On Sat, 25 Jan 2003, Avleen Vig wrote:
On Sat, Jan 25, 2003 at 05:08:22PM +0000, Stephen J. Wilcox wrote:
Also; everyone who just posted to this list made it abundantly clear that they don't have a firewall in front of at least one MS SQL server on their network. Should you really have port 1433/4 open to the world? Would you do this with a MySql server?
Yes, thats bad.. people should be more clueful than they are, I blame folks being cheap, having staff who are clueless, low quality equipment, this is the market we're in.
The market we are in was specifically bred by Microsoft in the 90's when they claimed Windows was so eay to use, anyone could admin it. They've since changed their tune, but the damage has been done and continues to be done like last night :(
I would agree somewhat with Avleen here... BUT, like I said, its long past the time when every internet connected org really should reevaluate their security force's size and abilities :) security is 'important' and we really SHOULD get that across to EVERYONE... or atleast that's my thought :)