Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
Heinz23
Yak Posting Veteran
84 Posts |
 Posted - 2010-05-06 : 03:18:38
|
| Hi all,by coincidence I yesterday noticed on my virtual server in the Event Log that there are frequent (every second) attempts from foreign IPs (from foreign countries) to access my SQL Express 2005 directly. This should not be possible, but it seems that someone (or some-two as there are attempts from 2 different locations) tries to find the sa-password with a brute force attack.My configuration is as follows: Win 2003 server 64 bit, MS SQL 2005 Express. Remote connections are currently allowed because I'd like to access the SQL Server using SQL Management Studio from home. My Webpage is on the same server, there are no other servers who should access the SQL server directly, it's all done from my website.Now there seem to be several options:- Block access to SQL Server on Windows Firewall for all other IPs except my own IP range from my local provider.- Delete / Disable (?) sa-account and use another cryptic user ('sa58kgdft83') so they also need to find out the Username, not only the password.- Deny remote connections (but then I have to use RDP if I like to access the database with Management Studio)- Allowing only Windows Authentication but I don't know whether this works as this is a virtual server. I'm only using SPs, no Dynamic SQL or else. Would this be an option?Any other ideas / proposals? Mainly I'm .net developer so this part of SQL Administration is far beyond my SQL Admin Knowledge. I've searched already current forum as I guess there might a list somewhere like 'Top 10 how to secure your SQL 2005' or else but did not find it.Many thanks in advance!! |
|
|
apodemus
Starting Member
30 Posts |
Posted - 2010-05-06 : 05:21:59
|
| In my opinion you should block access to SQL Server for foreign IP's first.apodemus |
 |
|
|
Lumbago
Norsk Yak Master
3271 Posts |
Posted - 2010-05-06 : 07:17:45
|
| Exposing your database to the internet like this without any kind of firewall is terrible! You should lock all connections to the server except for the IP's and ports that are controlled by you. Exposing your server to the entire internet just because you want to run management studio from home just isn't a valid argument. There are numerous ways to lock down your server but a firewall should be the first thing you set up. Disallowing remote connections is great if you run everything off one server and windows authentication works great also if you're on a single server or if your server is in a domain (it also works with separate stand-alone servers but a domain is better for windows auth only). Disabeling the sa-account can also be a good but be 100% sure that you have another sysadmin account that you wount screw up. - LumbagoIf the facts don't fit the theory, change the facts. Albert Einstein |
|
|
|
Heinz23
Yak Posting Veteran
84 Posts |
Posted - 2010-05-07 : 05:35:31
|
| OK, many thanks. I've now configured Windows Firewall to block all remote access to my SQL Database as IIS and SQL are on the same machine. Whenever I want to access the DB from my local machine I'll reconfigure the firewall temporarily to allow remote access again.Many thanks for your replies! |
|
|
|
|
|
|
Login from foreign IP / Try to hack login