I assume you are using NT4, 2k, or XP since you may be using IIS. Do you
actually develop with IIS/MSDE? If not, set the services to "Disabled". If
you do use them, then...
The port for sql/msde is 1433 by default, which can be altered for increased
invisibility. You should install the msde service pack from Microsoft if
you are not blocking the port and plan to communicate with that port
externally. Setup good password(s) (it's strongly encouraged by the
installer program during installation), especially for the sa login.
There is no reason to feel discomfort, especially if you are behind a NAT
router or have some kind of basic firewall. Installing Microsoft service
packs certainly help, but a great percentage of the service packs are of no
concern if you have the firewall security in the first place. The IIS
lockdown toolkit certainly tightens up security also.
The noise from the tabloids significantly outweighs the technical knowledge
of digital security today. If the press took an hour to investigate the
root cause of breach once in a while then nobody would care about Microsoft
security issues and would say "oh, yeah, that was a dumb idea to have a
e-commerce site online without a firewall or ssl certificate". Get real
people... geez... any system can fall in this realm, especially those like
IIS that have so many features that 90% of web admins don't even know how to
(properly) take advantage of, let alone block from buffer blasting nerds who
have succumb to throwing rocks at the doors to find a crack.
Sorry about the rant - it's not pointed at you, but is obviously something
that gets on my nerves... Hopefully, I have done something constructive
here today! :)
--
Jerry Boone
Analytical Technologies, Inc.
http://www.antech.biz
Secure Hosting and Development Solutions for ASP, ASP.NET, SQL Server, and
Access
"jmev7" <jm***@yahoo.com> wrote in message
news:c7**************************@posting.google.c om...
I have heard of security issues with IIS while on a T1 line or on a
cable modem, etc. I learned of a "break in" at a state office, and it
was traced to an "open door" while using IIS. Due to that break in,
research was done which resulted in the consensus that MSDE
applications were also vulnerable. Any thoughts one this? Does anyone
know if running if at home could cause an open door to exist through
which others might "make themselves at home"?
Thanks