August 11, 2015 at 1:03 pm
Jeff Moden (8/11/2015)
Despicable types that are inhouse might like to cover their tracks by altering logs. External hackers might also try if they got in with good enough control to do so and they found a gold mine in the data and want to return undetected so they can continue to mine.
I'm with you, though. I wouldn't balk at a logging system that, as a DBA, I couldn't get to provided that it wasn't causing performance or resource issues.
Indeed. At one Fortune 500 I worked at. We had to help the security people get the software set up, but under their accounts. We worked with them, side by side, under their login. We didn't have rights to access the folders where logs were contained.
I even had to help them query data on their own SQL Server. No domain admins allowed on that host, and no SQL access. However the guy I worked with had to sit and wTHIS IS CLEARLY SPAM dig into their data model to help him query data. Probably less exciting for him than me.
August 11, 2015 at 1:11 pm
Steve Jones - SSC Editor (8/11/2015)
Jeff Moden (8/11/2015)
Despicable types that are inhouse might like to cover their tracks by altering logs. External hackers might also try if they got in with good enough control to do so and they found a gold mine in the data and want to return undetected so they can continue to mine.
I'm with you, though. I wouldn't balk at a logging system that, as a DBA, I couldn't get to provided that it wasn't causing performance or resource issues.
Indeed. At one Fortune 500 I worked at. We had to help the security people get the software set up, but under their accounts. We worked with them, side by side, under their login. We didn't have rights to access the folders where logs were contained.
I even had to help them query data on their own SQL Server. No domain admins allowed on that host, and no SQL access. However the guy I worked with had to sit and wTHIS IS CLEARLY SPAM dig into their data model to help him query data. Probably less exciting for him than me.
Watch your words Steve! 😀
... and wTHIS IS CLEARLY SPAM dig ...
For best practices on asking questions, please read the following article: Forum Etiquette: How to post data/code on a forum to get the best help[/url]
August 11, 2015 at 1:54 pm
Alvin Ramard (8/11/2015)
Steve Jones - SSC Editor (8/11/2015)
Jeff Moden (8/11/2015)
Despicable types that are inhouse might like to cover their tracks by altering logs. External hackers might also try if they got in with good enough control to do so and they found a gold mine in the data and want to return undetected so they can continue to mine.
I'm with you, though. I wouldn't balk at a logging system that, as a DBA, I couldn't get to provided that it wasn't causing performance or resource issues.
Indeed. At one Fortune 500 I worked at. We had to help the security people get the software set up, but under their accounts. We worked with them, side by side, under their login. We didn't have rights to access the folders where logs were contained.
I even had to help them query data on their own SQL Server. No domain admins allowed on that host, and no SQL access. However the guy I worked with had to sit and wTHIS IS CLEARLY SPAM dig into their data model to help him query data. Probably less exciting for him than me.
Watch your words Steve! 😀
... and wTHIS IS CLEARLY SPAM dig ...
Yeah, what the heck? This is a family forum!
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
August 11, 2015 at 2:32 pm
mister.magoo (8/6/2015)
You'll be in a big pile of do, because you won't even know who did it - as you want them all using the same ID.Perhaps you should just have one person who can type stuff, and anything they want to do, they just ask her?
What is this thing you put in your signature; some type of obfuscated dynamic code execution hack ???
select geometry::STGeomFromWKB(... 0003DD8CCCCCCCCCC0840000000000000003DD8CCCCCCCCCC08408014AE47E17AFC3F040000000000104000CDCCCCCCCCEC3F9C999999999913408014AE47E17AFC3F9C99999999991340000000000000003D0000000000001440000000000000003D000000000000144000000000000000400400000000001040000000000000F03F100000000000084000000000000000401000000000000840000000000000003D0103000000010000000B000000000000000000143D000... )
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
August 11, 2015 at 2:38 pm
ssk7317 (8/6/2015)
I am a Infosec guy and don't know a whole lot of details about Database. But as a part of our infosec lockdown activity, we are giving a shared ID to all DBAs and would mandate them them to use that ID only. We have a tool from where they will do this activity.The situation what I am getting in with this is, what if they add give their own Active directory ID Sysadmin privileges or create a instance level Sysadmin to bypass our process.
Please help, In very difficult situation here and nobody in my contacts seems to know an answer to this.
Thanks in Advance
For this to work as you intend, you would have to remove all windows authenticated logins from SQL Server's SYSADMIN role. Also, the security application you're forcing the DBAs to use should restrict operations that would allow them to grant themselves or others permissions.
What is the application you're talking about; a 3rd party product?
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
August 11, 2015 at 3:33 pm
Eric M Russell (8/11/2015)
mister.magoo (8/6/2015)
You'll be in a big pile of do, because you won't even know who did it - as you want them all using the same ID.Perhaps you should just have one person who can type stuff, and anything they want to do, they just ask her?
What is this thing you put in your signature; some type of obfuscated dynamic code execution hack ???
select geometry::STGeomFromWKB(... 0003DD8CCCCCCCCCC0840000000000000003DD8CCCCCCCCCC08408014AE47E17AFC3F040000000000104000CDCCCCCCCCEC3F9C999999999913408014AE47E17AFC3F9C99999999991340000000000000003D0000000000001440000000000000003D000000000000144000000000000000400400000000001040000000000000F03F100000000000084000000000000000401000000000000840000000000000003D0103000000010000000B000000000000000000143D000... )
😉
MM
select geometry::STGeomFromWKB(0x0106000000020000000103000000010000000B0000001000000000000840000000000000003DD8CCCCCCCCCC0840000000000000003DD8CCCCCCCCCC08408014AE47E17AFC3F040000000000104000CDCCCCCCCCEC3F9C999999999913408014AE47E17AFC3F9C99999999991340000000000000003D0000000000001440000000000000003D000000000000144000000000000000400400000000001040000000000000F03F100000000000084000000000000000401000000000000840000000000000003D0103000000010000000B000000000000000000143D000000000000003D009E99999999B93F000000000000003D009E99999999B93F8014AE47E17AFC3F400000000000F03F00CDCCCCCCCCEC3FA06666666666FE3F8014AE47E17AFC3FA06666666666FE3F000000000000003D1800000000000040000000000000003D18000000000000400000000000000040400000000000F03F000000000000F03F000000000000143D0000000000000040000000000000143D000000000000003D, 0);Viewing 6 posts - 31 through 35 (of 35 total)
You must be logged in to reply to this topic. Login to reply