The Danger of Management Access

Posted on July 21, 2021 by way0utwest

First we had the Solarwinds hack, and now we have a Kaseya ransomware epidemic. It seems the criminals are moving up the stack. We used to see physical attacks on tapes and keyboards, then we saw OS level attacks. Now we seem to be getting to the management layer for software that is used to help us run systems at scale. Since we often require some level of privileged access for monitoring and management systems, this is scary. I certainly wish that we didn’t require admin access for monitoring, but unfortunately platforms sometimes do.

Many of us depend on some standardization and some sort of software to ensure we can manage systems at scale. I don’t know about the OS world, but in the SQL Server world, there are relatively few vendors that provide software for managing systems. If one of these were compromised in some way, this could be very bad for many database administrators. Fortunately, many of us know how to air gap backups and ensure that we are prepared for disasters.

Or we should. If you don’t know how to do this, you ought to be learning right away. Review backup plans, ensure you can rebuild systems, test restores, and brush up all your recovery skills. Be ready for whatever a criminal might throw at you, including having gotten ransomware into some of your backups.

This attack seems to have taken advantage of a zero day, or very early, vulnerability that was discovered by a Dutch security research firm. The firm looks into management software, especially admin interfaces, specifically because they are worried about the lack of security in many products. In this case, Kaseya builds tools that allow admins to distribute software to other systems on the network. In this case, criminals used the management software to distribute ransomware.

The updates from the Kaseya are less than stellar, and if I were a customer, I’d be rather upset. They seem to keep setting unrealistic plans to restore service and then constantly revise them across a few days, all the while with customers that are likely stressed and overworked. I’d also be upset in that they claim only a few of their thousands of customers are affected, but they neglect to admit that some of those customers affected as Managed Service Providers, who themselves have thousands of customers using this software.

There are some technical  details in this piece, in case you want to check your own systems. If you think you have multiple pieces of software that might protect you, read the article. This deployment shuts off some other products, like Microsoft Defender.

I feel bad for many people here. IT staff at affected companies that have likely been incredibly stressed and overworked recently. The consumers of some affected customers, like those that might shop in the Swedish grocer, Coop, who shut down more than 400 stores. I don’t know the state of grocery shopping in Sweden, but this might dramatically impact many people that just want to buy food for their families.

Ransomware continues to surprise and worry me. Large profile hacks keep coming, affecting lots of people. Often these are because of previously undiscovered software vulnerabilities or simple mistakes made by privileged users. I hope that at some point insurers and governments start to put more pressure on companies that make widely used software to ensure they are adhering to best practices and have detailed security practices in place to ensure their code is constantly checked for issues, and that they have detailed plans for responding to and patching customers when there are issues. Because, they likely will have an issue at some point.

Steve Jones

Listen to the podcast at Libsyn, Stitcher, Spotify, or iTunes

Posted in Editorial | Tagged | Comments Off on The Danger of Management Access

Daily Coping 21 Jul 2021

Posted on July 21, 2021 by way0utwest

I started to add a daily coping tip to the SQLServerCentral newsletter and to the Community Circle, which is helping me deal with the issues in the world. I’m adding my responses for each day here. All my coping tips are under this tag. 

Today’s tip is to pick one of your strengths and use it this week.

The easy joke is that I used my pectorals and did some weightlifting. However, this week I picked a different strength. This week I used: people pleasing and support.

My wife had a dressage competition this week. We ended up driving to a show and living in a camper for a few days, during some of which I worked. A show is stressful, both for her and the horse, and they have a schedule they’re trying to stick to. It was also hot, and limited amenities around.

Instead of trying to maintain my schedule, find time to work out, etc., I decided to be completely supportive and help my wife with her schedule. I didn’t worry about my workouts, I moved my work around her competition times, and I was ready to jump in and tackle tasks she asked for or needed, subordinating what I wanted to thought I could get done.

That’s a little stressful, as I try to still work, but I let many things go, relaxed where I could, and made the show the priority.

It worked out well, and now I’m back into a normal schedule for me, hitting the gym and worrying about my own chores. She’s happy, too. She qualified for a season ending show, and felt the trip was a success.

Posted in Blog | Tagged , , | Comments Off on Daily Coping 21 Jul 2021

Daily Coping 20 Jul 2021

Posted on July 20, 2021 by way0utwest

I started to add a daily coping tip to the SQLServerCentral newsletter and to the Community Circle, which is helping me deal with the issues in the world. I’m adding my responses for each day here. All my coping tips are under this tag. 

Today’s tip is to pick an achievable goal for the week and make progress.

I actually did this last week. I have had a lot of things on my list of things to do this year, and sometimes I get a little paralyzed by the length of the list. There are also some larger projects that I find myself putting off because I keep thinking “I’ll take a day” or “Take a weekend” to do this.

The reality is that I never will likely get a large block of uninterrupted time, when I feel ready to tackle things.

