Post reply

Preventing Rogue User Accessing Data

  • August 16, 2012 at 5:41 am

    #260771

    Hi Folks.

    I am looking to implement something that will prevent a rogue user getting access to a SQL Login account, and try to steal lots of data.

    I am wondering if there are some measures that can be put in place to do this.

    My initial thoughts are to use Resource Governor, to stop queries running over a certain time frame.

    To prevent 'SELECT *' statements from running under certain conditions, not sure how this would be implemented.

    To Lock down all accounts access as much as possible, particularilly accounts in the dbreader/dbowner role that dont need to be.

    To ensure that all stored procedures, only do what they need to do, and no more.

    Obviously all accounts need some level of access to return data to applications, I am really looking for something that will see some different activity to normal and throw a warning alert.

    Any body worked on anything like this?

    Thanks for any help in advance. 🙂

  • August 16, 2012 at 9:55 am

    #1526693

    I won't say incorrect because your situation may truly be unique, but personally I think you're approaching this from a very difficult angle, i.e. trying to contort the database server configuration to account for all the what-ifs, all from the server-side, when you really should be focused on the what-is in your environment.

    Why are trying to approach it from this angle? Are you using Kerberos Authentication in all possible places? Do you have unsecured config files in your environment with plain-text login names and passwords? Do the logins in those config files have too many permissions? Are you trying to account for a specific or an unknown set of potentially malicious users? Do you have lackluster network security to fails to prevent unauthorized workstations from accessing production database servers?

    If you follow SQL Server security best practices a lot of your concerns may be immediately resolved.

    There are no special teachers of virtue, because virtue is taught by the whole community.
    --Plato

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply