Problem solve Get help with specific problems with your technologies, process and projects.

SQL Server security and Russian hackers

I have read your answer on the topic "MySQL versus SQL Server for Web site".

Can you please tell me, why are then MS SQL Servers hacked on a weekly/monthly basis? I myself am using MySQL and keeping away from Microsoft because one Russian cracker exposed thousands of credit card numbers on the Web, and his argument was: "...I had to do it because they were stupid enough to put credit card data on Microsoft SQL Server."

Bad security practices, bad deployment practices, bad development practices, and bad admin practices. If you configure a SQL Server directly exposed to the Internet using a blank password for your sa account, no kidding it is going to be hacked. If you follow proper security practices and configure your system with security in mind, then it isn't going to be hacked. He exposed those credit card numbers because someone deployed data in an unsecure manner.

Unix, mainframe, Windows, pick a platform or product, are hacked on a daily basis, somewhere in the world. They are hacked because the people installing and running them did not secure the data. Can more be done? Absolutely. But I can also tell you that the security available within SQL Server, if you choose to use it, will lock up your data and is light years beyond what you get with MySQL. Just like Access, I consider MySQL to be a toy database whose best use is as a hobby.

As a VERY recent example: the Slammer worm. Across several clients, I have more than 50,000 SQL Servers running. Every one of them stores mission critical and vital information, as well as extremely sensitive information. Not a single one of them got hit by the Slammer worm. Not a single one of them has ever been broken into. Why? Because they are installed behind and kept behind firewalls. The admin accounts are locked down and very tight access control is used. Anything unnecessary is turned off and disabled. The systems are monitored for hacking attempts and when detected, mechanisms kick in to lock the hacker down, back trace them, and shut them out of systems.

That is an extremely simplified answer to a very complex question. Your example is one example showing it happened. There are millions of examples showing it doesn't happen.


For More Information

Dig Deeper on Microsoft SQL Server Installation

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.