| Backing up database without password contains | | | | |
| several vulnerability of | | | | a backup media and backup device name |
| | | | 'backup01'. |
| disclosing the confidential information. The | | | | |
| reason that any database can be | | | | |
| | | | |
| restored at any location makes this problem | | | | Statement#1 |
| more serious. You can check it out | | | | |
| | | | Backup database Northwind to backup01 with |
| by creating a Backup of your database and | | | | password='secretpass' |
| restoring it in some other machine. | | | | |
| | | | |
| The information stored in your backup media | | | | |
| also get disclosed by - Restore | | | | Now, let us have a test on this and see what |
| | | | SQL Server says when password is |
| filelistonly or Restore headeronly options. | | | | |
| Backing up a database without | | | | not provided. |
| | | | |
| supplying password could lead to several | | | | |
| anomalies that no company would like to | | | | |
| | | | Restore database Northwind from backup01 |
| suffer. | | | | |
| | | | |
| | | | |
| | | | Server: Msg 3279, Level 16, State 2, Line 5 |
| Some common problems concerned - | | | | |
| | | | Access is denied due to a password failure |
| | | | |
| | | | Server: Msg 3013, Level 16, State 1, Line 5 |
| | | | |
| | | | RESTORE DATABASE is terminating abnormally. |
| | | | |
| | | | |
| (1) Disclosing of company information, such | | | | |
| as customers, policies and future | | | | This was an error with severity level 16. |
| | | | That means it's working. Now, let us |
| plans. | | | | |
| | | | have a look on restore related commands that |
| | | | produce some information. |
| | | | |
| (2) Disclosing of contact information or | | | | |
| accounts information especially in case | | | | |
| | | | Restore Filelistonly From backup01 |
| of Bank or Insurance companies. | | | | |
| | | | |
| | | | |
| | | | Server: Msg 3279, Level 16, State 2, Line 5 |
| (3) Disclosing of structure of the storage | | | | |
| pattern of the company. | | | | Access is denied due to a password failure |
| | | | |
| | | | Server: Msg 3013, Level 16, State 1, Line 5 |
| | | | |
| (4) Utilization of future plans by rival | | | | RESTORE DATABASE is terminating abnormally. |
| companies. | | | | |
| | | | |
| | | | |
| | | | Again the same error. In this way, we may |
| These are common problems, but there are | | | | conclude that this approach is easier |
| numerous specific problems that could | | | | |
| | | | to create this. Some other options can also |
| be faced. Let's have an estimate of some | | | | be provided like media name, media |
| reasons why backup set must be password | | | | |
| | | | description and media password. |
| protected - | | | | |
| | | | |
| | | | |
| | | | Media Name, Media Description and Media |
| | | | Password |
| | | | |
| (1) Backups in Tapes is not kept in a secure | | | | |
| manner. | | | | |
| | | | There are some differences in directly |
| | | | applying password while backup and using |
| | | | |
| This is also recommended to store all the | | | | media name. When you are using following |
| backup off-site. In such cases where | | | | command while backup. |
| | | | |
| your company stores Tapes off-site, there | | | | |
| could be some physical security | | | | |
| | | | Statement#2 |
| problems of there storage. There are cases | | | | |
| when disgruntled employees have sold | | | | Backup database Northwind to backup01 with |
| | | | medianame='Set-1' , mediapassword='passwd' |
| these tapes to rival companies to gain | | | | |
| better perk and confidence in rival | | | | |
| | | | |
| companies. As you all know, each company | | | | This would create password for backup01 and |
| wants to know the structure and pattern | | | | once it was done, you get the same |
| | | | |
| followed by other company. A employee of | | | | error Msg 3279 while you execute the |
| company may be unfaithful and he can | | | | following command on the same media. |
| | | | |
| damage some information. But damaging some | | | | |
| data is not a big issue than selling | | | | |
| | | | Backup database Northwind to backup01 |
| or disclosing information. | | | | |
| | | | |
| | | | |
| | | | So, when your provide password for the |
| (2) Backups can be sent as e-mail or | | | | media, you can not backup any information |
| uploaded. | | | | |
| | | | into media unless you provide password. |
| | | | After the Statement#2 you need to |
| | | | |
| This problem is not hidden to anyone. Your | | | | provide password for other backups. |
| company firewall may be strong, but | | | | |
| | | | |
| Thumbnail drives can anytime be applied in | | | | |
| USB port and data can be transferred. | | | | Backup database MSDB to backup01 with |
| | | | medianame='Set-1' , mediapassword='passwd' |
| Thumbnail drives are nowadays in fashion | | | | |
| also. Anyone can have a 1GB to 10GB of | | | | |
| | | | |
| such thumbnail drives. The important thing | | | | The statement executes successfully. This is |
| to notice about thumbnail drives is | | | | the actual difference in using |
| | | | |
| that they do not require installation. Just | | | | 'with password=' and 'with medianame' case. |
| plugging into USB port and computer | | | | After executing Statement#1, you can |
| | | | |
| shows a Removable media and then copy and | | | | use the same for other backups without |
| paste of files. This is so easy to do | | | | mentioning password or mentioning |
| | | | |
| that a newbie can do this. | | | | different passwords. |
| | | | |
| | | | |
| | | | |
| How to provide security in Backups ? | | | | Conclusion |
| | | | |
| | | | |
| | | | |
| This only requires to add an option of | | | | This is all about providing protection for |
| password to make your backup set password | | | | passwords. There are many other |
| | | | |
| protected. The advantages of providing | | | | things to research in the same scenario and |
| password in backup are - | | | | I would like to share my ideas when |
| | | | |
| | | | such studies are complete. Overall, my aim |
| | | | was to open your eyes that backups |
| (1) Restore Filelistonly, Restore Headeronly | | | | |
| commands does not disclose | | | | are not only to secure your data, but due to |
| | | | carelessness this may lead to |
| the backup information. | | | | |
| | | | leakage of information. In my opinion, |
| (2) If you want to restore from media, error | | | | disclosure of important information is |
| is generated by SQL Server. | | | | |
| | | | more serious matter than loss of |
| | | | information. So, awareness is important and |
| | | | |
| The following commands can be used to | | | | there is a little effort to apply in |
| provide a password. I assume that you have | | | | securing your backups. |