What should I do about someone trying to brute force attempt to login to our SQL Server 'sa' account?

security sql-server-2008

Looks like someone or something is trying a brute force attempt at logging into our production SQL Server instance with the 'sa' account. They haven't been successful because our 'sa' account is disabled, but what steps should I take to make sure things are secure?

login attempts


Solution 1:

Does your SQL server need to be publicy available to the Internet? This is usually not the case. If it absolutely has to be this way, you could restrict access by IP address or maybe set up a VPN. Obviously, make the sa password unguessable or see about restricting sa login locations from only your LAN ip addresses. Please provide more details so others can assist you with better solutions.

Solution 2:

The first thing you could do is start by blacklisting that IP address, and outright denying ANY traffic from their IP at your firewall. Of course, they may just change IPs, but at the least it'll stop them from bombarding your server with traffic and logs.

Solution 3:

Disable that port (MySQL is 3306; don't recall SQL Server's port, maybe 118?) through the firewall. Then no one can access it.
If outside access to SQL is needed, remap it to a high-numbered port, like 53535. If anyone figures out that port is open, it will be hard to guess its significance.

Related

How to store 3 million records in key value format?
Copy large files to multiple machines on a LAN
Why should I use CentOS instead of Fedora
Database accidentally deleted with a bash script [duplicate]
Is Gentoo worth the compile?
How Long Will A DNS Change Take
What is the most reliable way to send a zip file via email? [closed]
What's your favorite Linux distribution? [closed]
Linux no space left on device issue
Windows Event Forwarding (WEF) Large Scale Environment
Communicating via Command Mode with IBM HS22 IMM via AMM
How to refresh an online website mirror created with `wget --mirror`?