Don’t jump the gun before you read.
First let’s discuss security at the personal level.
Many folks forget that the biggest threat is not outside their company but inside. They walk away from their desk and forgetting to 3 finger salute and lock the desktop. While they are away and depending on where they are located more people than they want could pass by and causally access the things they are responsible for or glean a bit of information.
Others receive emails with attachments that do bad things behind the scene but they run them anyway. Or they allow web pages to execute code without paying much attention, in this discussion it would be extremely hard to get required code executed unless the user lowers there IE security settings which in itself is not unheard of. Users have to be (especially those who are admins) more aware of holes in security and properly plan against them.
What the heck am I talking about?
It is simple DMO opens you to potential attacks you may never have considered if you have any registered servers in Enterprise Manager. There are multiple security issues that may not have ever occurred to you as a user and thus you never gave them any thought.
Yes I am being vague but let’s jump in.
Saving your password when you use a SQL Account to attach to a remote server.
Bet more folks do this than anyone would ever imagine, but hackers surely have thought about. But what does this have to do with danger, the password is encrypted in the registry so unless they know the encryption schema they will be busy for a bit. So what is the danger?
Try this and you might be surprised. Create a VBS file name getit.vbs and enter the following code.
dim App, cntServ, cntGrps Set App = CreateObject("SQLDMO.Application") For cntGrps = 1 to App.ServerGroups.Count For cntServ = 1 To App.ServerGroups(cntGrps).RegisteredServers.Count MsgBox App.ServerGroups(cntGrps).Name & " - " & App.ServerGroups(cntGrps).RegisteredServers(cntServ).Name & " - " & App.ServerGroups(cntGrps).RegisteredServers(cntServ).Login & " - " & App.ServerGroups(cntGrps).RegisteredServers(cntServ).Password Next Next Set App = nothing
Recognize anything that popped up?
Maybe now you see the potential for mischief considering not only can they get your saved password quickly many folks tend to use the same password for many things. Especially when the user account is the same.
Using NT Authentication to attach to a remote server.
Ok, so you can get to the stored password via DMO, so what if use a Trusted Login. Just add the following to the above code after “App.ServerGroups( cntGrps).RegisteredServers(cntServ).Password“.
& " - " & App.ServerGroups(cntGrps).RegisteredServers(cntServ).UseTrustedConnection
So it would be easy for an attacker to determine you are using a trusted authentication to take advantage of an alternate choice of attack. Even then though, if the code found no saved password the next best thing would be to try a trusted login. This is less of an issue other than it opens the one door.
So, what concern should you have?
Not that you need to run out and yell the sky is falling or anything but consider these things. If a hacker gets a user's password what are the odds that password is works on most everything else, pretty high from my experience. If nothing more hackers has another potential method of attack on external machines that VPN into their companies or clients and cause a lot of havoc.
First off I hope I didn’t scare anyone, but just made you aware of a potential security risk of which you may not be aware. A user who saves any password is as scary as the ones who write them on sticky note nearby. The last line of defense is always the user and they need to be schooled properly when using certain tools to avoid creating potential security hotspots for themselves.
You may ask what to do to keep safety up. Personally, I would avoid installing EM on any machine that does not absolutely need it and even then use a SQL Password with prompt for password set so it is not saved. If users of any level dial in from external and they use EM (including managers), do not allow trusted connections, and again have prompt for password set so as not to have saved.
The fewer clues you make available the better. So remember to always remove the key out of the lock when you leave.