Half a million database servers exposed with no firewall

Think your database server is safe? You may want to double-check. According to security researcher David Litchfield, there are nearly half a million database servers exposed on the Internet, without firewall protection.Litchfield took a look at just over one million randomly generated Internet Protocol [IP] addresses, checking them to see if he could access them […]

Think your database server is safe? You may want to double-check. According to security researcher David Litchfield, there are nearly half a million database servers exposed on the Internet, without firewall protection.

Litchfield took a look at just over one million randomly generated Internet Protocol [IP] addresses, checking them to see if he could access them on the IP ports reserved for Microsoft SQL Server or Oracle's database. The results? He found 157 SQL servers and 53 Oracle servers. Litchfield then relied on known estimates of the number of systems on the Internet to arrive at his conclusion: "There are approximately 368,000 Microsoft SQl Servers... and about 124,000 Oracle database servers directly accessible on the Internet," he wrote in his report, due to be made public next week.

This is not the first time that Litchfield, managing director of NGSSoftware, has conducted this type of research. Two years ago, he released his first Database Exposure Survey, estimating that there were about 350,000 Microsoft and Oracle databases exposed.

Full Article

Database, Server, Database Server, Security, Firewall