Improve company productivity with a Business Account.Sign Up

x
?
Solved

security issues for an application server

Posted on 2013-02-07
6
Medium Priority
?
191 Views
Last Modified: 2013-02-27
I am not a systems developer, but we have an internal payroll application, that essentially has 2 servers in its architecture, a database server running MS-SQL Server, and an application server, both have windows 2008 server as OS. A security audit has found a weak password associated with a local OS account which is members of the admins group. My question is what is the overall risk, the data is stored on the database server not the application server, so if someone exploited this weak password and got admin access to the application server, what’s the risk, what could they? What “data” is typically installed an the application server? Surely the higher risk server is the database server which houses the actual data.
0
Comment
Question by:pma111
  • 3
  • 2
6 Comments
 
LVL 7

Accepted Solution

by:
CorinTack earned 1000 total points
ID: 38864430
There is a large risk here, as someone compromising an administrative account on a server machine could use it to then create administrative other accounts that could, potentially, be used to access other networked devices. This would give them access to the data server also, and you're obviously trying to avoid that.

Any administrator accounts should always have strong passwords. Just because the server that the account sits on (or is used on) doesn't host important data itself, that doesn't mean it can't be used to get access to that data.
0
 
LVL 3

Author Comment

by:pma111
ID: 38864476
Thanks.... How so? I appreciate if you get local admin access you could create additional local admins, but that's just on that server isn't it? Ie if I have local admin access on my domain laptop I can't access or create additional admins on another laptop.
0
 
LVL 85

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 1000 total points
ID: 38866223
You're missing the point all administrative accounts MUST have strong passwords.. Having 1 weak password opens an attack vector i.e. the ability to modify an application, add malicious code and wait ... thus gaining the ability to compromise the network...
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
LVL 3

Author Comment

by:pma111
ID: 38875511
I am not missing the point at all, I am fully aware they all MUST have strong passwords, but from a risk perspective I want to understand what the ultimate is as per the question.
0
 
LVL 3

Author Comment

by:pma111
ID: 38933826
Still awaitng some clarifacation on:

How so? I appreciate if you get local admin access you could create additional local admins, but that's just on that server isn't it? Ie if I have local admin access on my domain laptop I can't access or create additional admins on another laptop.
0
 
LVL 85

Expert Comment

by:David Johnson, CD, MVP
ID: 38934139
Depends if the local admin has access to the sql db server .. sql has different security rules than the operating system. but they could always just copy the entire database if located on the database server.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

A procedure for exporting installed hotfix details of remote computers using powershell
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question