I have been trying to Google up an answer for this, but I can never seem to find the right answer.
I've been given the job of finding out how to lock out an account from SQL Server 2008(on Windows Server 2008 Standard SP2) after there's been so many number of login attempts. We're being hit with the SQL Slammer(or something similar) and I'm at my wits end trying to figure this out. I'm not a server guy in the slightest, and apparently neither is the guy who actually owns the server by the looks of how terribly setup the server and the applications that depend on it are setup.
-
I am not allowed to block port 1443. We have one application uses it and my boss doesn't want to make the one tiny company that uses it do a quick software update on a few computers to patch it up. He's said for the past month he's going to get the IP addresses of the employees that would need access so that we can block everyone except for them, but he's yet to come through with this.
-
I've been attempting to firewall the IP addresses that come up in the error logs, but this seems a bit futile to have to constantly check. Usually by the time I get the IP
address, the attacker's already attempted several thousand login attempts. -
I've already disabled the sa account.
-
I've already gone into the local security settings and set all of those(Account lockout duration = 30 minutes, account lockout threshold = 10 failed attempts)
-
The database's server authentication is set to SQL Server and Windows Authentication
I honestly don't know what to do. I'm assuming there's some sort of policy I can create for it, but that's entirely beyond my abilities at the moment.
Best Answer
Unfortunately you are in a bad place. We talked about this exact thing over here.