Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 465
  • Last Modified:

SQL Failure Audits

I have a windows 2003 server which I am using as a web server.
Checking the event viewer I have noticed alot of failure audits for "MSSQL$SQLEXPRESS"
Looks like someone is trying to force there way in to this.

copy of one report
"Login failed for user 'admin'. [CLIENT:]
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp."

Can someone help me perhaps block this down so only my server can connect locally to MSSQL.
I will not be connecting to the database externally, or if you have any advise that would be great.

Thanks guys, gals
  • 5
  • 4
1 Solution
A few pointers:

- Never have a blank 'sa' password
- Use NT Authentication only, not SQL authentication
- Don't use localsystem for the SQL Server startup account, create a restricted user account
- Put SQL behind a firewall or use Proxy Server/ISA Server to protect /limit who can connect to it
- Apply the latest security patches to your system.

With SQL Server 2000 if you're only using it locally, you can unbind TCP/IP and named pipes, local access can be done via Shared Memory. I take it you're using SQL Server Express 2005? I'm not familiar with that, have a look at the documentation: http://www.microsoft.com/sql/editions/express/default.mspx
John Gates, CISSPSecurity ProfessionalCommented:
If your SQL is only accessed by the local machine then simply don't allow connections other than local:

 First Launch SQL Computer Manager

     Then Expand "Server Network Configuration"

     > Expand Protocols for "SQLEXPRESS"

     > Enable Np (for local access only)

     > Enable TCP (for local access only)

    Lastly Restart SQL Express

This should solve that problem 100%

TheJay04Author Commented:
Thanks for your reply,
dimante:- I can not find where it says (for local access only) when enabled Np or TCP
Can you please let me know what I should be seeing.

when I enable Np or TCP the only option it gives me is enable or disable
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

John Gates, CISSPSecurity ProfessionalCommented:
How about as a test disable TCP and see if your app still works.  If it does that will solve the issue.
TheJay04Author Commented:
no this did not work, i am guessing I will need to change my sql connection string ?
John Gates, CISSPSecurity ProfessionalCommented:
Are you using a DSN or DSNLess connection?
TheJay04Author Commented:

Provider = SQLNCLI; Data Source=IP; Initial Catalog=db_name; User ID=username; Password=password;
John Gates, CISSPSecurity ProfessionalCommented:
Provider = SQLNCLI; Data Source=\\<machine name>\SQLEXPRESS; Initial Catalog=db_name; User ID=username; Password=password;
TheJay04Author Commented:
Nearly right,

here is the correct SQL statement for anyone read:

Provider = SQLNCLI; Data Source=\\<computer name>\pipe\MSSQL$SQLEXPRESS\sql\query; Initial Catalog=database_name; User ID=username; Password=password;

Not had a single Failure Audit since.
Many Thanks dimante
John Gates, CISSPSecurity ProfessionalCommented:
Excellent!  And most secure for your situation ;-)

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now