Protection Against Hackers

  • Thread starter Thread starter Sacha Vieux-Roy
  • Start date Start date
S

Sacha Vieux-Roy

I have good reason to believe that a hacker in my company hacked windows
vista ultimate and changed the security settings of my USB hard drive. I have
been working flawlessly for over 2 month with my USB hard drive. After
receiving a threat from a hacker, I was no longer able to move files on my
USB hard drive and my Visual Studio Key of my VB project stopped working.


Is there a way for a VB.Net client to SQL Server 2005 to authenticate itself
to SQL Server using a certificate, thereby garanteeing that only that
application can connect to SQL Server 2005?


I need to protect my Windows Vista Ultimate server & SQL Server 2005 from
hackers. What can I do? Does microsoft offer any products or services to
protect me from what just happened or other hacking threats. Are there any
newsgroups or other resources free or NOT free that I investigate to protect
myself.
 
If you believe that someone within your own company hacked you I would
certainly take this up with the IT department. Or was it the IT department
that has imposed constraints that prohibit using USB devices on their
company computers? It *IS* a valid security consideration.

--


Regards,

Richard Urban
Microsoft MVP Windows Shell/User
(For email, remove the obvious from my address)



"Sacha Vieux-Roy" <SachaVieuxRoy@discussions.microsoft.com> wrote in message
news:DAC20C83-F9D1-4E6A-87F9-9BB879660C24@microsoft.com...
>I have good reason to believe that a hacker in my company hacked windows
> vista ultimate and changed the security settings of my USB hard drive. I
> have
> been working flawlessly for over 2 month with my USB hard drive. After
> receiving a threat from a hacker, I was no longer able to move files on my
> USB hard drive and my Visual Studio Key of my VB project stopped working.
>
>
> Is there a way for a VB.Net client to SQL Server 2005 to authenticate
> itself
> to SQL Server using a certificate, thereby garanteeing that only that
> application can connect to SQL Server 2005?
>
>
> I need to protect my Windows Vista Ultimate server & SQL Server 2005 from
> hackers. What can I do? Does microsoft offer any products or services to
> protect me from what just happened or other hacking threats. Are there any
> newsgroups or other resources free or NOT free that I investigate to
> protect
> myself.
>
 
Add to what richard indicated, if you have domain wide or workgroup wide
admin capapbility, create an OU on the Server for VB.net Users and SQL apps
user, limit the number of access ( only to those ) deligate policy to those
applications to be only accessed by the SQL and VB users, regulate a 72 hrs
change password policy for everyone in that workgroup if you have an upcoming
sensitive project to prevent hacking magnet dev. project and by the way have
the usb access be implemented only with user roaming profiles logged in not
within hardware profile.

For a possibility of a hacker locking down access to resources would be
good, and please dont ever leave your system or server consoles open ( ever
).

review the policy logs changes from the time you knew the system is still
working
2days to the date that you verified you notice a change in hardware access,
hope you have a full implemented Active Directory for this scenario.

( i believe you are with the development group, coordinate with the newwork
admin to have this in your system )

--
Milo
MSPSS


"Sacha Vieux-Roy" wrote:

> I have good reason to believe that a hacker in my company hacked windows
> vista ultimate and changed the security settings of my USB hard drive. I have
> been working flawlessly for over 2 month with my USB hard drive. After
> receiving a threat from a hacker, I was no longer able to move files on my
> USB hard drive and my Visual Studio Key of my VB project stopped working.
>
>
> Is there a way for a VB.Net client to SQL Server 2005 to authenticate itself
> to SQL Server using a certificate, thereby garanteeing that only that
> application can connect to SQL Server 2005?
>
>
> I need to protect my Windows Vista Ultimate server & SQL Server 2005 from
> hackers. What can I do? Does microsoft offer any products or services to
> protect me from what just happened or other hacking threats. Are there any
> newsgroups or other resources free or NOT free that I investigate to protect
> myself.
>
 
G'day:

"Richard Urban" <richardurbanREMOVETHIS@hotmail.com> wrote in message
news:%23mW6iC9vHHA.4464@TK2MSFTNGP02.phx.gbl...
> If you believe that someone within your own company hacked you I would
> certainly take this up with the IT department.

I suggest internal investigations or information security departments (if
exist) instead.
Following the incident through can be very frustrating experience....

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *
 
Two issues there: workstation security and server security.

Workstation: use Bitlocker! And do the firewall-updates-antivirus-malware
scanner routine on top of that.
Server: lock it down, enable auditing with alerting.

SQL server doesn't natively support certificate authentication. HOWEVER you
can use a SSL wrapper (like Stunnel - www.stunnel.org) to facilitate that. A
big problem is that you'll need a hardware storage for client certs (like
TPM) in top security scenarios, open source solutions aren't quite good with
that but a wrapper is easy to write if needed.

And btw - image your USB drive and store in safe location regularly. It's a
backup as well as potential evidence.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

"Sacha Vieux-Roy" <SachaVieuxRoy@discussions.microsoft.com> wrote in message
news:DAC20C83-F9D1-4E6A-87F9-9BB879660C24@microsoft.com...
>I have good reason to believe that a hacker in my company hacked windows
> vista ultimate and changed the security settings of my USB hard drive. I
> have
> been working flawlessly for over 2 month with my USB hard drive. After
> receiving a threat from a hacker, I was no longer able to move files on my
> USB hard drive and my Visual Studio Key of my VB project stopped working.
>
>
> Is there a way for a VB.Net client to SQL Server 2005 to authenticate
> itself
> to SQL Server using a certificate, thereby garanteeing that only that
> application can connect to SQL Server 2005?
>
>
> I need to protect my Windows Vista Ultimate server & SQL Server 2005 from
> hackers. What can I do? Does microsoft offer any products or services to
> protect me from what just happened or other hacking threats. Are there any
> newsgroups or other resources free or NOT free that I investigate to
> protect
> myself.
>
 

Similar threads

P
Secure Windows Server 2012/R2 workloads with options from Azure
Replies
0
Views
22
Patrick Widjaja
P
R
What is wrong with my old laptop hard drive and how do I fix it?
Replies
1
Views
36
Tony D
Tony D
I
Gain enhanced security and performance with Windows Server 2025—now in preview
Replies
0
Views
58
Ian LeGrow
I
A
Microsoft Security Exposure Management Graph: unveiling the power
Replies
0
Views
23
andreykarpovsky
A
S
BITLOCKER DATA RECOVERY
Replies
0
Views
13
Sohail-1967
S
Back
Top