Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.
Course Of The Month
Become a Premium Member and unlock a new, free course in leading technologies each month.
Solved
security issues for an application server
Posted on 2013-02-07
I am not a systems developer, but we have an internal payroll application, that essentially has 2 servers in its architecture, a database server running MS-SQL Server, and an application server, both have windows 2008 server as OS. A security audit has found a weak password associated with a local OS account which is members of the admins group. My question is what is the overall risk, the data is stored on the database server not the application server, so if someone exploited this weak password and got admin access to the application server, what’s the risk, what could they? What “data” is typically installed an the application server? Surely the higher risk server is the database server which houses the actual data.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
3
2
6 Comments
There is a large risk here, as someone compromising an administrative account on a server machine could use it to then create administrative other accounts that could, potentially, be used to access other networked devices. This would give them access to the data server also, and you're obviously trying to avoid that.
Any administrator accounts should always have strong passwords. Just because the server that the account sits on (or is used on) doesn't host important data itself, that doesn't mean it can't be used to get access to that data.
Any administrator accounts should always have strong passwords. Just because the server that the account sits on (or is used on) doesn't host important data itself, that doesn't mean it can't be used to get access to that data.
Active today
Thanks.... How so? I appreciate if you get local admin access you could create additional local admins, but that's just on that server isn't it? Ie if I have local admin access on my domain laptop I can't access or create additional admins on another laptop.
Active today
You're missing the point all administrative accounts MUST have strong passwords.. Having 1 weak password opens an attack vector i.e. the ability to modify an application, add malicious code and wait ... thus gaining the ability to compromise the network...
Active today
I am not missing the point at all, I am fully aware they all MUST have strong passwords, but from a risk perspective I want to understand what the ultimate is as per the question.
Active today
Still awaitng some clarifacation on:
How so? I appreciate if you get local admin access you could create additional local admins, but that's just on that server isn't it? Ie if I have local admin access on my domain laptop I can't access or create additional admins on another laptop.
How so? I appreciate if you get local admin access you could create additional local admins, but that's just on that server isn't it? Ie if I have local admin access on my domain laptop I can't access or create additional admins on another laptop.
Featured Post
Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions.
Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
- Windows 10
- Microsoft Legacy OS
- Windows Vista
- Windows 8
- Windows XP
- Windows OS, Windows 7, *Windows Updates, *windows update
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month3 days, 15 hours left to enroll
Earn Certification
MCSA Configuring Windows 7 Exam 70-680
$49.00$44.10
630 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.