Solved

ISA logging to MSDE security

Posted on 2006-10-21
5
270 Views
Last Modified: 2013-11-16
I've been scouring the internet for an answer to this question but can't seem to find one, so I hope someone here can help. I have an ISA 2004 installation logging to a MSDE DB. This DB has 3 security accounts associated with it, BuiltIn\Administrators, NT Authoriy\Network Service and SA. I use MOM 2005 on my network and noticed an event stating that one of these accounts has a NULL or weak password. My guess is that it is talking about the SA account.

I do not remember what the password was for the SA account but my guess is that it is NULL by default and that ISA is using it for logging. I may be wrong but it's my best educated guess due to the fact that SQL liked using blank SA passwords by default and I'm usually very good about recording passwords and I can't believe I missed this one.

If I change the SA password to something complex, how do I configure ISA to use it? Does ISA 2004 even use the SA account? Could it be disabled safely?
0
Comment
Question by:mascoloj
  • 4
5 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 17782945
By default ISA has its own mechanisms when using msde and built-in controls stop the ISA msde databse being contacted from anywhere except from the isa server itsself. This is referenced in the ISA manual. The fact you are running MOM against the database at all suggests you have amended this setting and turned on the remote monitoring & logging option within the ISA System policy. You are correct; by default, the password is blank.

http://www.microsoft.com/technet/isa/2004/plan/securityhardeningguide.mspx
This is a very good link in respect to hardening the isa2004 server just for your info.

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q322336
This is useful as it explains how to change the msde password

http://forums.isaserver.org/m_190092100/tm.htm
A link to others who have had a similar requirement

Regards
Keith


0
 

Author Comment

by:mascoloj
ID: 17784092
Hey Keith,
Thanks for getting back to me. I will look over the links and let you know what happens. Just to clearify one thing though, I have MOM installed on the same server as ISA. Because of the environment I have and the way it was built - pre me, ISA is being used more as a way of restricting internet use and reporting on it with the benefit of an additional inspection of the traffic flowing through it. It is a redundant firewall at best with a primary firewall at the edge of my network.

Thanks again,
Mas
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17784104
No probs. Will wait to hear from you :)
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17828113
Any update?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17932205
Thank you :)
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This video discusses moving either the default database or any database to a new volume.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now