Re: [Emerald] Emerald security

Dale E. Reed Jr. ( (no email) )
Sun, 21 Nov 1999 09:45:21 -0800

Emad Hazza wrote:
>
> Hi All,
>
> I just received an email from a hacker who claims that he managed to get
> into my emerald server. To prove that he did he gave me the names of my
> access servers and number of mbr's some usernames and passwords, all
> inducate that he managed to get int the emerald database. Ofcourse he
> used stolen user name and password of our customers.
> can any body tell me how to counter such attack.

Emerald uses SQL Server on the backend. Anyone that knows how SQL
Server
works can TRY to get into your DB. Securing that is no different than
any other box:

1) Put it behind a firewall/flter/something to restrict who can get to
it from a physical point of view.

2) Make sure your SQL passwords are secure. By default the SA password
is blank.

3) Check the machines that have access to your SQL Server. For example,
secure your RadiusNT machines and make sure RadiusNT is not logging
into your DB as sa.

-- 

Dale E. Reed Jr. Emerald and RadiusNT__________________________________________IEA Software, Inc. www.iea-software.com

For more information about this list (including removal) go to:http://www.iea-software.com/support/maillists/liststart