North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Level3 routing issues?

  • From: Stephen J. Wilcox
  • Date: Sat Jan 25 16:51:51 2003

On Sat, 25 Jan 2003, Avleen Vig wrote:

> 
> On Sat, Jan 25, 2003 at 12:20:41PM -0500, C. Jon Larsen wrote:
> > 
> > On Sat, 25 Jan 2003, Avleen Vig wrote:
> > 
> > [snip]
> > 
> > > Let's not blame MS for admins who don't know how to secure their boxes
> > > :-)
> > > A patch was released mid-2002 and was also part of SQL Server SP3
> > 
> > Would it not also be a good idea/practice *not* to ever let a MS SQL 
> > server (or *any* database server) sit on a network that is directly 
> > accessible from the internet ?  Having a firewall(s) in front of your 
> > database server regardless of the type is pretty much common sense, right?
> > 
> > Its bad enough to be stuck having to run/support IIS and MSSQL in any 
> > scenario, but letting MSSQL talk to the world just seems like asking for 
> > even more trouble.
> 
> I agree absolutely. This is just bad practice and the network admins
> here need to re-think their security architecture.

I've not looked at any great detail into the exact sources but of the few I
looked at earlier I was surprised to find them on ADSL .. these may be corporate
networks this is the bit I dont know but some of them seemed to be residential,
weird!

Steve