Notices

NSC-031230:  Increased SQL Server Activity

Please distribute this notice to computer System Administrators in your department/unit who are responsible for the support of Microsoft SQL Server database applications.

Significant “hostile” network activity has been detected going to campus SQL Servers, connecting via port 1433.  This activity appears to be automated brute force attempts to crack the default SQL administrator account on these systems.  Several campus SQL servers were detected with over 500 simultaneous connections.

 If you are running a MS SQL Server database application, you need to  

1. Ensure the default SQL administrator account (“sa”) has a long, strong password

2. Consider applying TCPIP security filtering on the server to restrict connections to campus machines*

3. Review your system logs for inappropriate connection activity

* A sample/template TCPIP security filter policy that restricts SQL connections to campus computers is available through the ITS Help Desk (4-4357).  They can also arrange for technical assistance in its installation and custom configuration.

If your review of system logs reveals unauthorized successful connection(s) to your server with administrator privileges, please report the activity to the IT Security Office (5-6332 or 5-6174). 

UI Home | UI A-Z Search | UI Phonebook/Email | Contact Us

Copyright © The University of Iowa. All rights reserved.