I got up, had some breakfast, and then went outside recently. There were a few other things I could do, but I started with a chainsaw and chopping down some juniper bushes in our front yard. My wife has been asking to do this, and I keep delaying rather than getting started.

20210703_122540

I got one out, taking a few breaks as I tried to cut down the tangled limbs and drag them to a nearby gully. My breaks were on the lawnmower, mostly because I needed to get that done as well.

The next day I went out and tackled a second one. I managed to get down to two stumps.

20210704_144805

I took a few days off, but then spent about an hour one night working on the third one. I didn’t get it out, but I made more progress.

20210711_202929

Baby steps were helpful to me moving forward.

Posted in Blog | Tagged , , | 2 Comments

Exporting Lists in SQL Multi Script

Posted on July 19, 2021 by way0utwest

SQL Multi Script is a lesser known tool from Redgate Software that is designed to easily allow you to run scripts against many server instances with one click of a button. It’s similar to a Central Management Server, but it returns results a little cleaner, and has a few extra features that make things run better. I have a number of customers using this to deploy to many instances, both for database changes and instance config updates.

Recently a customer wanted to share their distribution list with another person on their team. They asked how to do this, and it turns out to be very simple.

We’ve built import and export into the tool. I’ll look at how you can do this.

First, open SQL Multi Script and then pick the tools menu. Here you will see the export and import items, as shown below.

2021-07-13 11_13_32-SQL Multi Script - New Project_

If I pick export, I get a dialog that shows the distribution lists I’ve created.

2021-07-13 11_13_25-Export Distribution Lists

I can pick all, one, or a group of them. Note that all of these are exported into a single file, which is useful if I can want to share all my lists with a colleague.

Once I click “Export” I have to choose a file name and location from a standard Windows Explorer dialog. I always think about how I’d sort these in a large list, so I like to pick something that will make sense in a month. In this case, the app and then the list..

2021-07-13 11_14_09-Save As

Once I click OK, the file is created, and I can see it in the file system. Here I’ll open it in Sublime Text to see what it looks like.

2021-07-13 11_14_28-Documents

The file is XML, which isn’t ideal, but it it easy to read. I have my XML file below, with all instances using Windows Authentication. If I had used SQL Auth somewhere, this would end up with an encrypted password, which I assume SQL Multi Script can import and decrypt. Here is my file:

<?xml version="1.0" encoding="utf-16" standalone="yes"?>

<!--

SQL Multi Script

SQL Multi Script

Version:1.5.4.1390-->

<databaseListsFile version="1" type="databaseListsFile">
   <databaseLists type="List_databaseList" version="1">
     <value version="2" type="databaseList">
       <name>MixedAuthList</name>
       <databases type="BindingList_database" version="1">
         <value version="6" type="database">
           <name>AdventofCode</name>
           <server>(local)</server>
           <integratedSecurity>True</integratedSecurity>
           <connectionTimeout>15</connectionTimeout>
           <protocol>-1</protocol>
           <packetSize>4096</packetSize>
           <encrypted>False</encrypted>
           <selected>True</selected>
           <cserver>ARISTOTLE</cserver>
           <readonly>False</readonly>
         </value>
         <value version="6" type="database">
           <name>dlm_3_qa</name>
           <server>LOCALHOST</server>
           <integratedSecurity>False</integratedSecurity>
           <username>Joe_Admin</username>
           <savePassword>True</savePassword>
           <password encrypted="1">25eJUgEGChcaG13SEpATBg==</password>
           <connectionTimeout>15</connectionTimeout>
           <protocol>-1</protocol>
           <packetSize>4096</packetSize>
           <encrypted>False</encrypted>
           <selected>True</selected>
           <cserver>ARISTOTLE</cserver>
           <readonly>False</readonly>
         </value>
         <value version="6" type="database">
           <name>dlm_2_integration</name>
           <server>LOCALHOST</server>
           <integratedSecurity>False</integratedSecurity>
           <username>Joe_Admin</username>
           <savePassword>True</savePassword>
           <password encrypted="1">25eJUgEGChcaG13SEpATBg==</password>
           <connectionTimeout>15</connectionTimeout>
           <protocol>-1</protocol>
           <packetSize>4096</packetSize>
           <encrypted>False</encrypted>
           <selected>True</selected>
           <cserver>ARISTOTLE</cserver>
           <readonly>False</readonly>
         </value>
       </databases>
       <guid>4e255407-343c-4b88-a54a-4e981ad2beac</guid>
     </value>
   </databaseLists>

</databaseListsFile>

This is a useful feature for sharing lists in a team. It’s a little clunky, but it works well.

If you’ve never given this a try, download SQL Multi Script today, or get the Toolbelt and give it an eval. You might find it’s quite handy.

Posted in Blog | Tagged , , | Comments Off on Exporting Lists in SQL Multi Script