Brute force attack on SQL Server

Brute force attack on SQL Server 

If your business needs the SQL Server to be accessible on public network, you may be very vulnerable for brute force attacks.

Following query will help you identify the failed login attempts and you can further understand where the attacks coming from by inspecting IP Addresses.

You could take the following steps to Mitigate the attack.
1. Evaluate whether you really need your SQL Server to be accessible in public.If your ¬†business absolutely needs it ¬†, think about whitelisting the IP’s and granting access to only those IP’s.
2. Disable Accounts like “sa” .
3. Disable SQL Server Browser, makes it harder to identify the SQL Service
4. Perform a complete and through analysis of users, permissions, and passwords on each databases
5. Provision least privileged accounts
6. Implement IPS and IDS Layer and put the SQL Server behind IPS / IDS. Implementing IPS and IDS could be harder and might incur additional latency but its worth evaluating the option.
8. Have explicit firewall rules

The best safeguard is to make the SQL Server accessible in private network and deny the public access.

Leave a Reply

Your email address will not be published. Required fields are marked *