NOW READ THIS
("Security Advisory")

Go Back

Submitted by: Bill Hickey
NCVA List Master

NRT-0344 Half-a-Million Database Servers Without Firewalls:


According to security researcher and managing director of NGSSoftware, there are nearly half-a-million database servers exposed on the Internet without firewall protection. The researcher took a look at just over one million randomly generated Internet Protocol (IP) addresses, checking them to see if he could access them on the IP ports reserved for Microsoft SQL Server or Oracle's database. He found 157 SQL servers and 53 Oracle servers. He then relied on known estimates of the number of systems on the internet to arrive at his conclusion that there are approximately 368,000 Microsoft SQL Servers and about 124,000 Oracle database servers directly accessible on the internet. This is not the first time that he has conducted this type of research. Two years ago, he released his first Database Exposure Survey, estimating that there were about 350,000 Microsoft and Oracle databases exposed. He found about 82% of the SQL Servers were running older SQL Server 2000 software, and less than half of those had the product's latest Service Pack updates installed. On the Oracle side, 13% of the servers were running older versions of the database that no longer receives patches. These Oracle 9.0 and earlier databases are known to have security vulnerabilities. The 2007 version of the Database Exposure Survey is available on his Databasesecurity.com website.

(IDG News Service 14NOV07)


Valid XHTML 1.0! Valid CSS! Counter Image
Last Modified: Wednesday, 23-Jan-2008 18:34:53 EST