There was a post recently where someone was asking about securing log shipping to comply with HIPAA requirements. It struck me at first that really log shipping isn’t a SQL Server operation, it’s a Windows operation. The ongoing process of log shipping is:
Of these, they break down in terms of security and possible issues in this way.
The only real places to provide security are from Windows, where you need to do the following:
This means to me that this is primarily a Windows issue, and that the DBA needs to work with the Windows admin to implement an IPSec policy or setup a secure tunnel. Here’s one link I found, but not being a strong Windows admin, I’m not sure if it’s the best one. The idea would be that you would want to secure the network traffic to prevent a third party from copying the log backup somehow.
Is it a big deal? I’m not sure about that. I think this is an item that auditors might be concerned about more than it is a security risk. After all, even if a hacker acquired an old full backup and a log backup, they wouldn’t necessarily be able to restore the log backup since the LSNs would be out of order. And while a log backup might contain sensitive information, an attacker couldn’t guarantee that any particular log backup would have sensitive information. Only if that information were edited would it be included in a log backup.
The big security downside is that whatever channel or method you use here would likely be the same one used for initialize things and include a full backup somewhere. So it’s a good idea to provide tight security, and not just set up shares that Everyone can access.