MS SQL server Brute-force protection

hi,

anyone implement Brute-force protection in MS SQL server? how can it be done other than complex password?
LVL 1
marrowyungSenior Technical architecture (Data)Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pawan KumarDatabase ExpertCommented:
We can use rdbgaurd. It is third party.
RdpGuard is a host-based intrusion prevention system (HIPS) that protects your Windows Server
 from brute-force attacks on various protocols and services (RDP, FTP, SMTP, MySQL, MS-SQL, IIS Web Login, ASP.NET Web Forms, MS Exchange,
 RD Web Access, etc).

Open in new window


Settings you can manage.
https://rdpguard.com/mssql-protection-settings.aspx

Free trial. We can use the free trial of rdpgaurd and see if it works fine with our requirement.
https://rdpguard.com/
0
marrowyungSenior Technical architecture (Data)Author Commented:
so this is for windows but it is not for SQL server natively ?
0
Pawan KumarDatabase ExpertCommented:
Both.
0
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

Pawan KumarDatabase ExpertCommented:
edited my last comment. basically it will be 2 layer i think - Server and then DB.
0
marrowyungSenior Technical architecture (Data)Author Commented:
"edited my last comment. basically it will be 2 layer i think - Server and then DB."

so is one , that tools for both layer ?
0
Pawan KumarDatabase ExpertCommented:
yes one.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
marrowyungSenior Technical architecture (Data)Author Commented:
tks.
0
Vitor MontalvãoMSSQL Senior EngineerCommented:
Please explain what is for you a brute-force protection?
You can always hire some security guards that looks like gorillas and have them securing your data center :)
0
marrowyungSenior Technical architecture (Data)Author Commented:
"You can always hire some security guards that looks like gorillas and have them securing your data center :)"

application firewall or IP guard from cisco.

but from SQL server point of view, what can we do ?
0
Vitor MontalvãoMSSQL Senior EngineerCommented:
Firewall is always the best thing to do so you can limit the machines that can connect to the SQL Server.
Then protect SQL Server instance by managing the accesses limiting it only to the necessary users and permissions.
0
marrowyungSenior Technical architecture (Data)Author Commented:
"Then protect SQL Server instance by managing the accesses limiting it only to the necessary users and permissions."

you mean user access right, right ?
0
Vitor MontalvãoMSSQL Senior EngineerCommented:
you mean user access right, right ?
Sure. There's no magic formula. The formula is always the same:
- Limit access from machines and people and give only the necessary permissions and not more.
0
marrowyungSenior Technical architecture (Data)Author Commented:
" Limit access from machines and people and give only the necessary permissions and not more."

DBA always do it and usually only give READ ONLY right to wave the effect of write operation.

but here is more on password attack and connection, anyway you use to block the IP address by SQL server control, we usually do IIS IP address filtering.
0
Vitor MontalvãoMSSQL Senior EngineerCommented:
Did you read my articles?
Virtual accounts are almost unbreakable. For regular users use domain accounts with a strong password policy.
Database servers need to be installed in a different network in the background so they should be the last servers to be accessed, meaning that somebody that want to attack your database need to get first access to your main network and from there he needs to go through local firewalls until reach your database server. And you can add more network layers to add more security. The more complex the infrastructure is, more hard is to be broken by hackers.
0
marrowyungSenior Technical architecture (Data)Author Commented:
"Database servers need to be installed in a different network in the background so they should be the last servers to be accessed, meaning that somebody that want to attack your database need to get first access to your main network and from there he needs to go through local firewalls until reach your database server. "

sure.

this is very common for any ecommence platform, later on still depends on how many DMZ they got,

"And you can add more network layers to add more security. The more complex the infrastructure is, more hard is to be broken by hackers."

sure and tks.

knew about the "Windows Authentication mode" but that one also more security by domain login, which the whole information is encrypted across the network, so this is good and SQL login and password is not encrypted.

by Virtual Service account, it means SQL service account, right? the service account SQL server create when installing, right? I don't use this keyboard usually.
0
Vitor MontalvãoMSSQL Senior EngineerCommented:
by Virtual Service account, it means SQL service account, right? the service account SQL server create when installing, right?
Yes. With that nobody is able to know the services passwords.
0
marrowyungSenior Technical architecture (Data)Author Commented:
tks.
0
marrowyungSenior Technical architecture (Data)Author Commented:
tls both.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SQL

From novice to tech pro — start learning today.