|
Home > Archive > Microsoft SQL Server forum > July 2005 > Port security question
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Port security question
|
|
|
| Hey all.
I'm running SQL server 2000, on W2K server. All the latest patches/etc
for both installed.
I've a need to allow remote access to the DB. I have a strong password
on the sa account, and have completed the various security checklists
on the MS website, including running the baseline security program they
provide.
Due to the nature of the application, windows authentication is not
possible.
Besides someone trying to hack in via a password guess, are there any
other things I need to worry about? Again, all the latest patches and
what not are installed.
Thanks
Matt
| |
| Erland Sommarskog 2005-07-20, 8:24 pm |
| Matt (mattmorgan64@msn.com) writes:
> I'm running SQL server 2000, on W2K server. All the latest patches/etc
> for both installed.
>
> I've a need to allow remote access to the DB. I have a strong password
> on the sa account, and have completed the various security checklists
> on the MS website, including running the baseline security program they
> provide.
>
> Due to the nature of the application, windows authentication is not
> possible.
>
> Besides someone trying to hack in via a password guess, are there any
> other things I need to worry about? Again, all the latest patches and
> what not are installed.
I assume with remote access, you mean permit access to it from the
Internet.
First make sure an extra time that @@version reads at least 8.00.818.
But, no, you cannot sleep well at night despite of that. With SQL
authentication there is no protection against brute force attacks, so an
intruder can just keep on hammering. You can of course audit failed logins,
but you may go and check that log every day.
Note also that the password is not really encrypted when sent over the
wire. It's more some sort of obfustication that can be cracked without
too much effort.
I don't really have any suggestions for how to address this, although
it could be possible to build some proxy that has better protection. I
would not be surprised if such third-party tools are available.
One thing to consider, is to isolate this machine from the rest of
your network as much as possible, so that if someone sneaks in, he
gets no further.
--
Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se
Books Online for SQL Server SP3 at
http://www.microsoft.com/sql/techin.../2000/books.asp
| |
|
| Thanks!
Looking over the net today, I pretty much came to that same
conclusion..... I'm setting up a VPN now.
Matt
| |
| Erland Sommarskog 2005-07-21, 7:23 am |
| Matt (mattmorgan64@msn.com) writes:
> Looking over the net today, I pretty much came to that same
> conclusion..... I'm setting up a VPN now.
Sounds like a good move.
--
Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se
Books Online for SQL Server SP3 at
http://www.microsoft.com/sql/techin.../2000/books.asp
|
|
|
|
|