Re: sa loginname being hacked

• Previous message: Tom Moreau: "Re: BUILTIN\Administrators"
• In reply to: Rob R. Ainscough: "Re: sa loginname being hacked"
• Next in thread: Rob R. Ainscough: "Re: sa loginname being hacked"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 24 Oct 2005 17:26:07 +1000

Rob,

What do you suggest instead?

Renaming the "sa" account doesn't help, since people will just keep guess at
"sa" (thus consuming resources) or attempt to guess both the username and
the password (thus possibly compromising the database server).

As suggested before: VPN is a tried and trusted mechanism for making this
work (and it's not just in the SQL Server world, but anywhere where
disparate client systems need to communicate over a public network with a
remote backend service). VPNs have been around for years, and are used for
exactly the types of situations you have described (a client machine running
a client like Access or similar connecting to a backend DB Server). There's
a VPN client built into Windows (and most other OSes), and a VPN Server
(Routing and Remote Access Server) built into Windows Server.

An alternative is using Window Auth only.

Cheers
Ken

"Rob R. Ainscough" <robains@pacbell.net> wrote in message
news:%231fwXiD1FHA.2348@TK2MSFTNGP15.phx.gbl...
: Not sure I understand, DoS attack could happen to any door open to the
: public port 80 or port 1433 or whatever port is being used. IP Spoofing
is
: the real issue and you should know that as long as IP spoofing is a
reality,
: the sheer volume of hackers will persist from now til we finally get off
: TCP/IP and onto something truely secure and accountable.
:
: What your suggesting as better approach is based purely on Security -- I
: don't see how adding a layer in the data chain is going to help
performance?
: If the layer is added purely for the sake of security, then the flaws in
the
: design lay elsewhere (and I think we all know where). I don't buy into
the
: "build another layer" philosophy on any scale.
:
: I have client's with MS Access databases (they come and go and their IPs
: change regularly and VPN is not a possibility for my clients). I install
a
: service on their PC that gathers the MS Access data and communicates with
a
: SQL Server. I have anonymous web users that communicate with my web app
via
: a web server which in turn updates the same SQL Server which in turn is
: queried by my client's remote PCs to update their MS Access database. Why
: should I add another layer (web service) running on a web server? If your
: ONLY reason is security, then ask yourself why? My business logic is
: removed in my remote PC Windows Service and in the logic used by my web
: application -- I have real Windows applications (remote PC) running an
: interface to the MS Access data and I have Web Server applications running
: an interface to the data. My Windows Service running on remote PC's
bridges
: the MS Access and SQL Data (two way).
:
: I for one do want additional layers to manage and I don't want the
: performance hit either and certainly not in the name of security.
:
:
: "Joseph Bittman MVP MCSD" <RyanBittman@msn.com> wrote in message
: news:ujzVRQC1FHA.2312@TK2MSFTNGP14.phx.gbl...
: > October 18, 2005
: >
: > Sorry, Rob.... I have read over 1600+ pages of MSPress security and I
: > have never read anything to back up your claims. A SQL server should not
: > be exposed for requests from outside the network. Applications should be
: > designed to go through a web server (or web service) and then have the
web
: > server/service make a request to the SQL DB. Then it should return the
: > data to the client. I can't think of one well designed enterprise
: > application which would need to have SQL exposed to the outside. Also,
: > with requests continually hitting your server, there is a great
: > possibility for a DoS attach. Also it takes up a lot of network
bandwidth
: > which would never be acceptable on an enterprise level. I just can't
agree
: > with your opinion without further evidence from you to back up your
claim.
: > Have a great day!
: >
: > --
: > Joseph Bittman
