• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 529
  • Last Modified:

Windows Event Viewer has a lot of 'failure audit' events for failed logins

I am receiving a lot of audits for people trying to access the SA account on SQL 2005. It looks to me to be from one IP address. I don't tend to use the SA account, so is this something I can rename or something similar? Would this stop the SA failed audits? I know it's probably a good idea to disable or rename the SA account so any help would be appreciated.
0
AbeSpain
Asked:
AbeSpain
  • 2
  • 2
1 Solution
 
pcelbaCommented:
The sa account renaming is a good idea and it increases security but it cannot stop attackers from their attemptes...
0
 
Aneesh RetnakaranDatabase AdministratorCommented:
> Would this stop the SA failed audits?
no

If that ip doesnt belong to your network, possibly someone is trying to hack ur database, so better block those ip in your firewall

you can use the Windows authentication, that would be a great idea, but make sure that you chnage the connection string
0
 
AbeSpainAuthor Commented:
"you can use the Windows authentication, that would be a great idea, but make sure that you chnage the connection string "

Rather than auth using the users set up in the database?
0
 
Aneesh RetnakaranDatabase AdministratorCommented:
Yup. Windows authentication provides additional security, thats why i suggested you to use that.
0
 
pcelbaCommented:
The Windows authentication allows each Windows admin full SQL administrator access. I don't think this is correct in all situations.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now