Re: Brute Force
From: Jyothi Pai [MS] (jyothip@online.microsoft.com)
Date: 01/18/03
- Next message: Dejan Sarka: "Re: security"
- Previous message: Ron Talmage: "Re: Protecting Data files"
- In reply to: jimmers: "Re: Brute Force"
- Next in thread: Hal Berenson: "Re: Brute Force"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: jyothip@online.microsoft.com (Jyothi Pai [MS]) Date: Sat, 18 Jan 2003 06:59:05 GMT
Hi Mike,
Using Windows authentication is highly recommended for the following
Security reasons:
Windows Authentication has certain benefits over SQL Server Authentication,
primarily due to its integration with the Windows NT 4.0 and Windows 2000
security system. Windows NT 4.0 and Windows 2000 security provides more
features, such as secure validation and encryption of passwords, auditing,
password expiration, minimum password length, and account lockout after
multiple invalid login requests.
You could also look at using Microsoft Baseline Security Analyzer against
your SQL Server and make sure you are applying any Security patches and
keep your up-to-date with Security.
812920
Support Webcast: Microsoft Baseline Security Analyzer Version 1.1
http://support.microsoft.com/?id=812920
320454
Microsoft Baseline Security Analyzer (MBSA) Version 1.1 Is Available
http://support.microsoft.com/?id=320454
323467
Issues That Occur After You Implement the Microsoft Baseline Security
Analyzer Recommendations in SBS 2000
http://support.microsoft.com/?id=323467
HTH,
Regards,
Jyothi Pai
Microsoft Online Support Engineer
Get Secure! – www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "jimmers" <jimmers@yandex.ru>
| References: <#KYdyFivCHA.2640@TK2MSFTNGP11>
<uW3uh7ivCHA.2568@TK2MSFTNGP12>
| Subject: Re: Brute Force
| Date: Fri, 17 Jan 2003 17:00:55 +0300
| Lines: 28
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="koi8-r"
| Content-Transfer-Encoding: 7bit
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1106
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
| Message-ID: <#TY5TDjvCHA.2596@TK2MSFTNGP12>
| Newsgroups: microsoft.public.sqlserver.security
| NNTP-Posting-Host: ns.progate.spb.ru 195.144.239.51
| Path: cpmsftngxa09!TK2MSFTNGP08!TK2MSFTNGP12
| Xref: cpmsftngxa09 microsoft.public.sqlserver.security:10309
| X-Tomcat-NG: microsoft.public.sqlserver.security
|
| Hello,
|
| It is not easy for SQL account. If you use Windows Authentication, you may
| use OS built-in
| features like account lockout.
|
| Bye
| Martin Rakhmanoff
|
|
| "Mike" <m@m.com> wrote in message news:uW3uh7ivCHA.2568@TK2MSFTNGP12...
| > What I mean by brute force is continually trying to connect to the
server
| > with different passwords on the sa account.
| >
| > "Mike" <m@m.com> wrote in message news:#KYdyFivCHA.2640@TK2MSFTNGP11...
| > > Whats stopping people using simple brute force to gain access to your
| sql
| > > server? I know you can turn on logging to monitor this but what
methods
| > do
| > > people use to stop it?
| > >
| > > Thanks
| > > Mike
| > >
| > >
| >
| >
|
|
- Next message: Dejan Sarka: "Re: security"
- Previous message: Ron Talmage: "Re: Protecting Data files"
- In reply to: jimmers: "Re: Brute Force"
- Next in thread: Hal Berenson: "Re: Brute Force"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
