Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
TheStrontiumDog
Starting Member
1 Post |
 Posted - 2004-03-31 : 18:05:38
|
| Gentles all,A problem, a cry for help...First, some background information:1. I know very little about SQL, but have inherited SQL 2000 server to manage2. Recently, a text file was created on the server desktop that is titled "Admin.read.this.txt" that reads "Hi, your SQL password is too easy to find. I am whitehat, so goodbye."3. Since no-one at my site can spell "SQL" I suspect that this is a hack.The cry for help...4. Has anyone seen or heard of this type of problem, and is it in fact a hack?5. Although I do not know anything about SQL, I am thinking that this is related to a blank or "easy" SA password. Could I be heading in the right direction with this thinking?6. What and where are the best resources for learning about SQL "hardening"?7. Are there any other suggestions that anyone can make that may be helpful?Since, as I mentioned, I am new to SQL server, I suspect I will be spending some much time at this website. During my tenure, I hope that you will always find meAt your humble service,The Strontium Dog |
|
|
derrickleggett
Pointy Haired Yak DBA
4184 Posts |
Posted - 2004-03-31 : 18:12:03
|
| http://www.sqlsecurity.com/DesktopDefault.aspxhttp://vyaskn.tripod.com/sql_server_security_best_practices.htmCheck these two sites out. If your sa password is blank or easy that would be a good start. Name it something dark, long, and very cryptic. After that, put it in a folder that is accessible only to you and one other person in the company.Then forget it exists!!!!!Make sure you don't have the local/administrator account as part of SQL Server. Disable the Log In Locally "feature". Review your user accounts.When your done with this, set up a profiler to check for failed logins. If you see anyone trying to log in as sa and you can't figure out who it is, lock their IP address out.When your done with this, shake your fists at some people and take a couple days off.(grin)MeanOldDBAderrickleggett@hotmail.comWhen life gives you a lemon, fire the DBA. |
 |
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2004-03-31 : 18:13:34
|
| Do you have the latest service pack and security hotfix installed for SQL Server? Currently, the latest service pack is sp3a. There is also a security hotfix that needs to be applied after sp3a is installed. Open up Query Analyzer, connect to your database server, type in SELECT @@VERSION. Then hit F5. What does it say for your version?You need at least 8.00.818.A lot of shops uses a blank sa password. During the installation of sp3a, it will tell you to change it.sqlsecurity.com is a good site for information about SQL Server security.Tara |
|
|
|
MichaelP
Jedi Yak
2489 Posts |
Posted - 2004-03-31 : 18:46:57
|
| If you can avoid it, don't make your SQL server publily addressible.Put it behind a firewall on a 192.168.*.* address. Boxes become really hard to hack when you can't communicate with them.Michael<Yoda>Use the Search page you must. Find the answer you will.</Yoda> |
|
|
|
eyechart
Master Smack Fu Yak Hacker
3575 Posts |
Posted - 2004-03-31 : 20:50:16
|
quote:
I suspect that this is a hack
what gives you that idea? I think it is perfectly normal to have files show up on my desktop from whitehat - happens all the time.Hopefully you guys are storing credit card information or SSNs or something that isn't very important.-ec |
|
|
|
SamC
White Water Yakist
3467 Posts |
Posted - 2004-03-31 : 22:31:47
|
| "Easy to Find" might mean easy to locate on your hard drive, or more likely, found through trial and error. Could the SQL password on your server be found using a dictionary lookup? |
|
|
|
MuadDBA
628 Posts |
Posted - 2004-04-01 : 14:20:41
|
| "Strong" passwords typically are more than 8 characters and contain a combination of numbers and letters and possibly symbols. This way they can't be easily looked up in a dictionary, etc.For example:d0gg0n31treads "doggoneit" but it isn't something you would ever find in a dictionary due to the combination of numbers and letters. This is a faily simplistic password, but this is the sort of password I assign to all of my users (no matter their complaints) who have anything more than read access to a database. |
|
|
|
X002548
Not Just a Number
15586 Posts |
Posted - 2004-04-01 : 14:54:23
|
| If you google whitehat you'll get a lot of hits...http://www.whitehatsec.com/But I doubt they did it....But if they did, then I'd expect that to be counter productive advertising...but you never know...Brett8-) |
|
|
|
|
|
|
|
|
A possible SQL hack?