25112
asked on
SQL Server 2016 (Win10) Developers all running built-in service accounts for SQL Server service on workstations: security concern
if 7 developers are in a lab room, and all workstations are running on sql server with service account of Local System, what can be the security breach possible situations/scenarios? can you give practical applications of what can go wrong, so we can make a standard and also give such examples to developers to encourage not use Local System, but Virtual Accounts (Windows 10)
ASKER
>>many services run under Local System account and this will provide them with the necessary permissions to access a local SQL Server instance.
a)
Since this is a workstation, the service that may access SQL server instance in this context is contained within the box itself, right? (the developer next bench cant cross-access to another box because of 'Local System' service account, can he? (in other words, if there is a breach, is it from the same box itself, only ) and not outside world, in this case the next door developer...
b)
is the 'Local System' service account for 2016 sql server instance on Developer A workstsation
have anything in common with
'Local System' service account for 2016 sql server instance on Developer B workstsation?
or are they totally 2 different entities with no common boundaries?
a)
Since this is a workstation, the service that may access SQL server instance in this context is contained within the box itself, right? (the developer next bench cant cross-access to another box because of 'Local System' service account, can he? (in other words, if there is a breach, is it from the same box itself, only ) and not outside world, in this case the next door developer...
b)
is the 'Local System' service account for 2016 sql server instance on Developer A workstsation
have anything in common with
'Local System' service account for 2016 sql server instance on Developer B workstsation?
or are they totally 2 different entities with no common boundaries?
(in other words, if there is a breach, is it from the same box itself, only )Yes, that's correct.
or are they totally 2 different entities with no common boundaries?Even they have the same name, they are totally different.
ASKER
so SQL Server instance or Agent running on 'Local System' is 100% safe from outside world, and only vulnerability (if that can be called with that term) is cross-application reference from the same box, when not intended so?
--
can you confirm if that would be the right understanding?
--
can you confirm if that would be the right understanding?
I have no idea how you even came to think this could be a security concern. Please explain.
Local system accounts on system A may not act remotely on system B.
Local system accounts on system A may not act remotely on system B.
ASKER
a.Even they have the same name, they are totally different.
b.Local system accounts on system A may not act remotely on system B.
thank you experts..
but the reason this brought out was the recommendation in general not to use the Local System for service acct for SQL (vitor also confirmed same earlier):
https://www.mssqltips.com/sqlservertip/2384/why-system-account-is-a-bad-idea-for-sql-server-service-account/
so how can it be a security concern.. is what I believe vitor said 42059456 what exactly could be the downside to using built-in account.. [acknowledging: if there is a breach, is it from the same box itself, only]
as in 42059456 , it seems like it can cause a breach but not severe. my words below asking for final confirmation/comment. "only vulnerability (if that can be called with that term) is cross-application reference from the same box, when not intended so? "
b.Local system accounts on system A may not act remotely on system B.
thank you experts..
but the reason this brought out was the recommendation in general not to use the Local System for service acct for SQL (vitor also confirmed same earlier):
https://www.mssqltips.com/sqlservertip/2384/why-system-account-is-a-bad-idea-for-sql-server-service-account/
so how can it be a security concern.. is what I believe vitor said 42059456 what exactly could be the downside to using built-in account.. [acknowledging: if there is a breach, is it from the same box itself, only]
as in 42059456 , it seems like it can cause a breach but not severe. my words below asking for final confirmation/comment. "only vulnerability (if that can be called with that term) is cross-application reference from the same box, when not intended so? "
Reading your question, I thought you wondered, whether the developers could attack the machines of other developers. That was not what you meant? Because I wouldn't see a way to do it that benefits from the setup that you describe.
I cannot confirm your "only vulnerability..." since I have not understood what it's about, sorry.
In security questions, I usually urge people to start with a description of what they would like to protect and against what and then phrase why they see dangers. Maybe you could do that?
I cannot confirm your "only vulnerability..." since I have not understood what it's about, sorry.
In security questions, I usually urge people to start with a description of what they would like to protect and against what and then phrase why they see dangers. Maybe you could do that?
"Local System" account can be used by a Trojan application that will try to connect to your local SQL Server instance and perform evil tasks (delete the data, remove the admins, change passwords, giving access to external applications or users, ...).
That's the best example I can give you.
That's the best example I can give you.
ASKER
>>Reading your question, I thought you wondered,
the question is about the service account for sql on win10 that is best suited for sql developers. because Local System has Full Control, i just waned to understand can be the bad consequences, that it is recommended against usage?
the question is about the service account for sql on win10 that is best suited for sql developers. because Local System has Full Control, i just waned to understand can be the bad consequences, that it is recommended against usage?
ASKER
>>"Local System" account can be used by a
thanks. that does seem real vulnerability..
and VSA will protect because virus does not knows its password?
thanks. that does seem real vulnerability..
and VSA will protect because virus does not knows its password?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thank u for ur valuable input
On the other side, if SQL Server instances runs under Network Service account then it will let that instance to connect to another SQL Server instance in the same network.