back door entry to sql Server ! is this a loop hole to SQL Server security

One of my friend asked me a question that can we restrict Local Admins to gain Control of SQL Server. His is more concerned about the back door entry to SQL where a member of the local administrators group on the server can gain access to SQL Server by restarting it in single-user mode and then add himself as a login and add the login to the sysadmin group.

Well I doubt this can be restricted and I believe the answer is “NO”.  Admins can do anything within your SQL Server, however if the threat is that the Admin itself can be involved in data theft then there are other ways to restrict like Encryption in SQL Server or Vormetric Data Security. 

We can’t deny the fact that there are several ways by which a local or domain admin can take control of SQL Server. All a local or domain admin has to do is login as the SQL Server service account and they will be able to connect to the instance.  If they don’t know the password to that account, all a domain admin has to do is change the password for the account, launch SQL Server Configuration Manager, change the password there, then login with the service account, and connect to the instance (they don’t even have to shut the instance down following the service account change). 

If the local admin doesn’t have domain admin authority, they can still accomplish the same thing by creating a local account on the machine and going from there.  Or, they can simply change the service account for the SQL Server to be their own Windows account.

The only way you could possibly accomplish this is to create a login trigger that disconnects anyone coming in who is a sysadmin and isn’t in a list that you control within the SQL Server instance.  However this can still be bypassed this by starting the instance in single user mode or by using a trace flag. 

My take is that rather then looking it as a loophole we should consider it as a feature; in case if somebody messes with your SQL Server and delete all logins from inside; the Admins can still logins and fix the issue and take the control back. Coming back to security aspects there are several features available to stop the data theft like encryption features inside SQL Servers and  Vormetric Data Security at file level.

https://www.thalesesecurity.com/solutions/use-case/data-security-and-encryption/database-security/mssql-encryption

I had been into a situation where database sever was hacked by a hacker well known hacker “Hmei7” and the hacker inserted the java scripts inside the columns of several tables and then disabled the logins, hence you must need a back door entry to gain control of your SQL Server.

It’s the responsibility of the organization to assess their security and restrict the admin access to handful of people who are only authorized, and as a best practice quarterly review the access management policy.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s