• Adam Thurgar

Prod server access

Whilst doing a routine check of some SQL Servers I came across the following login failure message.

Login failed for user 'our-domain\one-of-our-servers$'. Reason: Could not find a login matching the name provided. [CLIENT: xxx.xxx.x.xx].

This is usually the AD machine account for a server.

What intrigued me was that the server login failure was from a dev server. A dev server trying to access a production server.

To investigate further we changed the server auditing for a brief period to be for all logins, not just failed.

What we found was that there where a number of non prod servers accessing production servers.

They are now removing this access to production servers, unless there is sufficient justification.

Do you know who has access to your servers and why?

This could have been the case of being lazy, but it could also have been a backdoor.

It just reminded me to do security checks more often and be more vigilant.

2 views0 comments

Recent Posts

See All

Cardinality estimator

Recently I was asked by a software vendor to review a particular query that ran in under a second on a SQL Server 2014 installation at a compatibility level of 110 (SQL Server 2012), but when run unde

Index fragmentation

A law firm client, occasionally has issues with their legal software, that is provided by the global leader in this field. The response from the software provider is always the same - you have index f

Deleting large amounts of data

I had a client call me about wanting to delete a large amount of data from their database. They knew what tables they wanted to delete from. They also knew that deleting large amounts of data causes t