Solved

avoiding intrusions - advice please

Posted on 2009-05-08
14
354 Views
Last Modified: 2012-06-21
I'm just beginning sql server and have noticed after opening port 1433 already after less than 3 hours people/robots are trying to log into the sa account.
I've closed the port to the public and left it open for a specif IP but would like some advice on additional precautions I could/should be taking.

Is there a way to lock people out after x attempts or to map "trusted" IPs/profiles.
Is setting up notifications possible for this sort of thng?
Any other advice would be appreciated.

PS using SQL Server 2005 with Management Studio

0
Comment
Question by:Shawn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +2
14 Comments
 
LVL 143

Accepted Solution

by:
Guy Hengel [angelIII / a3] earned 250 total points
ID: 24340755
>I've closed the port to the public and left it open for a specif IP
that will be enough. by limiting the port to a specific source address, the firewall will handle the attacks, and not sql server anymore.

sql server does not have any method to lock out people after failed attempts.

in regards to sa: lock sa account + give long/cryptic password, after having created 1 (or more) admin logins with sysadmin server roles.
0
 
LVL 31

Assisted Solution

by:RiteshShah
RiteshShah earned 200 total points
ID: 24341724
well, you have already taken the steps to limiting IP for your port 1433. 1433 is a default port # and everybody know that what it is so I recomend you to change it if possible. Moreover, strong password is also helpful. BTW, you may find below link interesting.

http://forums.mozillazine.org/viewtopic.php?f=37&t=222472&st=0&sk=t&sd=a&start=0

http://www.experts-exchange.com/Security/Operating_Systems_Security/Windows/Q_20788776.html
0
 
LVL 22

Expert Comment

by:dportas
ID: 24343305
Why have the port open beyond your firewall? Whatever port number you use, if you expose SQL Server outside the firewall you are asking for trouble.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 1

Author Comment

by:Shawn
ID: 24343885
angelIII:  thanks for comments and advice on pw

RiteshShah:  will be changing port numbers. thanks for the links.

dportas:  not sure I get your question/comment. What would you suggest?
0
 
LVL 31

Expert Comment

by:RiteshShah
ID: 24343913
I guess dportas wants to convey that no matter you change the port number or not, if you will open your SQL port outside of network, you are inviting the risk. I am not 100% agree with him, yes, he is right up to some extend but risk level will definetly decrease if you change port number.
0
 
LVL 22

Expert Comment

by:dportas
ID: 24344056
>> Shawnaraxi: What would you suggest?

I would suggest blocking unauthenticated, external traffic to the SQL Server. That is the purpose of a firewall.  Access your database applications through a VPN or a web server or some other application tier.


0
 
LVL 1

Author Comment

by:Shawn
ID: 24344202
dportas: isn't that what I've already done...when i mentioned
" I've closed the port to the public and left it open for a specif IP" ? this of course was done through the firewall.

The remote IP is on a shared hosting server so I suppose I might be vulnerable if someone came from inside that IP. This connection is through a Coldfusion DSN and the login information is stored in a file outside of the root.

 In any case as I'm not the owner of the other IP I am not allowed to set up a VPN.

so far conclusion to increase security is:
1) lock sa account + give long/cryptic password, after having created 1 (or more) admin logins with sysadmin server roles.
2) change port

and 3) ???
0
 
LVL 31

Expert Comment

by:RiteshShah
ID: 24344779
I don't think so you can do anything more. even let thread open for opinion of other experts.
0
 
LVL 1

Author Comment

by:Shawn
ID: 24344872
ok thanks

 I'll leave it open a few more days in case anyone wants to add to it.
0
 
LVL 41

Assisted Solution

by:ralmada
ralmada earned 50 total points
ID: 24350309
For this particular problem, I agree with the above comments and have anything else to add.
However, For SQL security in general, I would like to recommend you take a look at the following security checklist:
http://iase.disa.mil/stigs/checklist/db_srr_chklist_sqlserver2005_v8r1-1_20071107.zip
 
0
 
LVL 1

Author Comment

by:Shawn
ID: 24355100
wow, a 247 page checklist! thank you
0
 
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 24355192
ralmada,
 just for the record: are you 200% sure you are allowed to post that document online?
angel eyes, zone advisor
0
 
LVL 41

Expert Comment

by:ralmada
ID: 24355286
absolutely. It's public information.
0
 
LVL 1

Author Comment

by:Shawn
ID: 24358524
thanks for everyones input.
0

Featured Post

Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How can I find this data? 3 28
Regarding Disk IO 3 49
Problem Backingh Up Transaction Log on Old SQL000 Database 3 26
Need SQL Update 2 9
Nowadays, some of developer are too much worried about data. Who is using data, who is updating it etc. etc. Because, data is more costlier in term of money and information. So security of data is focusing concern in days. Lets' understand the Au…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Viewers will learn how to use the INSERT statement to insert data into their tables. It will also introduce the NULL statement, to show them what happens when no value is giving for any given column.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question