SQL Server risks:
Danger: no firewall protection, exposed to the public network.
Consequence: SQL worms and hackers conduct denial-of-service attacks, cache overflow, SQL blind injection, and other attacks.
Remedy: Install a firewall, even if the funds are limited, there will be a large number of free products on the Internet.
Dangerous: no security vulnerability scan is performed.
Consequence: vulnerabilities in the operating system and network programs are discovered by hackers, and even the database is broken.
Remedy: always keep the latest security patches and regularly use security vulnerability assessment tools for scanning.
Dangerous: List SQL Server Resolution services.
Consequence: attackers can obtain database information or conduct cache overflow attacks. SQLPing can also be used even if the database instance does not listen to the default port.
Remedy: Filter access requests from unauthenticated IP addresses.
Dangerous: weak SA password or no password set.
Consequence: the hacker enters the database by cracking the password.
Remedy: set a strong password and do not leave any database account with a blank password.
Danger: the WEB program connected to the database does not filter SQL injection.
Consequence: the hacker injects SQL commands into normal data and submits them to the server.
Remedy: Verify and filter the data sent from the browser, and the data cannot be directly submitted to the database.
Danger: Google hacks.
Consequence: hackers use the search engine to find the SQL error page of the WEB program, find information, vulnerabilities, and even directly view the password.
Remedy: capture your errors. Do not let the program output the error information to the public page, but write the error information to the Log.