Return
-
Title
What kind of security do ChangeAuditor agents use to authenticate with SQL? -
Description
There is a concern of how ChangeAuditor agents authenticate with the SQL server.
-
Resolution
ChangeAuditor agents logon the account via impersonation and authenticate with the SQL server using Kerberos. Here are our recommendations to be as secure as possible.
1.) Use Windows Credentials instead of SQL Credentials. Windows credentials are never passed over the network to SQL.
2.) If you require using the SQL credentials (or if the SQL server is outside the forest, you would be required to use SQL credentials), you can enable SSL on the SQL server so the connection is fully encrypted, including the credentials. Here's a link to an article describing SSL for SQL: http://msdn.microsoft.com/en-us/library/ms189067.aspx