Re: SQL Server 2005 - getting Bruteforced
- From: Andreas Kraus <ak@xxxxxxxxxxxxxxxx>
- Date: Fri, 07 Apr 2006 09:29:40 +0200
Big thanks to everyone!
David Browne wrote:
"Andreas Kraus" <ak@xxxxxxxxxxxxxxxx> wrote in message news:%23jVhnJWWGHA.4484@xxxxxxxxxxxxxxxxxxxxxxx.Hi and thanks for your reply.
The SQL Server is running on an Internet Server with ASP.NET v2 remotely. We are testing several Web Applications there with a Remote Team.
The ASP.NET Applications are using SQL Authentication instead of Windows Authentication. I wouldn't know how to create a Connection String based on Windows Authentication..
The SA Password is pretty strong but those attacks are really annoying.
Is it possible to restrict the SA Account to local connections only?
Here's an example ADO.NET connection string using integrated security.
Data Source=Your_Server_Name;Initial Catalog=Your_Database_Name;Integrated Security=SSPI;
Once you get that, turn of mixed authentication, or at least disable the SA login.
Also in Windows you can block access to IP interface from selected computers, or from all but selected computers. Also you can move SQL Server off of port 1433, and change your connection strings accordingly.
David
- References:
- SQL Server 2005 - getting Bruteforced
- From: Andreas Kraus
- Re: SQL Server 2005 - getting Bruteforced
- From: Uri Dimant
- Re: SQL Server 2005 - getting Bruteforced
- From: Andreas Kraus
- Re: SQL Server 2005 - getting Bruteforced
- From: David Browne
- SQL Server 2005 - getting Bruteforced
- Prev by Date: Re: Schema Sharing
- Next by Date: Re: Datalink error for integrated login. "Can not generate SSPI Conte
- Previous by thread: Re: SQL Server 2005 - getting Bruteforced
- Next by thread: Re: SQL Server 2005 - getting Bruteforced
- Index(es):
Relevant Pages
|
