| Backing up database without password contains | | | | The following commands can be used to provide a |
| several vulnerability of | | | | password. I assume that you have |
| disclosing the confidential information. The reason | | | | a backup media and backup device name 'backup01'. |
| that any database can be | | | | |
| restored at any location makes this problem more | | | | Statement#1 |
| serious. You can check it out | | | | Backup database Northwind to backup01 with |
| by creating a Backup of your database and restoring | | | | password='secretpass' |
| it in some other machine. | | | | |
| The information stored in your backup media also | | | | Now, let us have a test on this and see what SQL |
| get disclosed by - Restore | | | | Server says when password is |
| filelistonly or Restore headeronly options. Backing up | | | | not provided. |
| a database without | | | | |
| supplying password could lead to several anomalies | | | | Restore database Northwind from backup01 |
| that no company would like to | | | | |
| suffer. | | | | Server: Msg 3279, Level 16, State 2, Line 5 |
| | | | Access is denied due to a password failure |
| Some common problems concerned - | | | | Server: Msg 3013, Level 16, State 1, Line 5 |
| | | | RESTORE DATABASE is terminating abnormally. |
| | | | |
| | | | This was an error with severity level 16. That means |
| (1) Disclosing of company information, such as | | | | it's working. Now, let us |
| customers, policies and future | | | | have a look on restore related commands that |
| plans. | | | | produce some information. |
| | | | |
| (2) Disclosing of contact information or accounts | | | | Restore Filelistonly From backup01 |
| information especially in case | | | | |
| of Bank or Insurance companies. | | | | Server: Msg 3279, Level 16, State 2, Line 5 |
| | | | Access is denied due to a password failure |
| (3) Disclosing of structure of the storage pattern of | | | | Server: Msg 3013, Level 16, State 1, Line 5 |
| the company. | | | | RESTORE DATABASE is terminating abnormally. |
| | | | |
| (4) Utilization of future plans by rival companies. | | | | Again the same error. In this way, we may conclude |
| | | | that this approach is easier |
| These are common problems, but there are | | | | to create this. Some other options can also be |
| numerous specific problems that could | | | | provided like media name, media |
| be faced. Let's have an estimate of some reasons | | | | description and media password. |
| why backup set must be password | | | | |
| protected - | | | | Media Name, Media Description and Media Password |
| | | | |
| | | | There are some differences in directly applying |
| (1) Backups in Tapes is not kept in a secure manner. | | | | password while backup and using |
| | | | media name. When you are using following command |
| | | | while backup. |
| This is also recommended to store all the backup | | | | |
| off-site. In such cases where | | | | Statement#2 |
| your company stores Tapes off-site, there could be | | | | Backup database Northwind to backup01 with |
| some physical security | | | | medianame='Set-1' , mediapassword='passwd' |
| problems of there storage. There are cases when | | | | |
| disgruntled employees have sold | | | | This would create password for backup01 and once |
| these tapes to rival companies to gain better perk | | | | it was done, you get the same |
| and confidence in rival | | | | error Msg 3279 while you execute the following |
| companies. As you all know, each company wants | | | | command on the same media. |
| to know the structure and pattern | | | | |
| followed by other company. A employee of | | | | Backup database Northwind to backup01 |
| company may be unfaithful and he can | | | | |
| damage some information. But damaging some data | | | | So, when your provide password for the media, you |
| is not a big issue than selling | | | | can not backup any information |
| or disclosing information. | | | | into media unless you provide password. After the |
| | | | Statement#2 you need to |
| (2) Backups can be sent as e-mail or uploaded. | | | | provide password for other backups. |
| | | | |
| This problem is not hidden to anyone. Your company | | | | Backup database MSDB to backup01 with |
| firewall may be strong, but | | | | medianame='Set-1' , mediapassword='passwd' |
| Thumbnail drives can anytime be applied in USB port | | | | |
| and data can be transferred. | | | | The statement executes successfully. This is the |
| Thumbnail drives are nowadays in fashion also. | | | | actual difference in using |
| Anyone can have a 1GB to 10GB of | | | | 'with password=' and 'with medianame' case. After |
| such thumbnail drives. The important thing to notice | | | | executing Statement#1, you can |
| about thumbnail drives is | | | | use the same for other backups without mentioning |
| that they do not require installation. Just plugging into | | | | password or mentioning |
| USB port and computer | | | | different passwords. |
| shows a Removable media and then copy and paste | | | | |
| of files. This is so easy to do | | | | Conclusion |
| that a newbie can do this. | | | | |
| | | | This is all about providing protection for passwords. |
| How to provide security in Backups ? | | | | There are many other |
| | | | things to research in the same scenario and I would |
| This only requires to add an option of password to | | | | like to share my ideas when |
| make your backup set password | | | | such studies are complete. Overall, my aim was to |
| protected. The advantages of providing password in | | | | open your eyes that backups |
| backup are - | | | | are not only to secure your data, but due to |
| | | | carelessness this may lead to |
| (1) Restore Filelistonly, Restore Headeronly | | | | leakage of information. In my opinion, disclosure of |
| commands does not disclose | | | | important information is |
| the backup information. | | | | more serious matter than loss of information. So, |
| (2) If you want to restore from media, error is | | | | awareness is important and |
| generated by SQL Server. | | | | there is a little effort to apply in securing your |
| | | | backups. |