Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 465
  • Last Modified:

SQL Failure Audits

I have a windows 2003 server which I am using as a web server.
Checking the event viewer I have noticed alot of failure audits for "MSSQL$SQLEXPRESS"
Looks like someone is trying to force there way in to this.

copy of one report
"Login failed for user 'admin'. [CLIENT: 83.166.2.219]
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp."

Can someone help me perhaps block this down so only my server can connect locally to MSSQL.
I will not be connecting to the database externally, or if you have any advise that would be great.

Thanks guys, gals
0
TheJay04
Asked:
TheJay04
  • 5
  • 4
1 Solution
 
CoccoBillCommented:
A few pointers:

- Never have a blank 'sa' password
- Use NT Authentication only, not SQL authentication
- Don't use localsystem for the SQL Server startup account, create a restricted user account
- Put SQL behind a firewall or use Proxy Server/ISA Server to protect /limit who can connect to it
- Apply the latest security patches to your system.

With SQL Server 2000 if you're only using it locally, you can unbind TCP/IP and named pipes, local access can be done via Shared Memory. I take it you're using SQL Server Express 2005? I'm not familiar with that, have a look at the documentation: http://www.microsoft.com/sql/editions/express/default.mspx
0
 
John Gates, CISSPSecurity ProfessionalCommented:
If your SQL is only accessed by the local machine then simply don't allow connections other than local:

 First Launch SQL Computer Manager

     Then Expand "Server Network Configuration"

     > Expand Protocols for "SQLEXPRESS"

     > Enable Np (for local access only)

     > Enable TCP (for local access only)

    Lastly Restart SQL Express

This should solve that problem 100%

-D-
0
 
TheJay04Author Commented:
Thanks for your reply,
dimante:- I can not find where it says (for local access only) when enabled Np or TCP
Can you please let me know what I should be seeing.

when I enable Np or TCP the only option it gives me is enable or disable
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
John Gates, CISSPSecurity ProfessionalCommented:
How about as a test disable TCP and see if your app still works.  If it does that will solve the issue.
0
 
TheJay04Author Commented:
no this did not work, i am guessing I will need to change my sql connection string ?
0
 
John Gates, CISSPSecurity ProfessionalCommented:
Are you using a DSN or DSNLess connection?
0
 
TheJay04Author Commented:
DSNLess

Provider = SQLNCLI; Data Source=IP; Initial Catalog=db_name; User ID=username; Password=password;
0
 
John Gates, CISSPSecurity ProfessionalCommented:
Provider = SQLNCLI; Data Source=\\<machine name>\SQLEXPRESS; Initial Catalog=db_name; User ID=username; Password=password;
0
 
TheJay04Author Commented:
Nearly right,

here is the correct SQL statement for anyone read:

Provider = SQLNCLI; Data Source=\\<computer name>\pipe\MSSQL$SQLEXPRESS\sql\query; Initial Catalog=database_name; User ID=username; Password=password;

Not had a single Failure Audit since.
Many Thanks dimante
0
 
John Gates, CISSPSecurity ProfessionalCommented:
Excellent!  And most secure for your situation ;-)
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now