1. Home
  2. Networking
  3. Network security assessment

8.12 Database Services Countermeasures

  • Ensure that database user passwords (sa and probe accounts found in Microsoft SQL Server, root under MySQL, etc.) are adequately strong.

  • Filter and control public Internet-based access to database service ports to prevent determined attackers from launching brute-force password-grinding attacks in particular. In the case of Oracle with the TNS Listener, this point is extremely important.

  • Don't run publicly accessible remote maintenance services on database servers; you will thus deter Oracle TNS Listener user .rhosts file creation and other types of grappling-hook attacks. If possible, use two-factor authentication for remote access from specific staging hosts; with public keys, use something like SSH .

  • If SQL services are accessible from the Internet or other untrusted networks, ensure they are patched with the latest service packs and security hot fixes to ensure resilience from buffer overflows and other types of remote attack.



    		Network Security Assessment
    		Foreword
    		Preface
    		Chapter 1. Network Security Assessment
    		Chapter 2. The Tools Required
    		Chapter 3. Internet Host and Network Enumeration
    		Chapter 4. IP Network Scanning
    		Chapter 5. Assessing Remote Information Services
    		Chapter 6. Assessing Web Services
    		Chapter 7. Assessing Remote Maintenance Services
    		Chapter 8. Assessing FTP and Database Services
    		8.1 FTP
    		8.2 FTP Banner Grabbing and Enumeration
    		8.3 FTP Brute-Force Password Guessing
    		8.4 FTP Bounce Attacks
    		8.5 Circumventing Stateful Filters Using FTP
    		8.6 FTP Process Manipulation Attacks
    		8.7 FTP Services Countermeasures
    		8.8 Database Services
    		8.9 Microsoft SQL Server
    		8.10 Oracle
    		8.11 MySQL
    		8.12 Database Services Countermeasures
    		Chapter 9. Assessing Windows Networking Services
    		Chapter 10. Assessing Email Services
    		Chapter 11. Assessing IP VPN Services
    		Chapter 12. Assessing Unix RPC Services
    		Chapter 13. Application-Level Risks
    		Chapter 14. Example Assessment Methodology
    		Appendix A. TCP, UDP Ports, and ICMP Message Types
    		Appendix B. Sources of Vulnerability Information
    		Colophon