: > Microsoft Certified Solution Developer
: > Microsoft Most Valuable Professional -- DPM
: >
: > Web Site: http://71.39.42.23/
: > Static IP
: > "Rob R. Ainscough" <robains@pacbell.net> wrote in message
: > news:uWEy8LC1FHA.2924@TK2MSFTNGP15.phx.gbl...
: >> Do realize how insane it sounds to say "SQL Servers should not be
: >> directly accessable from the outside world" -- cause when Microsoft
first
: >> developed SQL Server they said EXACTLY the opposite of what you just
: >> said.
: >>
: >> Come on guys/gals, we need real solutions not "you can't do this and
you
: >> have to jump thru this hoop".
: >>
: >> It is getting real frustrating seeing these standard responses -- so
why
: >> does SQL Server even respond to a port and public IP address? Why
build
: >> the functionality if one is NEVER supposed to use it to the big scary
: >> outside world -- hell may as well just do IPX/SPX.
: >>
: >> And please no more "and that's just the way it is"
: >>
: >>
: >> "Joseph Bittman MVP MCSD" <RyanBittman@msn.com> wrote in message
: >> news:u$AoTIA1FHA.3560@TK2MSFTNGP15.phx.gbl...
: >>> October 18, 2005
: >>>
: >>> lol I didn't set this thread to 'watch' so I lost it....
: >>>
: >>> How are they being allowed to hit the SQL server with requests? SQL
: >>> Servers should not be directly accessable from the outside world, and
: >>> should have a web server or some other server in place to receive the
: >>> requests first. I would block all traffic going to XXXXXX IP (your SQL
: >>> Server's IP) from the outside network, and then implement another
router
: >>> or somewhere which allows only traffic from XXX IP (your web servers).
: >>>
: >>> I don't believe you can change the sa account name, as toooooo many
: >>> programs rely on it as the 'default' name. Hope this helps!
: >>>
: >>> --
: >>> Joseph Bittman
: >>> Microsoft Certified Solution Developer
: >>> Microsoft Most Valuable Professional -- DPM
: >>>
: >>> Web Site: http://71.39.42.23/
: >>> Static IP
: >>> "Pipo" <Pipo@home.com> wrote in message
: >>> news:u7nI%23Bn0FHA.1132@TK2MSFTNGP10.phx.gbl...
: >>>> Yes, we did. We know one of their IPs and blocked it...
: >>>> But they are using now another IP (IPnumber 9 and 3 different domains
: >>>> also!!...:-<)
: >>>> It takes a lot of work every time blocking another IP of theirs....
: >>>> So the easy thing for us is to just simply(??) change the sa
loginname
: >>>> into something else.
: >>>> But I guess that's not possible??
: >>>> We cant change our Domain name or SQL server name also...!!
: >>>> Why cant I change the sa loginname???
: >>>>
: >>>> thanks for the help Joseph
: >>>>
: >>>> "Joseph Bittman MVP MCSD" <RyanBittman@msn.com> schreef in bericht
: >>>> news:ukgdT5m0FHA.2884@TK2MSFTNGP09.phx.gbl...
: >>>>> October 16, 2005
: >>>>>
: >>>>> Don't you have a router in place between the SQL Server and the
: >>>>> outside world? Can't you trace where the packets are coming from and
: >>>>> block that IP/Domain name?
: >>>>>
: >>>>> --
: >>>>> Joseph Bittman
: >>>>> Microsoft Certified Solution Developer
: >>>>> Microsoft Most Valuable Professional -- DPM
: >>>>>
: >>>>> Web Site: http://71.39.42.23/
: >>>>> Static IP
: >>>>> "Pipo" <Pipo@home.com> wrote in message
: >>>>> news:OAK3n%23l0FHA.560@TK2MSFTNGP12.phx.gbl...
: >>>>>> Hi,
: >>>>>>
: >>>>>> Is there a way to change the sa as loginname?
: >>>>>> At work we are getting haked by 'brut-force', every second we are
: >>>>>> beinbg attacked with sa and a password.
: >>>>>> It's a matter of time when the password will be hacked, so changing
: >>>>>> the password isnt a solution.
: >>>>>> If we also can change the sa loginname we will be better of.
: >>>>>> Or is there something else we can do to prevent the hackers to get
: >>>>>> our sa password?
: >>>>>>
: >>>>>> Many thanks
: >>>>>>
: >>>>>
: >>>>>
: >>>>
: >>>>
: >>>
: >>>
: >>
: >>
: >
: >
:
:

• Previous message: Tom Moreau: "Re: BUILTIN\Administrators"
• In reply to: Rob R. Ainscough: "Re: sa loginname being hacked"
• Next in thread: Rob R. Ainscough: "Re: sa loginname being hacked"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]