|
#83730
05/21/2002 6:21 PM
|
Joined: Feb 2001
Posts: 817
Moderator / Kingpin
|
Moderator / Kingpin
Joined: Feb 2001
Posts: 817 |
If you're running a MS SQL database you should perform the following immediately: (1) block traffic to port 1433 tcp at your perimeter. (2) ensure all Microsoft SQL servers are patched and a password is setup for the SA account. (3) enable syskey (4) block all email to [email protected] More information can be found here: http://www.incidents.org/diary/diary.php?id=156
|
|
|
#83731
05/21/2002 7:18 PM
|
Joined: Nov 2001
Posts: 436
Member
|
Member
Joined: Nov 2001
Posts: 436 |
Thanks
|
|
|
#83732
05/21/2002 7:39 PM
|
Joined: Feb 2000
Posts: 4,625
Member
|
Member
Joined: Feb 2000
Posts: 4,625 |
|
|
|
#83733
05/22/2002 7:30 PM
|
Joined: Oct 2000
Posts: 2,223
Veteran
|
Veteran
Joined: Oct 2000
Posts: 2,223 |
"and a password is setup for the SA account"
The part that is most worrying about this. I can't tell you how many MySQL installations I've touched lately that had no rot password. I guess MS SQL is the same. You'd think their snazzy installer would make you set an SA password befoer it finished.
Picture perfect penmanship here.
|
|
|
#83734
05/22/2002 7:38 PM
|
Joined: Jun 2001
Posts: 2,849
Spotlight Winner
|
Spotlight Winner
Joined: Jun 2001
Posts: 2,849 |
SQL 2000 has a checkbox that you have to click to be able to leave the sa password blank, and some people still do it.
|
|
|
Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.
Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
|
|
Posts: 1,157
Joined: July 2001
|
|
Forums63
Topics37,573
Posts293,925
Members13,849
|
Most Online5,166 Sep 15th, 2019
|
|
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
|
|
|
|
|