从域管理保护SQL Server数据库 [英] Securing SQL Server database from Domain Admin

问题描述

我继承了一个SQL Server框中的一系列数据库和它具有Windows验证创造/保持良好的出炉，并建立数据库。这个盒子本身有哪些要求用户以管理员身份登录，以保持多项服务。

I have inherited a SQL Server box with a series of databases and it has Windows Auth for creation/maintaining the well-baked and established databases. The box itself has many other services which require a user to login as admin to maintain.

我现在必须创建一个只有少数的公司，包括IT，将有机会获得服务器上的一个新的数据库。所以，我有种追逐上最好的地方开始我的尾巴。

I now have to create a new database on the server that only a select few in the company, including IT, will have access to. So I'm kind of chasing my tail on the best place to start.

我要继续给球员他们需要的管理员级别的访问所有其他的东西在这个框，但限制它们对SQL Server的选项，所以我可以更好地管理数据库，并固定。什么可能是放松身心的Windows身份验证方法和施舍数据库/为这些用户创造机会，同时确保他们不应该访问新数据库的最佳方式？难道我连在正确的方向从Windows验证方法偏离了？

I want to continue to give the guys the admin level access they require to all the other stuff on this box but limit them on SQL Server options so I can better manage the databases and secure them. What might be the best way to unwind the Windows Authentication method and dole out databases / create opportunities for those users while securing new databases they should not access? Am I even going in the right direction by deviating from the Windows Auth method?

推荐答案

其中一个主要的原因在服务器上创建的第二个实例是安全性。一遍又一遍通过创建你基本上是第二个实例重新启动的安全性。因此，这是可以考虑为您的新数据库的选项。 IE浏览器创建第二个实例，并把安全的数据库就可以了。

One of the primary reasons for creating a second instance on a server is security. By creating a second instance you basically re-start security over again. So this is an option you might consider for your new database. IE Creating a second instance and putting the "secure" database on it.

有几件事情你也应该考虑。

A few things you should also consider.

首先，是你应该放松您的安全尽可能并给出了任何给定用户/组所需的最低安全性。这是一个最佳实践的事情。永远不要把DBO或系统管理员权限，没有明确的理由这样做，甚至然后彻底质疑它，以确保没有解决问题的一些其他的方式。永远不要把更多的权限是绝对必需的。

First, yes you should unwind your security as possible and give out the minimum security required for any given user/group. This is a best practices thing. Never give out dbo or sysadmin permissions without an explicit reason to do so, and even then question it thoroughly to make sure that there isn't some other way around the problem. Never give out more permissions than are absolutely required.

二，这几乎是不可能保持实例是出了实例的，如果他们真的想要得到服务器的管理员联系。我只能说几乎不可能的，因为有可能是一种方式，我不知道的。在管理员的服务器，或者在这方面你必须假定他们可以信任的，不要试图打破域管理员的水平。你可能会不能够保持他们无论如何。

Second, It is almost impossible to keep the administrator of the server the instance is on out of the instance if they really really want to get in. And I only say "almost" impossible because there may be a way that I don't know about. At the level of administrator for the server, or domain administrator for that matter you have to assume they can be trusted not to try to break in. You probably won't be able to keep them out anyway.

最后但并非最不重要的，如果你可以将您的实例关闭该服务器已经需要用户许多其他服务，以管理员身份登录维护。这是一种安全噩梦首先（正如我上面所说）和第二您的SQL服务器将工作它自己的服务器上更好。我甚至从该专家说，你永远不应该远程登录到服务器的SQL Server实例上听到的意见。而且，如果您有远程绝对不复制周围的文件，同时远程的。一般说，越少幸福是SQL服务器上的事情。

Last but not least if you can move your instance off of a server that has many other services which require a user to login as admin to maintain. This is a security nightmare first of all (as I said above) and second your SQL server will work better on it's own server. I've even heard advice from experts that say you should never remote into the server a SQL Server instance is on. And if you have to remote in definitely don't copy files around while remoted. Generally said the less going on on the server the happier SQL is.

这篇关于从域管理保护SQL Server数据库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！