MSSQL SA账号遭受暴力破解袭击(mssql sa暴力破解)
The Meaning of SQL Server SA Account Being Attacked
The MS SQL SA account as the most important account of MS SQL Server, is used to manage the databases and have the right to do anything. It is no exaggeration to say that without the SA account, MS SQL Server cannot function at all. Therefore, the attack on the SA account means that the databases of the MS SQL Server can be tampered with and the security of the data is put in danger.
SQL Server SA account is usually attacked by unauthorized logins; either through an automatic brute-force attack, or through a successful phishing campaign. In this attack, hackers will try to guess the SA account password by continuously trying a large number of random combinations until the correct combination is found. In addition, hackers will sometimes attempt to gain access to the SA account through a successful phishing campaign.
The traditional methods for protecting SQL SA account are extremely weak. Even the simplest of passwords can be cracked in a matter of hours. On the other hand, if the hackers know the administrator’s password, they can easily gain access to the SA account. Therefore, it is recommended that administrators should always use strong passwords and/or two-factor authentication methods to protect their SA accounts.
To further reduce the risk of the SQL SA account being attacked, administrators should also set up an “Audit Failure” trigger. This trigger will log all failed connections to the SA account, which can help administrators detect any malicious activity. The following is a sample command for setting up such a trigger:
EXEC sp_settrigger ‘Audit_Failure’, ‘ON LOGIN FAILURE TO SA’, ”, ‘Audit failed login attempts on the SA account’, 1, 0 GO
In addition to setting up Audit Failure triggers, administrators should also configure the MS SQL Server to lock out the SA account after a pre-defined number of failed attempts. This can be done by using the following command:
ALTER LOGIN [sa] WITH PASSWORDPOLICY=CHECK_POLICY,PASSWORDLOCKTIMEOUT=10 GO
By following these simple steps, administrators can greatly reduce the risk of their MS SQL SA account being attacked.
