469,081 Members | 1,753 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,081 developers. It's quick & easy.

Port security question

Hey all.

I'm running SQL server 2000, on W2K server. All the latest patches/etc
for both installed.

I've a need to allow remote access to the DB. I have a strong password
on the sa account, and have completed the various security checklists
on the MS website, including running the baseline security program they
provide.

Due to the nature of the application, windows authentication is not
possible.

Besides someone trying to hack in via a password guess, are there any
other things I need to worry about? Again, all the latest patches and
what not are installed.

Thanks
Matt

Jul 23 '05 #1
3 1147
Matt (ma**********@msn.com) writes:
I'm running SQL server 2000, on W2K server. All the latest patches/etc
for both installed.

I've a need to allow remote access to the DB. I have a strong password
on the sa account, and have completed the various security checklists
on the MS website, including running the baseline security program they
provide.

Due to the nature of the application, windows authentication is not
possible.

Besides someone trying to hack in via a password guess, are there any
other things I need to worry about? Again, all the latest patches and
what not are installed.


I assume with remote access, you mean permit access to it from the
Internet.

First make sure an extra time that @@version reads at least 8.00.818.

But, no, you cannot sleep well at night despite of that. With SQL
authentication there is no protection against brute force attacks, so an
intruder can just keep on hammering. You can of course audit failed logins,
but you may go and check that log every day.

Note also that the password is not really encrypted when sent over the
wire. It's more some sort of obfustication that can be cracked without
too much effort.

I don't really have any suggestions for how to address this, although
it could be possible to build some proxy that has better protection. I
would not be surprised if such third-party tools are available.

One thing to consider, is to isolate this machine from the rest of
your network as much as possible, so that if someone sneaks in, he
gets no further.

--
Erland Sommarskog, SQL Server MVP, es****@sommarskog.se

Books Online for SQL Server SP3 at
http://www.microsoft.com/sql/techinf...2000/books.asp
Jul 23 '05 #2
Thanks!

Looking over the net today, I pretty much came to that same
conclusion..... I'm setting up a VPN now.

Matt

Jul 23 '05 #3
Matt (ma**********@msn.com) writes:
Looking over the net today, I pretty much came to that same
conclusion..... I'm setting up a VPN now.


Sounds like a good move.
--
Erland Sommarskog, SQL Server MVP, es****@sommarskog.se

Books Online for SQL Server SP3 at
http://www.microsoft.com/sql/techinf...2000/books.asp
Jul 23 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by doh..... | last post: by
21 posts views Thread by Alexander N. Spitzer | last post: by
2 posts views Thread by Jason | last post: by
6 posts views Thread by kai | last post: by
5 posts views Thread by Bob Stearns | last post: by
25 posts views Thread by bmearns | last post: by
4 posts views Thread by Bjorn Sagbakken | last post: by
3 posts views Thread by Frank Swarbrick | last post: by
reply views Thread by zhoujie | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.