How to prevent windows administrator to attach ms sql database - sql-server

Background: [No copyright implementation]
[No copyright implementation] My company develops inventory control application for clients in the area where we don't have copyright protection by the government. The only option is to hide and protect things by ourselves. It is common for competitors here to copy other company's database and build front end on it and then start selling their own app.
The Problem
We use MS SQL server express edition and some times standard edition. We have found that any of customer can stop sql engine, copy the files from the pc where application was installed and then attach that database files into another system where they have full windows admin rights and that's it they can fully explore our database.
I am looking for
Is there any reliable solution to protect our database design being viewed by other people. Only our application may connect through the users we have created inside the db?
In past i had heard that sybase adaptive server has such functionality, windows users had no access in it and users were stored inside each db itself. there was no way to login if someone don't have password of the users stored in db itself.
Thanks
Your help will be highly appreciated.

As suggested by Sean, hosting it yourself or in a cloud service like Azure SQL DB is your best bet. Still no guarantee but makes it significantly harder to get everything but a lot easier to lockdown than alternatives. It's also a lot easier to manage and handle user requests for restricted data compared to something deployed onsite.
Outside of that, there's really no practical way to do it if deployed at the customer's site. Even if you lock down all logins and users (regardless of Windows or SQL Server logins) so no customer login has admin level privileges, you still can't prevent them from copying the database file, mounting it on a different instance where they have admin privileges or even just running it as an app to reset SA password. If they have physical access, all bets are off. It's only a matter of knowledge and time.
You can make it harder by encrypting the entire database and only your app holds the key. Users then have to either break the encryption algorithm (hard if done right) or your application that holds the key (easier but still not trivial). Both are expensive to do correctly and they really just delay, not prevent access. You will also introduce other problems like key management and rotation which, if not done right can result in customers losing access to their data.
You could leave a cookie trail (e.g. functions and tables that are active,look like they're part of the app and are tightly coupled to useful parts of the app but actually aren't related to the application's core functionality). That makes it easier to prosecute later but if the country has no laws protecting intellectual property, this will only be useful if the software is re-used or resold in a country that has such laws.

Related

Add a security layer to our SQL Servers (currently accesible from remote sql management studio)

We have a big system running with thousands of users (some from android apps, other from the web app, etc.).
The system is distributed, with databases in two locations (within the same country). In one location there are 5 servers in the same network, and each one has a copy of the database (via replication).
Among the software developers, a few have direct access to the production databases. Sometimes due to technical support requested by users to modify some operations not possible from the system itself, the developers/support team have to access the database directly and modify some records.
We know this is not the ideal manner of working. But it's been like this since years.
Recently we have found a few problems. One day one person updated hundreds of records from a table by mistake.
Since then we are analyzing how to improve this access.
We are looking for some way of improving the security. We would like to have a two-phase authentication system in place. Something that asks the user for two passwords when accessing from Sql Server Management Studio...
Is that possible? Or is there any other approach we can use to improve the security but still allow devs/support team to access the production database when necessary?
Users also (currenty) have access via remote desktop to all servers.
At least we would like to KNOW when this access is being done.
Make access to PROD read only for those users. Allow them to write their scripts and then submit them for review at a minimum and testing if possible like any other deployable. Then follow standard deployment processes with someone who has access.
If my other answer isn't workable and these updates are always the same kind of fixes...you could create support stored procs maybe to do the fixes and only give permission on the procs...but this is highly dependent on the commonality of fixes being made and less preferable to my other answer.
I haven't used it myself but EXECUTE AS might let you give the users read-only permission while the procs would execute under credentials with higher access.

