April 8, 2010 at 9:57 am
We use sql 2000 as data source for our website. The server is set up for mixed mode login, the site uses a sql account login, for admin access and replication we use windows authentication. There is a strong password on the sa account, but I noticed that because the sa account being public that there is a relentless trying to login to this account, which fills up the event log of the server. Is there a way to hide the sa account while still having mixed mode enabled so that hackers sniffing for running sql servers do not try to log on to the sa account?
April 8, 2010 at 10:26 am
Unfortunately there is no way to hide or rename the "sa" ~ "dba" account on any sql server instance in mixed security mode.
This sql login account must exist o every SQL server instance configured in mixed security mode. He is the root!
The only way to protect from brute force attacks against the well known "sa" account is by hiding your SQL Server from public eyes.
You need to configure a firewall that permits only legitimate connections to the sql server listening port.
For Sql server security best practices check the following link:
http://technet.microsoft.com/en-us/library/cc966456.aspx
MSzI
April 18, 2010 at 12:38 am
MSzI (4/8/2010)
Unfortunately there is no way to hide or rename the "sa" ~ "dba" account on any sql server instance in mixed security mode.This sql login account must exist o every SQL server instance configured in mixed security mode. He is the root!
The only way to protect from brute force attacks against the well known "sa" account is by hiding your SQL Server from public eyes.
You need to configure a firewall that permits only legitimate connections to the sql server listening port.
For Sql server security best practices check the following link:
http://technet.microsoft.com/en-us/library/cc966456.aspx
MSzI
hello!
i'm womanswork
I did as you said! but apparently has no effect
April 23, 2010 at 2:35 am
Hi
If case your firewall settings has no effect you have to:
1. Check again, your firewall settings, because they are too permissive.
2. If your firewall settings are enough restrictive, you should check and find out who is responsible for sql sa password assault.
Corrections to my firs post:
Starting from sql 2005 it is possible to Deny or/and Disable the "sa" account on a SQL instance.
MSzI.
April 23, 2010 at 6:21 am
Can you filter your network connections? In other words, are the computers that SHOULD be connecting to SQL Server coming from known IP addresses? If so, an IPSEC policy (OS level) can filter out these connection attempts.
K. Brian Kelley
@kbriankelley
July 4, 2010 at 4:43 am
Unless it's absolutely necessary for some reason, which from your description it isn't, it's a really bad idea to make your SQL Server accessible by the world in general. Your website needs to be accessible obviously on the relevant ports, but there's no reason for the SQL Server to be.
You want to set your firewall to block connections from anywhere other than your website, the server(s) it's replicating with, and possibly your office for admin purposes.
If you have 3rd parties needing to access the SQL Server then I would suggest that access should only be granted if they have a static IP address which can then be allowed on the firewall. No static, no remote access.
---
Keith Langmead
July 5, 2010 at 2:49 am
As others have suggested, using a firewall to block access to all but the IP addresses of people who need access is the best idea. Also though, it can help to use port-mapping within the firewall to allow connections to SQL Server through an external port other than 1433. Since most attacks are made through the default ports for any given application, this should deter most efforts.
Duncan
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply