?
Solved

SBS2003 ISA, Need to close 1433 due to hacking

Posted on 2007-12-02
3
Medium Priority
?
537 Views
Last Modified: 2010-04-21
I have a bit of a dilema; I am running SBS2003 with ISA2004. The SBS SQL Server is hosting an application over port 1433 of which is redirected by ISA to a SQL Server 2005 installation. I have a rather long list of IP addresses that have attempted  to break-in using the SA account user/password. As I have noted the breakin attempt, I have added the IP address to a Hacker Network Interface created in ISA to deny access to the network.

Aside from neutering the SA username & password any suggestions within ISA to stop or mitigate the threat? I thought of assigning a different port but that seems to be a short-term solution.

Any suggestions would be welcome.

Tim
0
Comment
Question by:TimPeer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 9

Accepted Solution

by:
the_b1ackfox earned 1200 total points
ID: 20394569
Why not set up a rule which only accepts 1433 from whatever the ipaddress is of the application?  Like if you have a website then only accept sql from that website (an make sure that the code on the webserver is safe from injection attacks)
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 800 total points
ID: 20395181
I would agree that the above is the common sense approach assuming your scenario allows you to dictate or limit access to certain addresses. ie if this is a public service then you are unlikely to be able to lock it down in this way.

On the assumption that this is a publicly available service (you cannot lock it down to single sources):
Are you sure this is a hack attempt? For example, I run a number of services that are publicly accessible including a Sharepoint portal that has an SQL end to it. The vast majority of what could be called non-authorised access attempts are actually the result of being hit by a port scan rather than a concverted attack on the port.

As you say, changing the port number is a short-term fix plus you would have to tell all the normal users that you had changed the port also as they would need to change the client access to meet the new port number.

The fact that you are opening the port for access at all means you will always be more vulnerable than if you closed down the public access completely - this being the case, all you can really do is ensure the password is suitably strong.
0
 

Author Closing Comment

by:TimPeer
ID: 31412279
Thanks you for your response. Solutions are actually simpler than they appear at first glance. I will obtain the IP address ranges and lock down 1433 for all except the range. Although the first response is the chosen response and since I intend to implement SP, I think it fair to distribute points.

Thanks again!
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever wondered why sometimes your SQL Server is slow or unresponsive with connections spiking up but by the time you go in, all is well? The following article will show you how to install and configure a SQL job that will send you email alerts includ…
In part one, we reviewed the prerequisites required for installing SQL Server vNext. In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
Using examples as well as descriptions, and references to Books Online, show the documentation available for date manipulation functions and by using a select few of these functions, show how date based data can be manipulated with these functions.
Via a live example, show how to extract information from SQL Server on Database, Connection and Server properties
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question