What security options should you be using for linked servers?

Published On: 2014-08-06By:

When setting up linked servers, what security settings do you typically setup for that question at the bottom of the window?
linked_server

As you can see from the screenshot there are four options. Two of them are good options, two of them are bad options. Do you know which ones are which?

The Bad Options
The two bad options to choose are the second (Be made without using a security context) and fourth options (Be made using this security context). These both have different problems, but for the most part they are just bad.

When you select the without a security context the SQL Server attempts to connect to the remote database using anonymous authentication. If the remote server is setup to allow anonymous authentication then the user is able to log into that system and run queries against the remote database, possibly even dropping objects or changing data that shouldn’t be changed. All without any possible auditing on the remote machine.

When you select using this security context anyone who comes into the SQL Server can access the remote server using whatever account is specified. So if the account which you list has admin rights then everyone on your SQL Server has admin rights on the remote server, which is bad.

The Good Options
The much better options are to use the first option (Not be made) or the third option (Be made using the login’s current security context). These are much more secure because they either don’t allow access through the linked server, or they require that the users login has access to the remote server. Either way, these are much more secure options than the two listed above.

Now there are cases when you need to use one of the two options listed above as the bad options. For example if you need to access a Microsoft Access database, or an Excel sheet, etc. But these are the exception not the rule.

Denny


Contact the Author | Contact DCAC

Video

Globally Recognized Expertise

As Microsoft MVP’s and Partners as well as VMware experts, we are summoned by companies all over the world to fine-tune and problem-solve the most difficult architecture, infrastructure and network challenges.

And sometimes we’re asked to share what we did, at events like Microsoft’s PASS Summit 2015.

Awards & Certifications

Microsoft Partner    Microsoft MVP    Microsoft Certified Master    VMWare Partner    VMWare vExpert
   Best Full-Service Cloud Technology Consulting Company    Insights Sccess Award    Technology Headlines Award    Golden Bridge Gold Award    CIO Review Top 20 Azure Solutions Providers
Share via
Copy link