question

Arcanas avatar image
Arcanas asked

Management Studio in Production, yay or nay?

Good day everyone. First time posting, so be gentle :) I've been asked to look at removing SSMS from my production servers, as an audit action item. The concern is that the auditors do not want any development tools available in production, with SSMS being one of the examples they gave. I've gone back and forth on whether I want to actually do this or not. On one hand, SSMS is important if the server goes to hell, it gives me a tool on the box to work with to do restores, or poke around in the server if things are crashing. It's a security blanket for when Very Bad Things happen. On the other hand...physical access to the server means that anyone with a bit of knowledge can give themselves SA access to the server using SSMS (I'm not going to outline how, that would be crazy, but it can be done). I realize physical access is usually game over anyway, but keeping someone out of SSMS would at least ensure that transparent data encryption cannot be turned off, and the attacker would still have to deal with encrypted data files and backups. I'm thinking that, if I have the servers set up with remote access to the DAC, I should be OK to remove it. But what are the risks at that point? What I'm wondering is what other production DBAs have done with this. Is it a bigger risk to remove SSMS from production, or to leave it there? Thanks!
dbamanagement-studiomanagement studio
10 |1200 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

· Write an Answer
Tim avatar image
Tim answered
I supported the SQL infrastructure for a very large bank in the US. We kept SSMS on all production servers. It is an admin tool, not a development tool. BIDS and SQL Server Data Tools is a development tool. Yes you could remove it and enable remote DAC, but why put yourself at risk. The same users who you would be preventing from using SSMS would still have the ability to get around SSMS not being on the server. Honestly to me it sounds like a wasted effort and an auditor that is over zealous. It just seems like a big wasted effort. If your servers are properly behind firewalls and locked down it is a moot point.
2 comments
10 |1200 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Good, even if someone comes down hard, I would ask for evidence that it poses a security risk. Name something I could do with SSMS that I couldn't otherwise do with SQLCMD or powershell. Just saying :)
1 Like 1 ·
Thanks Tim. I'm leaning the same way, it is an admin tool. I had thought this would be a bit of a philosophical debate, but I can't seem to find any info at all about folks taking SSMS off of production servers. So unless someone comes down hard, I'll push for leaving it in place.
0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.