Re: sa loginname being hacked
From: Joseph Bittman MVP MCSD (RyanBittman_at_msn.com)
Date: 10/18/05
- Previous message: Rob R. Ainscough: "Re: sa loginname being hacked"
- In reply to: Rob R. Ainscough: "Re: sa loginname being hacked"
- Next in thread: Rob R. Ainscough: "Re: sa loginname being hacked"
- Reply: Rob R. Ainscough: "Re: sa loginname being hacked"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 18 Oct 2005 13:39:39 -0700
October 18, 2005
Sorry, Rob.... I have read over 1600+ pages of MSPress security and I
have never read anything to back up your claims. A SQL server should not be
exposed for requests from outside the network. Applications should be
designed to go through a web server (or web service) and then have the web
server/service make a request to the SQL DB. Then it should return the data
to the client. I can't think of one well designed enterprise application
which would need to have SQL exposed to the outside. Also, with requests
continually hitting your server, there is a great possibility for a DoS
attach. Also it takes up a lot of network bandwidth which would never be
acceptable on an enterprise level. I just can't agree with your opinion
without further evidence from you to back up your claim. Have a great day!
--
Joseph Bittman
Microsoft Certified Solution Developer
Microsoft Most Valuable Professional -- DPM
Web Site: http://71.39.42.23/
Static IP
"Rob R. Ainscough" <robains@pacbell.net> wrote in message
news:uWEy8LC1FHA.2924@TK2MSFTNGP15.phx.gbl...
> Do realize how insane it sounds to say "SQL Servers should not be directly
> accessable from the outside world" -- cause when Microsoft first developed
> SQL Server they said EXACTLY the opposite of what you just said.
>
> Come on guys/gals, we need real solutions not "you can't do this and you
> have to jump thru this hoop".
>
> It is getting real frustrating seeing these standard responses -- so why
> does SQL Server even respond to a port and public IP address? Why build
> the functionality if one is NEVER supposed to use it to the big scary
> outside world -- hell may as well just do IPX/SPX.
>
> And please no more "and that's just the way it is"
>
>
> "Joseph Bittman MVP MCSD" <RyanBittman@msn.com> wrote in message
> news:u$AoTIA1FHA.3560@TK2MSFTNGP15.phx.gbl...
>> October 18, 2005
>>
>> lol I didn't set this thread to 'watch' so I lost it....
>>
>> How are they being allowed to hit the SQL server with requests? SQL
>> Servers should not be directly accessable from the outside world, and
>> should have a web server or some other server in place to receive the
>> requests first. I would block all traffic going to XXXXXX IP (your SQL
>> Server's IP) from the outside network, and then implement another router
>> or somewhere which allows only traffic from XXX IP (your web servers).
>>
>> I don't believe you can change the sa account name, as toooooo many
>> programs rely on it as the 'default' name. Hope this helps!
>>
>> --
>> Joseph Bittman
>> Microsoft Certified Solution Developer
>> Microsoft Most Valuable Professional -- DPM
>>
>> Web Site: http://71.39.42.23/
>> Static IP
>> "Pipo" <Pipo@home.com> wrote in message
>> news:u7nI%23Bn0FHA.1132@TK2MSFTNGP10.phx.gbl...
>>> Yes, we did. We know one of their IPs and blocked it...
>>> But they are using now another IP (IPnumber 9 and 3 different domains
>>> also!!...:-<)
>>> It takes a lot of work every time blocking another IP of theirs....
>>> So the easy thing for us is to just simply(??) change the sa loginname
>>> into something else.
>>> But I guess that's not possible??
>>> We cant change our Domain name or SQL server name also...!!
>>> Why cant I change the sa loginname???
>>>
>>> thanks for the help Joseph
>>>
>>> "Joseph Bittman MVP MCSD" <RyanBittman@msn.com> schreef in bericht
>>> news:ukgdT5m0FHA.2884@TK2MSFTNGP09.phx.gbl...
>>>> October 16, 2005
>>>>
>>>> Don't you have a router in place between the SQL Server and the
>>>> outside world? Can't you trace where the packets are coming from and
>>>> block that IP/Domain name?
>>>>
>>>> --
>>>> Joseph Bittman
>>>> Microsoft Certified Solution Developer
>>>> Microsoft Most Valuable Professional -- DPM
>>>>
>>>> Web Site: http://71.39.42.23/
>>>> Static IP
>>>> "Pipo" <Pipo@home.com> wrote in message
>>>> news:OAK3n%23l0FHA.560@TK2MSFTNGP12.phx.gbl...
>>>>> Hi,
>>>>>
>>>>> Is there a way to change the sa as loginname?
>>>>> At work we are getting haked by 'brut-force', every second we are
>>>>> beinbg attacked with sa and a password.
>>>>> It's a matter of time when the password will be hacked, so changing
>>>>> the password isnt a solution.
>>>>> If we also can change the sa loginname we will be better of.
>>>>> Or is there something else we can do to prevent the hackers to get our
>>>>> sa password?
>>>>>
>>>>> Many thanks
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
- Previous message: Rob R. Ainscough: "Re: sa loginname being hacked"
- In reply to: Rob R. Ainscough: "Re: sa loginname being hacked"
- Next in thread: Rob R. Ainscough: "Re: sa loginname being hacked"
- Reply: Rob R. Ainscough: "Re: sa loginname being hacked"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
