I've just discovered a computer serving sensitive data from MS SQL Server that appears to have virtually no security protection. I would like to protect this box as quickly as possible.
My problem is that I'm a Linux admin with no experience of Microsoft databases helping out in an remote office with no IT staff. (Also the installation is in Spanish so please forgive me if I'm mangling any names).
So I found a program called SQL Server Enterprise Manager (There's no version number in the 'about' dialog, but the copyright in the help files says '1988-2000') which lets me read all the data, create accounts and change passwords of any existing accounts. It doesn't ask me for a password.
How can I close this gaping hole in security?
Does this situation suggest the existence of other vulnerabilities that I should check for?
Best Answer
You may be passing windows authentication to the server - and if you are a domain admin/computer admin you'll be able to get into any 2000 install and most 2005 installs.
After you figure out how you are connecting, you should do a security audit, first checking the server security roles, to see who is listed as sysadmin. This should be under the security node under the database instance, not under individual databases - I'm referring to the tree structure hierarchy in EM.
Then you can delve into databases if needed to lock permissions down and make things secure and stable. You may also want to change the sa password, which is a 'backdoor' SQL login for you to get in when you are locked out.
http://technet.microsoft.com/en-us/library/cc966456.aspx
I'd also try running the best practices analyzer.
http://www.microsoft.com/downloads/details.aspx?familyid=b352eb1f-d3ca-44ee-893e-9e07339c1f22&displaylang=en