
> accounts may use the application) then that control should be used
> effectively. Whether the application accesses data as the user or by
> use of an application role will control the extent of exposure posed
> by the application itself depending on how it does or does not control
> access. Nevertheless you could exert some (imperfect against network
> admins) control over access to the application executable in normal
> NTFS manner.
>
> > We have an application that stores sensitive information in a SQL Server
> > 2000
> > database. Windows authentication is used for access to the application and
> > database. We are concerned that staff with network admin rights will be
> > able
> > to access the application and are looking for security configurations that
> > will prevent such access. We have also implemented AD on our servers.
>
>
>

Posted by Roger Abell [MVP] on December 21, 2005, 2:12 pm
Please log in for more thread options
Sure that is possible.

The main strategy used is to only hire trustworthy people
for positions enabled for sensitive access.

A second approach is to audit account management actions.
This second is more for show than real. You must policy the
logged information for one thing.

The bottom line however is that an admin will be able to get
access to anything given determination. An admin would not
even need to change the password on an account, as you have
suggested, in order to get a process running as that account.
It would just take a somewhat more skilled admin, and it would
not leave such a highly visible audit trail.

--
Roger Abell
Microsoft MVP (Windows Server : Security)

> Hi Roger,
>
> Would it be possible for the network admins to reset a user's password and
> then access the application as them? Is there any way of catering for this
> type of circumstance?
>
> Thanks
> David
>
> "Roger Abell [MVP]" wrote:
>
>> First, note that "network admin"s do not need to be SQL admins,
>> and in most cases should not be.
>> Without SQL "sa", then the accounts will only have access in SQL
>> as is configured within SQL for the database.
>> The application should be encrypting (with seeding) the fields in its
>> table(s) that contain sensitive information.
>> The data should be traveling with encryption as can be configured
>> in the SQL client and server networking.
>> If the application allows for configuring access control (as to what
>> accounts may use the application) then that control should be used
>> effectively. Whether the application accesses data as the user or by
>> use of an application role will control the extent of exposure posed
>> by the application itself depending on how it does or does not control
>> access. Nevertheless you could exert some (imperfect against network
>> admins) control over access to the application executable in normal
>> NTFS manner.
>>
>> > We have an application that stores sensitive information in a SQL
>> > Server
>> > 2000
>> > database. Windows authentication is used for access to the application
>> > and
>> > database. We are concerned that staff with network admin rights will be
>> > able
>> > to access the application and are looking for security configurations
>> > that
>> > will prevent such access. We have also implemented AD on our servers.
>>
>>
>>



Similar ThreadsPosted
Need advice: Security GPO for member servers April 19, 2006, 1:36 pm
Need advice: Security policies for member servers April 19, 2006, 2:46 pm
Security configuration template March 21, 2006, 3:51 pm
Security Configuration Wizard: 2nd try August 2, 2006, 9:44 am
Security Configuration Wizard (SCW) March 1, 2007, 2:35 pm
Re: How to install security configuration wizard December 30, 2005, 2:24 pm
Security Configuration Wizard question December 12, 2007, 8:59 pm
Security Configuration Wizard: Catastrophic Failure October 7, 2005, 8:30 am
Internet Explorer Enhanced Security Configuration April 7, 2006, 10:00 am
confusion about W2003 SP1 security configuration wizard July 28, 2006, 9:07 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap