Protect Your SQL Server from MrbMiner and Other Malware Attacks

Protect Your SQL Server from MrbMiner and Other Malware Attacks

Hands of a Hacker

Unfortunately malware attacks attempting to exploit vulnerable SQL Servers are often successful. Last spring, Guardicore announced that the Vollgar attack that was making its way around the internet. Just last month, it was MrbMiner in the news. And there have been countless other attacks targeting SQL Server over the year. So, how can your protect your SQL Server from attack?

In this short video we’ll share six ways to help protect your SQL Servers.

Protect your SQL Server

Spoiler alert! Six steps to protect help protect your SQL Server from attack:

  1. If at all possible, don’t expose your SQL Server directly to the internet. Protect them behind a firewall and other multi-layered security measures.
  2. Don’t allow weak passwords for sa or any other accounts. Enforce rigorous password complexity requirements.
  3. Patch often. Review and apply the latest cumulative updates and applicable hotfixes from Microsoft frequently.
  4. Disable the sa account. It’s a well-known login that has unfettered access to the SQL Server instance.
  5. Audit failed login attempts and review all newly created logins regularly.
  6. Proactively monitor and check your SQL Servers frequently.

These six steps are by no means a comprehensive list of all the security measures that should be taken to protect your SQL Servers. They are just a start, the often overlooked but basic steps to help reduce the surface area of attack on your Microsoft SQL Servers.

By following these steps, along with the others listed here, you can protect your SQL Servers from Malware.

 

One Response

  1. […] Hardware can fail. Databases can corrupt. Users can delete data. Not to mention other issues like ransomware hitting your network, tornados hitting your data center, or any of the other things a year like 2020 can throw at us. (See Protect Your SQL Server from MrbMiner and Other Malware Attacks) […]

Leave a Reply

Your email address will not be published. Required fields are marked *