Level3 routing issues?
Stephen J. Wilcox
steve at telecomplete.co.uk
Sat Jan 25 19:43:02 UTC 2003
On Sat, 25 Jan 2003, Avleen Vig wrote:
>
> On Sat, Jan 25, 2003 at 12:20:41PM -0500, C. Jon Larsen wrote:
> >
> > On Sat, 25 Jan 2003, Avleen Vig wrote:
> >
> > [snip]
> >
> > > Let's not blame MS for admins who don't know how to secure their boxes
> > > :-)
> > > A patch was released mid-2002 and was also part of SQL Server SP3
> >
> > Would it not also be a good idea/practice *not* to ever let a MS SQL
> > server (or *any* database server) sit on a network that is directly
> > accessible from the internet ? Having a firewall(s) in front of your
> > database server regardless of the type is pretty much common sense, right?
> >
> > Its bad enough to be stuck having to run/support IIS and MSSQL in any
> > scenario, but letting MSSQL talk to the world just seems like asking for
> > even more trouble.
>
> I agree absolutely. This is just bad practice and the network admins
> here need to re-think their security architecture.
I've not looked at any great detail into the exact sources but of the few I
looked at earlier I was surprised to find them on ADSL .. these may be corporate
networks this is the bit I dont know but some of them seemed to be residential,
weird!
Steve
More information about the NANOG
mailing list