Tutorial :Is it possible to hack database server that open only 3 ports?



Question:

From my last question, I have new idea for database protection. The following ports will be connected via SSL only. Is it possible to hack this database server?

  1. Http Port for sending & receiving data via WCF Services or Web Services.
  2. Ftp Port for updating above services.

PS. This question is not include SQL injection problem.

Thanks,


Solution:1

It's possible to hack just about anything. Your HTTP or (especially) your FTP server could have security bugs in it which open a backdoor. These could be anything from arbitrary code execution under root/Administrator or full filesystem access.

I assume also that your database server is also not bug-free, and could expose all your data.

Obviously, though, having as few ports as possible open is better.


Solution:2

In practice, you can never make your server hacker-proof. As long as hackers have some means to send data to the server, they can potentially exploit security vulnerabilities to do bad things. Limiting the server's surface area, using encryption, and so on all help and make it less likely you'll get hacked, but you're never 100% safe.


Solution:3

Everything is possible, but sure this decrease the possibilities.


Solution:4

you can still guess/predict/keylog the username/password and get in


Solution:5

I always tell people the only hack-proof server is the one that is unplugged and powered down in the closet.

It is important, when presenting a security solution, do identify what kind of intrusion you are attempting to guard against. Even with only three ports open, even with one for that matter, a successful dictionary attack against accounts accessing the server via FTP port could do some damage.

As a general rule, we do not expose our databases directly outside the network/firewall. Only web or user application servers have exposed ports but nothing that isn't behind the firewall can directly touch the database servers.


Solution:6

This is still vulnerable several ways:

  1. Man in the middle attack against SSL if you don't have proper certs set up
  2. Input handling exploits in your httpd, ftpd and operating system
  3. Social engineering

That doesn't mean it's not a good idea to do things this way, but it's dangerous to think this, or anything really, is "hack proof". I'll spare you the typical wisecrack about windows security.


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »