Many of the services we run within Microsoft uses Windows Authentication. However, there are some services that still uses Mixed Authentication. If you are allowing SQL Server standard logins for access to your SQL Server, then you must ensure that your SA account is locked down as completely as possible and that only key people in the team know the password.
The most obvious first steps is to utilize a complex passphrase, create separate accounts for each DBA, and then ensure that nothing ever uses the SA account.
Being a smart DBA or a System Admin, you can defeat the brute force attacks on the Administrator (SA) account in a very simple way and that is by simply renaming the Administrator account of your SQL Servers. Once you change the SA account, hackers will fail when using SA account to try connecting in to SQL Server as the account is now renamed or is invalid.
You can easily disable or rename an SA account in SQL Server using the following steps:
Note: This was not possible in earlier (prior to SQL2K5) versions of SQL Server.
However, there is still an issue to resolve with someone attempting to hack into your SQL Server by using a brute force attack against the SA account. Just like the Administrator account in Windows, the SA account can NOT be locked out, regardless of the number of failed login attempts.
RENAME SA ACCOUNT
|
ALTER LOGIN SA WITH NAME = [NEW_ACCOUNT];
GO
|
DISABLE SA ACCOUNT
|
ALTER LOGIN SA DISABLE;
GO
credits to Saleem Hakani. my SQL Hero. |
