[linux-elitists] MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!

Aaron Sherman ajs@ajs.com
Fri Jan 31 10:39:12 PST 2003


On Wed, 2003-01-29 at 10:09, Shawn McMahon wrote:
> On Wed, Jan 29, 2003 at 10:00:12AM -0500, Aaron Sherman said:

> > In that case, there's not much you can do. You have to keep up-to-date

> Sure there is.  Design your system to include what you want to
> happen in case of a failure, as well.  Consider what happens if
> the other guy gets compromised; give him only the access he
> NEEDS, not the access he WANTS.  And yes, I realize that's a lot
> of work, and requires overcoming bureaucratic inertia.  I'm
> fighting the same fight, and not always winning.

Yeah, AKA don't over-specify the solution (e.g. person x needs data,
therefore they need an open database port). I feel into that trap in my
original message.

However, in an Oracle environment (not sure about MS SQL or other DBs,
as I've only done inter-business DB access with Oracle) the default
means of granting limited access is to create an account with specific
privs. Since a worm like the one that's been taking down MS SQL won't
care about that account, having your partner get slammed means you do
too.

What you *can* do is not allow UDP traffic OUT of your firewall except
for specific services that are required. Most people don't bother doing
this, but it certainly would have helped staunch the bleeding....


-- 
Aaron Sherman <ajs@ajs.com>
This message granted to the Public Domain in 2023.
Fight the DMCA and copyright extension! http://eldred.cc/




More information about the linux-elitists mailing list