| Author |
Messages |
|
DBADave (guest)
 |
| 09/06/2007 8:35 AM |
 Quote
 Reply
 Alert
|
I read an MSDN article that states the following.
SQL Server Browser listens on a UDP port and accepts unauthenticated requests using SQL Server Resolution Protocol (SSRP). SQL Server Browser should be run in the security context of a low-privileged user to minimize exposure to a malicious attack. By default, SQL Server Browser starts using the Local System account. The logon account can be changed by using the Windows Services program. The minimum user rights for SQL Server Browser are as follows:
* Deny access to this computer from the network.
* Deny logon locally.
* Deny logon as a batch job.
* Deny logon through Terminal Services.
* Log on as a service.
* Read and write the SQL Server registry keys related to network communication (ports and pipes).
In our case the SQL Server Browser service is running under the same Windows account as our other SQL Server services. Do you recommend creating a separate Windows account for the SQL Server Browser service as described above?
Can you help me understand how an attack can occur?
Thanks, Dave
|
|
|
|
|
Chip Andrews
Posts:113
|
| 09/06/2007 4:55 PM |
Quote
Reply
Alert
|
Probably the easiest thing to do is have the Browser Service run as the "Network Service" account. That account already has minimal local privileges and does not require the hassle of password management.
http://msdn2.microsoft.com/en-us/library/ms684272.aspx
If you give the service too high a level of privilege, then if another vulnerability appears in the service, it may be possible for the attacker to perform any actions possible under your currently assigned account. This is especially dangerous if it is the same account which is running SQL Server - since that account is granted access to vital areas such as databases and core server functions.
Chip |
|
|
|
|
|