Database synchronization

Recently my clients have asked me if they can use they’re application remotely, disconnected from the local network and the company server.
One solution is to place the database in the cloud, but a connection to the database, and the cloud and an internet connection must be always available.
There not always the case.
So my question is - Is there any database sync system, or a synchronization library so that I can work disconnected with local database and when I connect synchronize the changes I have made and receive changes others have made?
Update:
The application is under Windows (7/xp) ( for now )
It's in Delphi 2007 win32
All client need to have Read/Write access
All Clients have internet connection, but not always ON
Security is not critical, but the Sync service should encrypt the communication
When in the presence of the companies network the system should sync and use the Server Database and not the local one.
You have a host of issues with thinking about such a solution. First, there are lots of possible solutions, such as:
Using database replication within a database, to mimic every update (like a "hot" backup)
Building an application to copy the database periodically (every night)
Using a third-party tool (which is what you are asking, I think)
With replication services, the connection does not have to always be up. Changes to the database are logged when the connection is not available and then applied when they can be sent.
However, there are lots of other issues when you leave a corporate network. What about security of the data and access rights? Do you have other options, such as making it easier to access the database from within the network? Do the users need only read-access to the database or read-write access? Would both versions need to be accessed at the same time. Would there be updates to both at the same time?
You may have other options that are more secure than just moving a database to the cloud.
I believe RemObjects DataAbstract allows offline mode and synchronization by using what they call Briefcases. All your other requirements (security, encrypted connections, etc.) are also covered.
This is not a drop-in replacement, thought, and may need extensive rewrite/refactoring of your application. There are lots of upsides, thought; business rules can/should be enforced on the server (real security), scriptable business rules, multiplatform architecture, etc.
There are some products available in the Java world (SymmetricDS lgpl license) - apart from actually being a working system it is documents how it achieved synchronization. Connects to any db with jdbc support. . There is a pro version but the user guide (downloadable pdf) gives you the db schema plus rules on push pull syncing. Useful if you want to build your own.
Btw there is a data replication so tag that would help.
One possibility that is free is the Microsoft Sync Framework: http://msdn.microsoft.com/en-us/sync/bb736753.aspx
It may be possible for you to use it, but you would need to provid some more detail about your application and operating environment to be sure.
IS it possible to share a database like .mdb and work fine? i try but sometimes the file where the databse is changes from DB to DB1 i use delphi Xe4 and Google Drive .
Thank´s

Is it possible to have an Access back-end database available for multiple users on the same network?

I am developing a Visual Basic .NET application to be used by the staff of a small training centre nearby. The front-end (UI, menus, etc.) will all be in VB .NET, and there will be a back-end database for storing all of the required data, such as student records and meeting information.
What I would like to know is if it's possible to use a Microsoft Access database for this purpose, and have it accessible by all the staff in the centre (on the same network) at the same time. For example, would I be able to put the database in a shared network folder, and have a copy of the VB application on each PC that would all be able to read/edit/add to the database?
Advice would be appreciated as to how I should proceed. (Note: I would really prefer a method of doing this with MS Access as opposed to suggestions to switch to SQL, as Access was the requested platform)
Thanks in advance.
Yes it can be done and from a programming stand point it is any (much) different then using SQL Server. I think the biggest considerations you have to think about are:
How many simultaneous users do you expect to have using the application?
How secure does the application need to be? Is Access security enough?
How big do I expect the database to become in the next 1 to 5 years?
I think those are you biggest considerations when using Access as a data store and if your answers fall within the specs of Access capabilities then go for it. You can always migrate to SQL Server at a later time if you run into the limits of Access.
You did not mention the version of Access that you are using but a quick Google/Bing search should return specs for every version available.
Yes, but probably not advisable. Despite the disclaimer in your post, you should try to convince the powers to be to look at SQL Server Express instead-- it's free.
But, if Access is the database, all you need to do is have the database reside on a shared directory with full read-write capabilities for all the users. Hopefully when you say "staff of a small training centre", you mean it.
Install the VB.Net program on the client computers and setup the connection string with the path to the database.
Someone else with more recent Microsoft Access experience can probably give better hints on how to reduce the corruption factor. My own experience was to stay away from queries in Access-- have the Access database only for tables and do all of your queries with SQL statements in your client code. My corrupted databases reduced dramatically when I did that, but that was 10-15 years ago.
Back up the database religiously.
Yes, just make sure you chane the extension of your back end access db to your_database_name.be_accdb and it will start logging once the user start writing to it. But I recommend SQL sever

Off-site web server talking to on-site database for small business: is it feasible?

I am going to be putting a website up that will talk directly to a Microsoft SQL database that is hosted in a small office. I am debating between having the web server in the same office vs. hosting it with a professional hosting company. The trick is that the database must remain in the office because of internal software requirements.
Internet speeds at the office are 1.2 MB up / 5 MB down. Would it be feasible to have an off-site web server talk to the Microsoft SQL database in the office? I would restrict access to the database based on IP address. The website would not be high-traffic by any means.
Would it be feasible to have an off-site web server talk to the Microsoft SQL database in the office?
It's impossible to tell without seeing the site, but probably not, at least not on a permanent basis. Performance would most likely be horrible, and by tying the web site to the shop server, you will be making the availability of the web site depend on the availability of the shop's DSL connection. A power outage in the store would take down the web site, and the store owner's son downloading a pirated movie would slow down your app's order processing. :)
You probably should either do frequent data exports (instead of a permanent connection) from the store database to the online one, or have the database run remotely after all - it might be possible to work around the "database must be local" requirement using a VPN or something.
Speaking of database, I think that it is not a good idea to expose it online at all, since it seems to me from the requirements to keep the DB in office, that you are using it heavily for on-going work, aside from using it to display data on the (future) web-site. If someone hacks through into this database, it will not only harm your website, but also any other projects that depend on this DB.
Instead, you should have website use a replicated server, but never the master you are working on. I know it's overkill for you at the moment, but still, the gains in security IMHO by far outweigh a little bit of additional hassle.
Regarding the hosting issue - You should outsource the hosting, because there is less sys admin work for you - remember that if you are going to host your www site yourself, it means a 24/7 worry about availability etc.
Also, be careful with restricting the DB access by means of IP restriction only, as IPs can be spoofed. Make sure that other security measures are enforced as well.

How to protect a database from the Server Administrator in Sql Server

We have a requirement from a client to protect the database our application uses, even from their local administrators (Auditors just gave them that requirement).
In their requirement, protecting the data means that the Sql Server admin cannot read, nor modify sensitive data stored in tables.
We could do that with Encryption in Sql Server 2005, but that would interfere with our third party ORM, and it has other cons, like indexing, etc.
In Sql Server 2008 we could use TDE, but I understand that this solution doesn't protect against a user with Sql Server admin rights to query the database.
Is there any best practice or known solution to this problem?
This problem could be similar to the one of having an application hosted by a host provider, and you want to protect the data from the host admins.
We can use Sql Server 2005 or 2008.
This has been asked a lot in the last few weeks. The answers usually boil down to:
(
a) If you don't control the application you are doomed to trust the DBA
or
b) If you do control the application you can encrypt everything with a key only known to the application, and decrypt on the way out. It'll hurt performance a bit (or a lot) though, that's why TDE exists. A variant of this to prevent tampering is to use a cryptographic hash of the values in the column, checking them upon application access.
)
and
c) Do extensive auditing, so you can control what are your admins doing.
I might have salary information in my tables, and I don't want my trusted dba's to see.
Faced with the same problem we have narrowed are options to:
1- Encrypt outside SQLServer, before inserts and updates and decrypt after selects. ie: Using .net encryption.
Downside: You loose some indexing and searching capabilities, cannot use like and betweens.
2- Use third party tools (at io level) that block crud to the database unless a password is provided. ie: www.Blockkk.com
Downside: You will need to trust a third party tool installed in your server. It might not keep up with SQL Server patches, etc...
3- Use an Auditing Solution that will keep track of selects, inserts, deletes, etc... And will notify (by email or event log)if violations occurred. A sample violation could be a dba running a select on your Salaries table. then fire the dba and change everyone salaries.
Auditors always ask for this, like they ask for other things that can never be done.
What you need to do is put it into risk-mitigation terms and show what controls you do have (tracking when users are elevated to administrators, what they did and that they were de-elevated afterwards) instead of in absolutes.
I once had a boss ask for total system redundancy without defining what he meant or how much he was willing to pay and sacrifice.
I think the right solution would be to only allow trusted people be DBA's.
It is implicit in being DBA, that you have full access, so in my opinion, your auditor should demand that you have procedures for restricting who has DBA access.
That way you work with the system through processes in stead of working aginst the system (ie. sql server).
To have person you don't trust be DBA would be nuts...
If you don't want any people in the admin group on the server to be able to access the database, then remove the "BUILTIN\Administrators" user on the server.
However, make sure you have another user that is a sysadmin on the server!
another way i heard that a company has implemented but i haven't seen it is:
there's a government body which issues kind of timestamped certificate.
each db change is sent to async queue and is timestamped with this certificate and is stored off site. this way noone can delete anything without breaking the timestamp chain.
i don't know how exactly this works on a deeper level.

Resources