October 24, 2003 at 7:40 am
Isn't disabling any vulnerability the most secure? It may not be desireable, but it certainly is the most secure.
October 24, 2003 at 7:43 am
I agree. The question asks what is the "best" way. A firewall is one way to thrawt a would be hacker from UDP 1434, but if the port is disabled, there is no way for a hacker to exploit the port.
October 24, 2003 at 7:46 am
LOL, I answered the same way.... Best way = Only way to stop hackers = disable the port.
I am glad a lot of people answered the same way I do... π
October 24, 2003 at 7:56 am
quote:
LOL, I answered the same way.... Best way = Only way to stop hackers = disable the port.I am glad a lot of people answered the same way I do... π
The trick there is in SP2 of SQL Server, you cannot stop the port or change it. The only way to stop it is in SP3 and that's by removing TCP/IP.
Brian Knight
http://www.sqlservercentral.com/columnists/bknight
Brian Knight
Free SQL Server Training Webinars
October 24, 2003 at 8:02 am
Disabling the port is BY FAR the BEST!!! way.
This port is not indispensable for an application, in fact thatβs why firewalling was suggested.
If you firewall the port, it is still open and if a hacker compromises any other system behind the firewall it can be used.
You will have to acknowledge that on this one, the recommended "right answer" is WRONG
* Noel
October 24, 2003 at 8:12 am
Keep in mind that you can't disable the port before SP3. This is what made the SQL Slammer virus so bad. So firewalling it is the only viable answer to mitigate the risk.
Brian Knight
http://www.sqlservercentral.com/columnists/bknight
Brian Knight
Free SQL Server Training Webinars
October 24, 2003 at 8:26 am
The question didn't specified ANY version. I hope if you are using SQL Server you have SP3a on it!
* Noel
October 24, 2003 at 8:28 am
If eliminating the risk is the goal then disabling the port is the only option regardless of the method used or impact to the application. The question doesn't specify any other goal except to prevent hackers from exploiting the vulnerability.
October 24, 2003 at 8:34 am
I couldn't agree more with "vegas205". If you are not specific on the question the ONLY answer is to disable.
Brian, disabling TCP/IP doesn't mean that you can not reach the server. you can still use named pipes or any other library available to your particular case.
* Noel
October 24, 2003 at 8:43 am
quote:
The question didn't specified ANY version. I hope if you are using SQL Server you have SP3a on it!
Here's the question from today:
What is the best way to prevent hackers from exploiting the SQL Server 2000 UDP port running SQL Server 2000 SP2?
Brian Knight
http://www.sqlservercentral.com/columnists/bknight
Brian Knight
Free SQL Server Training Webinars
October 24, 2003 at 8:48 am
Brian,
That's certainly not what my e-mail said. Maybe forum admins get the more detailed version of the question?
The e-mail I received stated:
"What is the best way to prevent hackers from exploiting the SQL Server 2000 UDP port? "
I'll be happy to forward it to you if you don't believe me.
--
Adam Machanic
whoisactive
October 24, 2003 at 8:53 am
quote:
Here's the question from today:What is the best way to prevent hackers from exploiting the SQL Server 2000 UDP port running SQL Server 2000 SP2?
this is what I have in my Inbox:
What is the best way to prevent hackers from exploiting the SQL Server 2000 UDP port?
*Encrypt communication from that port.
*Firewall the port
*Change the UDP port to a more obscure port number
*Disable the port
*Turn on Trace Flag 1808
PS: I can forward it to you if you like.
* Noel
October 24, 2003 at 9:40 am
Yes, the question was changed on the web page. Don't you also see the red warning message above the QOD?
Maybe the best answer was to upgrade to sp3 & disable. However, eliminating TCP/IP is not the best solution if it screws up your apps that rely on it. SQL Server is probably safest from hackers if it's off-network, but it's also not very useful.
Data: Easy to spill, hard to clean up!
October 24, 2003 at 10:09 am
quote:
... However, eliminating TCP/IP is not the best solution if it screws up your apps that rely on it. SQL Server is probably safest from hackers if it's off-network, but it's also not very useful.
who said that to connect to SQL Server You HAVE TO HAVE TCP/IP, the client Network utility and the Server network utility can be used to specify OTHER protocols as well. I that case your server is NOT off the network an it CAN be used!
* Noel
October 24, 2003 at 7:25 pm
quote:
Yes, the question was changed on the web page. Don't you also see the red warning message above the QOD?
But surely warning messages are just that? Only critical messages are to be acted upon. π I did of course get this one wrong ...
Viewing 15 posts - 1 through 15 (of 15 total)
You must be logged in to reply to this topic. Login to reply