During setup of SQL2005 Standard, I set the password of SA as 'pwd1'. After
about a day, all the data on my DB are removed. Just testing, and not
serious accident for me. Anyway, can that be the result of the easy
password?
After the accident, I changed the password into one with special characters.
But still curious of the culprit.
Pohwan Han. Seoul. Have a nice day.
"Han" <hp4444@.kornet.net.korea> wrote in
news:u#N5Plc8FHA.3752@.tk2msftngp13.phx.gbl:
> During setup of SQL2005 Standard, I set the password of SA as 'pwd1'.
> After about a day, all the data on my DB are removed. Just testing,
> and not serious accident for me. Anyway, can that be the result of the
> easy password?
> After the accident, I changed the password into one with special
> characters. But still curious of the culprit.
First of all: I would never use Mixed Authentication unless I had a very
good reason for doing so. But, yes... It is possible to crack that password
in, should we say under an hour? Actually, I do think less than 15 minutes.
Ole Kristian Bangs
MCT, MCDBA, MCDST, MCSE:Security, MCSE:Messaging
|||Thanks Ole. That's exactly what I wanted.
Pohwan Han. Seoul. Have a nice day.
"Ole Kristian Bang?" <olekristian.bangas@.masterminds.no> wrote in message
news:Xns9719A1FA79287olekristianbangaas@.207.46.248 .16...
> "Han" <hp4444@.kornet.net.korea> wrote in
> news:u#N5Plc8FHA.3752@.tk2msftngp13.phx.gbl:
>
> First of all: I would never use Mixed Authentication unless I had a very
> good reason for doing so. But, yes... It is possible to crack that
> password
> in, should we say under an hour? Actually, I do think less than 15
> minutes.
> --
> Ole Kristian Bang?
> MCT, MCDBA, MCDST, MCSE:Security, MCSE:Messaging
|||Since SQL Server 2005 by default has login auditing set to 'Failed logins
only' go to your SQL Server log and see if somebody has been trying to guess
the sa password. The message will show, depending on your configuration, the
IP address of the client who tried to connect as sa. I also always create an
alert to be notified about this error (18456).
Ben Nevarez, MCDBA, OCP
"Han" <hp4444@.kornet.net.korea> wrote in message
news:u%23N5Plc8FHA.3752@.tk2msftngp13.phx.gbl...
> During setup of SQL2005 Standard, I set the password of SA as 'pwd1'.
> After about a day, all the data on my DB are removed. Just testing, and
> not serious accident for me. Anyway, can that be the result of the easy
> password?
> After the accident, I changed the password into one with special
> characters. But still curious of the culprit.
> --
> Pohwan Han. Seoul. Have a nice day.
|||Thanks Ben. I tried that now. Strangely there is just one failed login of SA
at that time(in 6 hours).
" Login failed for user 'sa'. [CLIENT: <named pipe>] "
Hmm, someone succeeded in finding the password after just one failure. I am
not sure whether I am properly viewing the SQL Server logs. And when there
is just one failed log, possibly it can be me.
Pohwan Han. Seoul. Have a nice day.
"Ben Nevarez" <bnevarez@.sjm.com> wrote in message
news:eTpOMvh8FHA.4084@.TK2MSFTNGP10.phx.gbl...
> Since SQL Server 2005 by default has login auditing set to 'Failed logins
> only' go to your SQL Server log and see if somebody has been trying to
> guess the sa password. The message will show, depending on your
> configuration, the IP address of the client who tried to connect as sa. I
> also always create an alert to be notified about this error (18456).
> Ben Nevarez, MCDBA, OCP
>
> "Han" <hp4444@.kornet.net.korea> wrote in message
> news:u%23N5Plc8FHA.3752@.tk2msftngp13.phx.gbl...
>
|||Han,
Maybe that one failed sa login was you. But you also need to look at the
other aspects of your database security, not only the sa user. For example,
which users belong to the sysadmin server role (they have the same
permissions as sa) or other server roles. In SQL Server 2000/2005 by default
BUILTIN\Administrators are members of syadmin. Also look at the security of
your database, specially membership of database roles, like db_owner or
db_datawriter.
Also, if you want to find who is doing something in your system you can
implement DML and DDL triggers.
Ben Nevarez, MCDBA, OCP
"Han" <hp4444@.kornet.net.korea> wrote in message
news:O%23LCeKj8FHA.3380@.tk2msftngp13.phx.gbl...
> Thanks Ben. I tried that now. Strangely there is just one failed login of
> SA at that time(in 6 hours).
> " Login failed for user 'sa'. [CLIENT: <named pipe>] "
> Hmm, someone succeeded in finding the password after just one failure. I
> am not sure whether I am properly viewing the SQL Server logs. And when
> there is just one failed log, possibly it can be me.
> --
> Pohwan Han. Seoul. Have a nice day.
> "Ben Nevarez" <bnevarez@.sjm.com> wrote in message
> news:eTpOMvh8FHA.4084@.TK2MSFTNGP10.phx.gbl...
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment