October 10, 2007 at 4:35 am
I work in a company that has outsourced its servers to another company.
Thus any technician in that firm can read the content in our databases.
Some databases are therefore encrypted.Which is bad preformance wise.
I do would appreciate ideas or examples about how we can stop the
outsourcing company from access to our data.
We have booth sql2000 and sql 2005 in our shop.
October 10, 2007 at 5:13 am
Have you outsourced your DBA support to that company as well? If you have, then the DBAs there will need full access to the database. But you should insist that such access should only be granted to DBAs and not to every support technician in the company.
John
October 10, 2007 at 5:21 am
We have only outsorced the running of the servers including backups etc.
The productionDBA jobs, tuning etc, are still done by us.
So what do do besides "add logins to the sysadmin role that
I want to have admin access and then remove the BUILTIN\Administrators group from the sysadmin role. "?
October 10, 2007 at 6:10 am
Start with precisely that, I would say - revoke access from all of their technicians, get rid of BUILTIN\Administrators, and make sure that sa has a strong password known only to you and your colleagues.
John
October 10, 2007 at 8:23 am
And be sure to do the normal security audits, especially to check when SQL Server is stopped and started. When SQL Server is stopped, the database files are closed and can be copied off. EFS can be used to help prevent this, but at a performance hit.
K. Brian Kelley
@kbriankelley
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply