Securing the Databases used by RMS

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

RMS creates and uses three databases, which have varying security requirements, as follows:

  • Directory services. This database caches the results of Active Directory group membership queries. Because it contains only Active Directory information, it requires no additional security except that which is automatically configured during RMS provisioning.

  • Logging. The information that is in this database is more sensitive than that which is in the directory services database because its disclosure could affect user privacy. Microsoft has put forth extra effort to ensure that no personally identifiable information (PII) is logged, and that all information that is logged to this database is protected with the appropriate security measures. No additional security modifications of this database are needed, unless the database is moved to another computer running SQL Server. If the database is moved to another server, you should ensure that the same protection mechanisms are applied to the new environment.

  • Configuration. This database is the most important and valuable resource in your RMS deployment, aside from the server private keys. It contains sensitive and crucial information that must be carefully protected. It contains all certificates and keys, the encrypted server private key (unless you used the recommended hardware encryption), and the private key password hash, in addition to configuration information.

When RMS creates the configuration database, it sets permissions that restrict access and help ensure the security of your database.

Increasing Database Security

You can use the following additional steps to increase the overall security of the databases that are within your network and server environment:

  • Run the database server on a computer that is running Windows Server 2003. This operating system is more secure, by default, than Windows 2000 Server. Although you can lock down a Windows 2000 Server–based computer, it can be a time-consuming process, and you can make mistakes that could give malicious users an opening to gain access to your database.

  • Restrict physical access to the database server.

  • Make sure that the database permissions and DACLs that are on database files restrict access to authorized personnel. The default permissions and DACLs that are configured by RMS are secure. Use caution when you change any of the default settings.

  • Do not run any unnecessary services on the database server, such as Microsoft Internet Information Services (IIS), Message Queuing, or Terminal Services.

  • Do not run any databases on the database server except for the RMS databases.

Secure SQL Server databases by configuring either SSL or Internet Protocol security (IPsec) to provide encrypted channels. Encrypting database communications helps prevent malicious users from capturing or modifying logged data.

For more information about configuring SSL for SQL Server, see the MSDN Web site (https://go.microsoft.com/fwlink/?LinkID=17060).

For more information about configuring IPsec for SQL Server 2000, see the MSDN Web site (https://go.microsoft.com/fwlink/?LinkID=17061).

For more information about securing the Microsoft Windows Server 2003 family of operating systems, obtain the "Windows Server 2003 Security Guide" from the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=36719).