I have good reason to believe that a hacker in my company hacked windows

vista ultimate and changed the security settings of my USB hard drive. I have

been working flawlessly for over 2 month with my USB hard drive. After

receiving a threat from a hacker, I was no longer able to move files on my

USB hard drive and my Visual Studio Key of my VB project stopped working.

 

 

Is there a way for a VB.Net client to SQL Server 2005 to authenticate itself

to SQL Server using a certificate, thereby garanteeing that only that

application can connect to SQL Server 2005?

 

 

I need to protect my Windows Vista Ultimate server & SQL Server 2005 from

hackers. What can I do? Does microsoft offer any products or services to

protect me from what just happened or other hacking threats. Are there any

newsgroups or other resources free or NOT free that I investigate to protect

myself.

If you believe that someone within your own company hacked you I would

certainly take this up with the IT department. Or was it the IT department

that has imposed constraints that prohibit using USB devices on their

company computers? It *IS* a valid security consideration.

 

--

 

 

Regards,

 

Richard Urban

Microsoft MVP Windows Shell/User

(For email, remove the obvious from my address)

 

 

 

"Sacha Vieux-Roy" <SachaVieuxRoy@discussions.microsoft.com> wrote in message

news:DAC20C83-F9D1-4E6A-87F9-9BB879660C24@microsoft.com...

>I have good reason to believe that a hacker in my company hacked windows

> vista ultimate and changed the security settings of my USB hard drive. I

> have

> been working flawlessly for over 2 month with my USB hard drive. After

> receiving a threat from a hacker, I was no longer able to move files on my

> USB hard drive and my Visual Studio Key of my VB project stopped working.

>

>

> Is there a way for a VB.Net client to SQL Server 2005 to authenticate

> itself

> to SQL Server using a certificate, thereby garanteeing that only that

> application can connect to SQL Server 2005?

>

>

> I need to protect my Windows Vista Ultimate server & SQL Server 2005 from

> hackers. What can I do? Does microsoft offer any products or services to

> protect me from what just happened or other hacking threats. Are there any

> newsgroups or other resources free or NOT free that I investigate to

> protect

> myself.

>

Add to what richard indicated, if you have domain wide or workgroup wide

admin capapbility, create an OU on the Server for VB.net Users and SQL apps

user, limit the number of access ( only to those ) deligate policy to those

applications to be only accessed by the SQL and VB users, regulate a 72 hrs

change password policy for everyone in that workgroup if you have an upcoming

sensitive project to prevent hacking magnet dev. project and by the way have

the usb access be implemented only with user roaming profiles logged in not

within hardware profile.

 

For a possibility of a hacker locking down access to resources would be

good, and please dont ever leave your system or server consoles open ( ever

).

 

review the policy logs changes from the time you knew the system is still

working

2days to the date that you verified you notice a change in hardware access,

hope you have a full implemented Active Directory for this scenario.

 

( i believe you are with the development group, coordinate with the newwork

admin to have this in your system )

 

--

Milo

MSPSS

 

 

"Sacha Vieux-Roy" wrote:

> I have good reason to believe that a hacker in my company hacked windows

> vista ultimate and changed the security settings of my USB hard drive. I have

> been working flawlessly for over 2 month with my USB hard drive. After

> receiving a threat from a hacker, I was no longer able to move files on my

> USB hard drive and my Visual Studio Key of my VB project stopped working.

>

>

> Is there a way for a VB.Net client to SQL Server 2005 to authenticate itself

> to SQL Server using a certificate, thereby garanteeing that only that

> application can connect to SQL Server 2005?

>

>

> I need to protect my Windows Vista Ultimate server & SQL Server 2005 from

> hackers. What can I do? Does microsoft offer any products or services to

> protect me from what just happened or other hacking threats. Are there any

> newsgroups or other resources free or NOT free that I investigate to protect

> myself.

>

G'day:

 

"Richard Urban" <richardurbanREMOVETHIS@hotmail.com> wrote in message

news:%23mW6iC9vHHA.4464@TK2MSFTNGP02.phx.gbl...

> If you believe that someone within your own company hacked you I would

> certainly take this up with the IT department.

 

I suggest internal investigations or information security departments (if

exist) instead.

Following the incident through can be very frustrating experience....

 

--

Svyatoslav Pidgorny, MS MVP - Security, MCSE

-= F1 is the key =-

 

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

Two issues there: workstation security and server security.

 

Workstation: use Bitlocker! And do the firewall-updates-antivirus-malware

scanner routine on top of that.

Server: lock it down, enable auditing with alerting.

 

SQL server doesn't natively support certificate authentication. HOWEVER you

can use a SSL wrapper (like Stunnel - http://www.stunnel.org) to facilitate that. A

big problem is that you'll need a hardware storage for client certs (like

TPM) in top security scenarios, open source solutions aren't quite good with

that but a wrapper is easy to write if needed.

 

And btw - image your USB drive and store in safe location regularly. It's a

backup as well as potential evidence.

 

--

Svyatoslav Pidgorny, MS MVP - Security, MCSE

-= F1 is the key =-

 

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

 

"Sacha Vieux-Roy" <SachaVieuxRoy@discussions.microsoft.com> wrote in message

news:DAC20C83-F9D1-4E6A-87F9-9BB879660C24@microsoft.com...

>I have good reason to believe that a hacker in my company hacked windows

> vista ultimate and changed the security settings of my USB hard drive. I

> have

> been working flawlessly for over 2 month with my USB hard drive. After

> receiving a threat from a hacker, I was no longer able to move files on my

> USB hard drive and my Visual Studio Key of my VB project stopped working.

>

>

> Is there a way for a VB.Net client to SQL Server 2005 to authenticate

> itself

> to SQL Server using a certificate, thereby garanteeing that only that

> application can connect to SQL Server 2005?

>

>

> I need to protect my Windows Vista Ultimate server & SQL Server 2005 from

> hackers. What can I do? Does microsoft offer any products or services to

> protect me from what just happened or other hacking threats. Are there any

> newsgroups or other resources free or NOT free that I investigate to

> protect

> myself.

>