Open Shares Windows 2003 Server

If you have say a open file share on a database server, am I right in thinking if say the Everyone group or Domain Users group had write access to that share that a disgruntled employee or malicious insider may be able to save a sniffer/packet analyzer on that share that would then sniff traffic in the same subnet as the database server? And what about key loggers, if you install it on a share that is say the servers E drive, yet the server OS is installed on the servers C, is the keylogger of no real threat once installed on an E drive?

The reason I ask is our admin has said there is no real danger in leaving an SQL Server mdf/ldf file on an open share, I am pretty sure the user cant just copy the mdf away as it would be locked by the server, but I am not sure if they could do any other mischief on the open share on what would be classed as a sensitive server. It is a large internal network userbase (5k users).
LVL 4
pma111Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brian PiercePhotographerCommented:
There is nothing to stop a user copying a file - even if a sever has it open - so there IS a danger that someone could copy your data - it is not generally a good idea to  have any 'open shared' except perhaps a a 'scratchpad' for unimportant and non-sensitive data

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mlongohCommented:
I think your admin is correct.  In terms of someone saving a sniffer/packet analyzer on an open share - all that means is that the file(s) is/are stored there.  It's possible to drop a trojan on the share, but someone would have to execute it, and hopefully you have AV to detect that kind of thing anyway.  Same story for key loggers - it has to be executed by someone in order for it to be malicious to them.
pma111Author Commented:
Kcts, if its an mdf if you try and copy and paste it it says access denied, are you saying even if the sql service locks it you can copy it away?
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

mlongohCommented:
There is no harm in restricting access to the MDF/LDF files - it's probably more secure to do so as long as users don't need access to them.
Brian PiercePhotographerCommented:
You can copy open files - there are numerous utilities to do just that - however its going to be verry difficult to stop anyone who has legitimage access to a file from copying it - if a user has the right to read, then they can copy.
pma111Author Commented:
Can you list some tools so I can verify this and demonstrate the risk to the admin
Brian PiercePhotographerCommented:
Just google 'copy locked files' - there is a lot of stuff out there
pma111Author Commented:
Are you referring to stuff like hobocopy? Does that honestly work on mdf files?
pma111Author Commented:
Does the version of the server OS come into this or is that irrelevant?
Brian PiercePhotographerCommented:
I assume you mean robocopy  - thats one option - or xcopy for that matter, as well of lots of 3rd party stuff
http://supercopy.codeplex.com/
http://www.backupforall.com/open-file-backup.php
maybe even VBA - (not sure this would work for an MDF file - http://word.mvps.org/FAQs/MacrosVBA/CopyOpenFile.htm
pma111Author Commented:
Ok thanks, and does the version of the server with the open share affect if these tools will work or not?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.