• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 369
  • Last Modified:

avoiding intrusions - advice please

I'm just beginning sql server and have noticed after opening port 1433 already after less than 3 hours people/robots are trying to log into the sa account.
I've closed the port to the public and left it open for a specif IP but would like some advice on additional precautions I could/should be taking.

Is there a way to lock people out after x attempts or to map "trusted" IPs/profiles.
Is setting up notifications possible for this sort of thng?
Any other advice would be appreciated.

PS using SQL Server 2005 with Management Studio

0
Shawn
Asked:
Shawn
  • 5
  • 3
  • 2
  • +2
3 Solutions
 
Guy Hengel [angelIII / a3]Billing EngineerCommented:
>I've closed the port to the public and left it open for a specif IP
that will be enough. by limiting the port to a specific source address, the firewall will handle the attacks, and not sql server anymore.

sql server does not have any method to lock out people after failed attempts.

in regards to sa: lock sa account + give long/cryptic password, after having created 1 (or more) admin logins with sysadmin server roles.
0
 
RiteshShahCommented:
well, you have already taken the steps to limiting IP for your port 1433. 1433 is a default port # and everybody know that what it is so I recomend you to change it if possible. Moreover, strong password is also helpful. BTW, you may find below link interesting.

http://forums.mozillazine.org/viewtopic.php?f=37&t=222472&st=0&sk=t&sd=a&start=0

http://www.experts-exchange.com/Security/Operating_Systems_Security/Windows/Q_20788776.html
0
 
dportasCommented:
Why have the port open beyond your firewall? Whatever port number you use, if you expose SQL Server outside the firewall you are asking for trouble.
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
ShawnAuthor Commented:
angelIII:  thanks for comments and advice on pw

RiteshShah:  will be changing port numbers. thanks for the links.

dportas:  not sure I get your question/comment. What would you suggest?
0
 
RiteshShahCommented:
I guess dportas wants to convey that no matter you change the port number or not, if you will open your SQL port outside of network, you are inviting the risk. I am not 100% agree with him, yes, he is right up to some extend but risk level will definetly decrease if you change port number.
0
 
dportasCommented:
>> Shawnaraxi: What would you suggest?

I would suggest blocking unauthenticated, external traffic to the SQL Server. That is the purpose of a firewall.  Access your database applications through a VPN or a web server or some other application tier.


0
 
ShawnAuthor Commented:
dportas: isn't that what I've already done...when i mentioned
" I've closed the port to the public and left it open for a specif IP" ? this of course was done through the firewall.

The remote IP is on a shared hosting server so I suppose I might be vulnerable if someone came from inside that IP. This connection is through a Coldfusion DSN and the login information is stored in a file outside of the root.

 In any case as I'm not the owner of the other IP I am not allowed to set up a VPN.

so far conclusion to increase security is:
1) lock sa account + give long/cryptic password, after having created 1 (or more) admin logins with sysadmin server roles.
2) change port

and 3) ???
0
 
RiteshShahCommented:
I don't think so you can do anything more. even let thread open for opinion of other experts.
0
 
ShawnAuthor Commented:
ok thanks

 I'll leave it open a few more days in case anyone wants to add to it.
0
 
ralmadaCommented:
For this particular problem, I agree with the above comments and have anything else to add.
However, For SQL security in general, I would like to recommend you take a look at the following security checklist:
http://iase.disa.mil/stigs/checklist/db_srr_chklist_sqlserver2005_v8r1-1_20071107.zip
 
0
 
ShawnAuthor Commented:
wow, a 247 page checklist! thank you
0
 
Guy Hengel [angelIII / a3]Billing EngineerCommented:
ralmada,
 just for the record: are you 200% sure you are allowed to post that document online?
angel eyes, zone advisor
0
 
ralmadaCommented:
absolutely. It's public information.
0
 
ShawnAuthor Commented:
thanks for everyones input.
0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

  • 5
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now