Page 529 - StudyBook.pdf
P. 529
513 Chapter 8 • Infrastructure Security: System Hardening
Other vulnerabilities require attention when setting up specific versions of SQL
in a network. For example, Microsoft’s SQL 7.0 and earlier versions set two default
conditions that must be hardened in the enterprise environment. First, the “sa”
account, which is used for security associations and communication with the SQL
processes, and the host machine, is installed with a blank password. Second, the
server is configured using mixed mode authentication, which allows the creation of
SQL-specific accounts for access that are not required to be authenticated by the
Windows authentication subsystem.This can lead to serious compromise issues and
allow control of the server or enterprise data. It is strongly recommended that
administrators harden these two conditions, using a strong password on the sa
account, and utilizing Windows authentication instead of mixed-mode authentica-
tion.
Network access concerns must also be addressed when hardening the database
server. SQL, for example, requires that ports be accessible via the network
depending on what platform is in use. Oracle may use ports 1521, 1522, 1525, or
1529, among others. MS SQL server uses ports 1433 and 1444 for communication.
As can be seen, more consideration of network access is required when using
database servers. Normal OS concerns must also be addressed.
SQL server security takes an ongoing and constant effort to try to protect
databases and their content.An excellent discussion of the SQL server security
model by Vyas Kondreddi can be viewed at www.sql-server-
performance.com/vk_sql_security.asp.
TEST DAY TIP
Spend a few minutes reviewing port and protocol numbers for standard
services provided in the network environment. This will help when you
are analyzing questions that require configuration of ACL lists and
determinations of appropriate blocks to install to secure a network.
www.syngress.com
