mizbanaval
August 8th, 2017, 14:03
با سلام و درود
همانطور که در جریان هستید هتزنر اخطار های امنیتی برای مشتریان ارسال میکند
سوال من اینه :
به طور مثال بعضی از برنامه نویس ها برای ریموت به MS SQL نیاز دارند از طریق اینترنت دسترسی داشته باشند و از تمامی ایپی ها پورت دیتابیس در دسترس باشد
ایا راهکاری برای رفع این اخطار بنظر شما میرسد؟ غیر از بستن پورت در بستر اینترنت؟
این اخطار تنها حالت اطلاعیه دارد ولی واقعا اعصاب خورد کن میباشد
با تشکر
> Dear Sir or Madam,
>
> Microsoft SQL-Server (MS-SQL) includes a "Browser Service" usually
> listening on port 1434/udp. If this service is openly accessible from
> anywhere on the Internet, it exposes information on the network the
> SQL server is running on. Furthermore, it can be abused for DDoS
> reflection attacks against third parties.
>
> Please find below a list of affected systems hosted on your network.
> The timestamp (timezone UTC) indicates when the system was found to be
> running an openly accessible MS-SQL Server Browser Service.
>
> We would like to ask you to check this issue and take appropriate
> steps to secure the MS-SQL Browser Services on the affected systems or
> notify your customers accordingly.
>
> If you have recently solved the issue but received this notification
> again, please note the timestamp included below. You should not
> receive any further notifications with timestamps after the issue has
> been solved.
>
> Additional information on this notification, advice on how to fix
> reported issues and answers to frequently asked questions:
> <https://reports.cert-bund.de/en/>
>
> This message is digitally signed using PGP. Information on the
> signature key is available at the aforementioned URL.
>
> Please note:
> This is an automatically generated message. Replies to the
> sender address <reports@reports.cert-bund.de> will NOT be read
> but silently be discarded. In case of questions, please contact
> <certbund@bsi.bund.de> and keep the ticket number [CB-Report#...]
> of this message in the subject line.
>
> !! Please make sure to consult our HOWTOs and FAQ available at !!
> <https://reports.cert-bund.de/en/> first.
همانطور که در جریان هستید هتزنر اخطار های امنیتی برای مشتریان ارسال میکند
سوال من اینه :
به طور مثال بعضی از برنامه نویس ها برای ریموت به MS SQL نیاز دارند از طریق اینترنت دسترسی داشته باشند و از تمامی ایپی ها پورت دیتابیس در دسترس باشد
ایا راهکاری برای رفع این اخطار بنظر شما میرسد؟ غیر از بستن پورت در بستر اینترنت؟
این اخطار تنها حالت اطلاعیه دارد ولی واقعا اعصاب خورد کن میباشد
با تشکر
> Dear Sir or Madam,
>
> Microsoft SQL-Server (MS-SQL) includes a "Browser Service" usually
> listening on port 1434/udp. If this service is openly accessible from
> anywhere on the Internet, it exposes information on the network the
> SQL server is running on. Furthermore, it can be abused for DDoS
> reflection attacks against third parties.
>
> Please find below a list of affected systems hosted on your network.
> The timestamp (timezone UTC) indicates when the system was found to be
> running an openly accessible MS-SQL Server Browser Service.
>
> We would like to ask you to check this issue and take appropriate
> steps to secure the MS-SQL Browser Services on the affected systems or
> notify your customers accordingly.
>
> If you have recently solved the issue but received this notification
> again, please note the timestamp included below. You should not
> receive any further notifications with timestamps after the issue has
> been solved.
>
> Additional information on this notification, advice on how to fix
> reported issues and answers to frequently asked questions:
> <https://reports.cert-bund.de/en/>
>
> This message is digitally signed using PGP. Information on the
> signature key is available at the aforementioned URL.
>
> Please note:
> This is an automatically generated message. Replies to the
> sender address <reports@reports.cert-bund.de> will NOT be read
> but silently be discarded. In case of questions, please contact
> <certbund@bsi.bund.de> and keep the ticket number [CB-Report#...]
> of this message in the subject line.
>
> !! Please make sure to consult our HOWTOs and FAQ available at !!
> <https://reports.cert-bund.de/en/> first.