Are Your SQL Servers Safe? IIS Attacks Increased 782x in One Quarter
Just when we thought that most cybersecurity attacks came via social engineering, we see this. Attacks on IIS, Microsoft’s web server, increased from 2,000 in Q1 2018 to over 1.7 million in Q2 2018. That’s a mind-boggling 782x increase! This is according to an
The scary part is that behind many IIS
As my friend and SQL Server expert Steve Jones (@way0utwest) recently tweeted:
“The amount of shareholder value that can be lost due to a data breach is the amount of shareholder value you have.”
Agreed. A well-targeted attack can bring down a company.
Fortunately, Microsoft SQL Server can be made extremely secure if configured properly. Encryption, Role-based security, Auditing, and other mechanisms allow administrators to define, limit, and monitor access at a very granular level.
The problem is that not all SQL Servers are configured properly. Over 96% of the SQL Server instances we’ve assessed deviate from industry best practices in security, performance, or other configurations. This is troubling.
What can you do? Spend some time with your application developers, with your system and network administrator, and with your DBA team to review the layers of security designed into your systems. Are the Windows Servers patched and up to date? Have the appropriate rules been defined in your firewalls? And, of course, are your SQL Servers configured properly?
Not sure where to start with security for your SQL Servers? Review the following:
- Overview of SQL Server Security
- Securing SQL Server
- MSDN SQL Server Security Blog
- MSSQLTips SQL Server Security Tips
Have questions? Give us a call. Our SQL Server Configuration Assessments maybe a good place for you to start.