I have a few servers which backup to a Data Domain. This is accessible via a UNC path, i.e. \\datadomain\SqlBackups\ and all that seems to be done is we give the SQL Server access to the data server via Firewall rules, and we give SQL DB Service Account full access to the SqlBackups folder.
The server is configured to map the Y:\ drive to this location so backups go to Y:\<InstanceName>\<DatabaseName>.
This works until something happens with the drive mapping. For example, sometimes on reboot the mapping is lost so backups fail.
I just want to backup to the UNC path which I've tested and it works without fault. However I'm told there are security implications for this, something about making the UNC path visible to potential hackers… which doesn't make sense to me as you can just easily find out where a mapped drive points to.
Can anybody shed any light on this from a SQL Server / Windows Server Security point of view? What's so bad about backing up the UNC path?
Best Answer
We have a lot of SQL Server VMs and we've found it best to backup database to a centralized location via a Windows share and keeping our VMs slim. However, we've been backing up to the administrative Windows $ shares--which I have yet to see any administrator turn off -- though it can be done.
As for your question: usually you map a drive only for convenience sake because you want to or provides and expected benefit, but you still have to map it to a UNC name. The network packets to and from the mapped drive are still going to contain UNC information. That information doesn't get obfuscated because you mapped it to a drive letter. Actually systems that have mapped drives have been more vulnerable to trojans like Cryptolocker!
If there are legitimate data hacking concerns, just turn on backup encryption--knowing it will add some CPU cycles to the mix(and the new task of acquiring, managing, and maintaining certificates). Our network is fairly secure so we are not currently encrypting our backups--but that day is probably coming sooner rather than later. Additionally, it sounds like the questions need to be re-directed to the owners and creators of the data domain, since that's where the share resides and most of the risk exists (not to mention the UNC share name).
If the powers that be are wondering about a UNC hack, I'd have start asking questions like:
1.> "is our network in danger of being hacked or have we been hacked already? What's your confidence level for this scenario?"
2.> "are server backups currently being encrypted?"
3.> "have Windows admin/$ UNC shares turned off?"
4.> "are certificates readily available for encryption -- should we go that route?"
5.> "do we even have a corporate certificate policy we can rely on in order to acquire certificates from a reliable source?"
6.> and my personal favorite, "do I need to air gap my SQL Server?"