- My Forums
- Tiger Rant
- LSU Recruiting
- SEC Rant
- Saints Talk
- Pelicans Talk
- More Sports Board
- Fantasy Sports
- Golf Board
- Soccer Board
- O-T Lounge
- Tech Board
- Home/Garden Board
- Outdoor Board
- Health/Fitness Board
- Movie/TV Board
- Book Board
- Music Board
- Political Talk
- Money Talk
- Fark Board
- Gaming Board
- Travel Board
- Food/Drink Board
- Ticket Exchange
- TD Help Board
Customize My Forums- View All Forums
- Show Left Links
- Topic Sort Options
- Trending Topics
- Recent Topics
- Active Topics
Started By
Message
re: Microsoft SQL Database Management Program found on Dominion... Non-Authorized software
Posted on 5/10/21 at 3:23 pm to cwill
Posted on 5/10/21 at 3:23 pm to cwill
quote:
If you google "Microsoft SQL Dominion" you find that information provided to the TX SOS and the CO SOS list MS SQL as a standard component.
CO SOS
TX SOS
Also listed as a component in the US Election Assistance Commission's Certificate of Conformance: LINK
So what's going on?
A SQL Server existing as the primary data repository wouldn't be surprising. The existence of the Management toolset is almost assuredly a violation of the security requirements of the secure environment. The existence of the management tools on a separate machine is would not only be a violation of the security protocol, but also extremely suspicious.
Posted on 5/10/21 at 3:26 pm to moneyg
quote:
The existence of the Management toolset is almost assuredly a violation of the security requirements of the secure environment.
Do you have information that the "Management toolset" was found?
Posted on 5/10/21 at 3:27 pm to moneyg
quote:
A SQL Server existing as the primary data repository wouldn't be surprising. The existence of the Management toolset is almost assuredly a violation of the security requirements of the secure environment. The existence of the management tools on a separate machine is would not only be a violation of the security protocol, but also extremely suspicious.
Yep. And not on the list in Cwill's link either. There is a reason for that too.
Posted on 5/10/21 at 3:28 pm to moneyg
quote:
A SQL Server existing as the primary data repository wouldn't be surprising. The existence of the Management toolset is almost assuredly a violation of the security requirements of the secure environment. The existence of the management tools on a separate machine is would not only be a violation of the security protocol, but also extremely suspicious.
OK so now we are talking SSMS...I can buy that there are many servers where SSMS isn't allowed. However, that is called out in the requirements specifically because if not it usually gets installed.
I don't see it specifically called not to install it as a part of MS SQL Server in the docs, but maybe it was a part of the deal. That could be something to look at.
Regardless I think the point here is was the server networked...if not good....if so we have a problem regardless of what software was installed on the machine.
Posted on 5/10/21 at 3:30 pm to moneyg
quote:
The existence of the management tools on a separate machine is would not only be a violation of the security protocol, but also extremely suspicious.
Absolutely. By itself this could be written off as a non issue. The DoD has routine security inspections and tiny settings are scrutinized let alone entire, unnecessary software suites. Either way this, as any unneeded/additional software, is a security vulnerability. That, in itself could be malicious or just an oversight (however it sheds doubt on the entire security audit I would assume these go through before they are deployed). The strange thing is SQL isn't "dig dug" for 2 reasons. It's not free, unlicensed software. And it wasn't installed by a bored admin who forgot to remove it. Both points indicate a reason. What was the reason?
This post was edited on 5/10/21 at 3:57 pm
Back to top
Follow TigerDroppings for LSU Football News