Guest Sacha Vieux-Roy Posted July 6, 2007 Posted July 6, 2007 I have good reason to believe that a hacker in my company hacked windows vista ultimate and changed the security settings of my USB hard drive. I have been working flawlessly for over 2 month with my USB hard drive. After receiving a threat from a hacker, I was no longer able to move files on my USB hard drive and my Visual Studio Key of my VB project stopped working. Is there a way for a VB.Net client to SQL Server 2005 to authenticate itself to SQL Server using a certificate, thereby garanteeing that only that application can connect to SQL Server 2005? I need to protect my Windows Vista Ultimate server & SQL Server 2005 from hackers. What can I do? Does microsoft offer any products or services to protect me from what just happened or other hacking threats. Are there any newsgroups or other resources free or NOT free that I investigate to protect myself. Quote
Guest Richard Urban Posted July 6, 2007 Posted July 6, 2007 If you believe that someone within your own company hacked you I would certainly take this up with the IT department. Or was it the IT department that has imposed constraints that prohibit using USB devices on their company computers? It *IS* a valid security consideration. -- Regards, Richard Urban Microsoft MVP Windows Shell/User (For email, remove the obvious from my address) "Sacha Vieux-Roy" <SachaVieuxRoy@discussions.microsoft.com> wrote in message news:DAC20C83-F9D1-4E6A-87F9-9BB879660C24@microsoft.com... >I have good reason to believe that a hacker in my company hacked windows > vista ultimate and changed the security settings of my USB hard drive. I > have > been working flawlessly for over 2 month with my USB hard drive. After > receiving a threat from a hacker, I was no longer able to move files on my > USB hard drive and my Visual Studio Key of my VB project stopped working. > > > Is there a way for a VB.Net client to SQL Server 2005 to authenticate > itself > to SQL Server using a certificate, thereby garanteeing that only that > application can connect to SQL Server 2005? > > > I need to protect my Windows Vista Ultimate server & SQL Server 2005 from > hackers. What can I do? Does microsoft offer any products or services to > protect me from what just happened or other hacking threats. Are there any > newsgroups or other resources free or NOT free that I investigate to > protect > myself. > Quote
Guest Milo (MSPSS) Posted July 6, 2007 Posted July 6, 2007 Add to what richard indicated, if you have domain wide or workgroup wide admin capapbility, create an OU on the Server for VB.net Users and SQL apps user, limit the number of access ( only to those ) deligate policy to those applications to be only accessed by the SQL and VB users, regulate a 72 hrs change password policy for everyone in that workgroup if you have an upcoming sensitive project to prevent hacking magnet dev. project and by the way have the usb access be implemented only with user roaming profiles logged in not within hardware profile. For a possibility of a hacker locking down access to resources would be good, and please dont ever leave your system or server consoles open ( ever ). review the policy logs changes from the time you knew the system is still working 2days to the date that you verified you notice a change in hardware access, hope you have a full implemented Active Directory for this scenario. ( i believe you are with the development group, coordinate with the newwork admin to have this in your system ) -- Milo MSPSS "Sacha Vieux-Roy" wrote: > I have good reason to believe that a hacker in my company hacked windows > vista ultimate and changed the security settings of my USB hard drive. I have > been working flawlessly for over 2 month with my USB hard drive. After > receiving a threat from a hacker, I was no longer able to move files on my > USB hard drive and my Visual Studio Key of my VB project stopped working. > > > Is there a way for a VB.Net client to SQL Server 2005 to authenticate itself > to SQL Server using a certificate, thereby garanteeing that only that > application can connect to SQL Server 2005? > > > I need to protect my Windows Vista Ultimate server & SQL Server 2005 from > hackers. What can I do? Does microsoft offer any products or services to > protect me from what just happened or other hacking threats. Are there any > newsgroups or other resources free or NOT free that I investigate to protect > myself. > Quote
Guest S. Pidgorny Posted July 7, 2007 Posted July 7, 2007 G'day: "Richard Urban" <richardurbanREMOVETHIS@hotmail.com> wrote in message news:%23mW6iC9vHHA.4464@TK2MSFTNGP02.phx.gbl... > If you believe that someone within your own company hacked you I would > certainly take this up with the IT department. I suggest internal investigations or information security departments (if exist) instead. Following the incident through can be very frustrating experience.... -- Svyatoslav Pidgorny, MS MVP - Security, MCSE -= F1 is the key =- * http://sl.mvps.org * http://msmvps.com/blogs/sp * Quote
Guest S. Pidgorny Posted July 7, 2007 Posted July 7, 2007 Two issues there: workstation security and server security. Workstation: use Bitlocker! And do the firewall-updates-antivirus-malware scanner routine on top of that. Server: lock it down, enable auditing with alerting. SQL server doesn't natively support certificate authentication. HOWEVER you can use a SSL wrapper (like Stunnel - http://www.stunnel.org) to facilitate that. A big problem is that you'll need a hardware storage for client certs (like TPM) in top security scenarios, open source solutions aren't quite good with that but a wrapper is easy to write if needed. And btw - image your USB drive and store in safe location regularly. It's a backup as well as potential evidence. -- Svyatoslav Pidgorny, MS MVP - Security, MCSE -= F1 is the key =- * http://sl.mvps.org * http://msmvps.com/blogs/sp * "Sacha Vieux-Roy" <SachaVieuxRoy@discussions.microsoft.com> wrote in message news:DAC20C83-F9D1-4E6A-87F9-9BB879660C24@microsoft.com... >I have good reason to believe that a hacker in my company hacked windows > vista ultimate and changed the security settings of my USB hard drive. I > have > been working flawlessly for over 2 month with my USB hard drive. After > receiving a threat from a hacker, I was no longer able to move files on my > USB hard drive and my Visual Studio Key of my VB project stopped working. > > > Is there a way for a VB.Net client to SQL Server 2005 to authenticate > itself > to SQL Server using a certificate, thereby garanteeing that only that > application can connect to SQL Server 2005? > > > I need to protect my Windows Vista Ultimate server & SQL Server 2005 from > hackers. What can I do? Does microsoft offer any products or services to > protect me from what just happened or other hacking threats. Are there any > newsgroups or other resources free or NOT free that I investigate to > protect > myself. > Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.