Server security

[ice44]

Hello

We have a SQL database with a web front end so that our Techs can login and out ( time clock ). but one of them has found a way to go into the dBase and delete an entry.

How can I track this by IP ?

 

[sectorboot]

Is this lan or wan ?

 

[ice44]

This is on a LAN....and I have IIS reporting enabled but its not giving me the info that I need.

What we have is a Web-based time clock that our Techs clock in and out on..this way management can track who is in and what time we go to lunch and for how long....the backend is a SQL database

one of the Techs is somehow getting in and deleting their entries for lunch when they take long lunches.

So what we want to do is track its by Username ( NT auth ) or by IP address since all the Techs are on Static IP's

 

[lhuegele]

You need to lock down the permissions in the SQL database to prevent this sort of thing. It sounds to me like the security of your database has been compromised. You need to have a database administrator help you with this. You might also want to post your problem in the SQL forum instead of this forum. You should be able to turn auditing on at the database level. You'll also want to audit each and ever user account within the database to make sure that only current employees are still active in the database itself. If you don't have a process for deactivating users within the database when they leave the company, you've left yourself wide open to possible security issues right there. All it takes is one compromised user account within the SQL database itself for you to be in big trouble.

Good luck,

 

[ice44]

Thanks for all the help. I was able to look at a log file last night and find what user and what time the entry was truncated in the dBase. Auditing was turned on and pointed to the person we thought was doing this.

Now its time to yank the PC off the floor and ghost the drive while they are being spoken to in HR

thanks for all the help