Hi everyone,
I'm a college student new to the InfoSec community and will be participating in CCDC 2013, a competition designed to promote Information Assurance. In the competition, we have to secure and maintain a plethora of web apps and services. I've been doing a good job so far, but MS SQL on a windows server 2008 box in the qualifiers round really stumped me. Even google was giving sketchy answers, or ways to secure MySQL (the Linux SQL service not to be confused with MS SQL, the Windows version.
I was wondering if anyone here has any experience setting up MS SQL to be secure. I would probably just be setting up a simple database to protect (the main concern is that the scorebot can ping the default port MS SQL listens on, giving me points for having the service active). Any advice would be greatly appreciated.
I'm a college student new to the InfoSec community and will be participating in CCDC 2013, a competition designed to promote Information Assurance. In the competition, we have to secure and maintain a plethora of web apps and services. I've been doing a good job so far, but MS SQL on a windows server 2008 box in the qualifiers round really stumped me. Even google was giving sketchy answers, or ways to secure MySQL (the Linux SQL service not to be confused with MS SQL, the Windows version.
I was wondering if anyone here has any experience setting up MS SQL to be secure. I would probably just be setting up a simple database to protect (the main concern is that the scorebot can ping the default port MS SQL listens on, giving me points for having the service active). Any advice would be greatly appreciated.