Re: Is there any way to prevent hacker trying to guess sa password?
From: Rob R. Ainscough (robains_at_pacbell.net)
Date: 10/12/05
- Next message: Dan Guzman: "Re: SQL injection after Replace("'", "''")?"
- Previous message: Ross Presser: "Re: Is there any way to prevent hacker trying to guess sa password?"
- In reply to: helmut woess: "Re: Is there any way to prevent hacker trying to guess sa password?"
- Next in thread: helmut woess: "Re: Is there any way to prevent hacker trying to guess sa password?"
- Reply: helmut woess: "Re: Is there any way to prevent hacker trying to guess sa password?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 11 Oct 2005 16:35:39 -0700
VPN can help but I found it caused more maintenance (in terms of network
quirks, slow boot problems, incompatibilities with some remote PCs and very
sensitive to any Windows updates) than it was worth.
I think the only other "secure" way is via XML/SSL and have an applicaiton
server level where the remote users communicate requests to the application
server which then has a local link to the SQL Server -- that way you can a
public web server talk to the application server and remote clients talk to
the application server and keep the SQL server relatively safe behind the
applicaiton server. Definitely NOT the easiest approach and certainly NOT
the fastest approach but pending the scale of you user base and/or
solution(s) it maybe more appropriate.
I know SQL 2005 is supposed to be much better but I'm not clear on the
upgrade path and from what I've heard migration and knowledgebase required
to keep a SQL 2005 server going is well beyond the capacity of a developer
who IS also the DBA by default cause nobody else is qualified and/or no
money to hire someone that is qualified.
Ross, sorry for the same questions -- perhaps I'm just in denial that the OS
(even Win2K3) and SQL 2000 (with all the various SPs) are still so
unintelligent about monitor and defending against your typical hackers.
Maybe I'm just frustrated that MS don't appear to progressing in this
area -- it seems security is getting overly complex when it should be
getting more secure and easier to implement -- but I'm not an IT guy so I'm
sure I'm missing something.
Rob.
"helmut woess" <hw@iis.at> wrote in message
news:fujelj4oe5c3.xb4xfpw7w2mh.dlg@40tude.net...
> Hi Rob,
>
> I have the same situation, till now all my clients uses a fixed ip address
> and my firewall is in stealth mode and talks only with privileged
> addresses, so i had no attack till now on my SQL-Server, but in my next
> project i have clients with dynamic addresses too.
> So i am very interested in this article and hope for some tips.
>
> In the moment i am trying to find out if VPN can help me.
> Yes, the VPN Server can be attacked too. And there is no shelter against
> DoS. But then this is handled (i hope very efficient) by the router and is
> not stressing the SQL-Server or the valid connections.
> The one and only really 100% save solution would be a leased circuit,
> because: no connect to outside = no attack from outside ;-)
> But this is to expensive for me.
>
> bye,
> Helmut
- Next message: Dan Guzman: "Re: SQL injection after Replace("'", "''")?"
- Previous message: Ross Presser: "Re: Is there any way to prevent hacker trying to guess sa password?"
- In reply to: helmut woess: "Re: Is there any way to prevent hacker trying to guess sa password?"
- Next in thread: helmut woess: "Re: Is there any way to prevent hacker trying to guess sa password?"
- Reply: helmut woess: "Re: Is there any way to prevent hacker trying to guess sa password?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
