When we talk about server, the first thing came into our mind would be a computer or a devices that manages the whole network resources. Server are most often dedicated or multi processing operating systems. Examples are: file server which is dedicated in storing files. A web server which serves static content to a web browser by loading a file from a disk and serving it across the network, and a database server that processes database queries. How safe is your server? Are your server free from unauthorized users? You may want to double-check. This kind of questions is very important when we’re talking about servers. To make it simple, we need a security to make this things up. A Firewall which is a system designed to prevent unauthorized access from a private network.
According to security researcher David Litchfield, there are nearly half a million database servers have no firewall protection. Litchfield took a look over 1 million randomly generated Internet Protocol (IP), checking them if he can access them on the IP ports reserved for Microsoft SQL Server or Oracle database. He found out 157 SQL servers and 53 Oracle servers. Litchfield estimates approximately 368,000 Microsoft SQL servers and 124,000 Oracle database servers directly accessible on the internet. Imagine how many data are at risks. Litchfield says on his interview. “I think it’s terrible, We all run around like headless chickens following these data breach headlines…organizations out there really don’t care. Why are all these sites hanging out there without the protection of a firewall?”. The security research wasn’t sure why Oracle’s numbers decreases while Microsoft’s had risen. Another disturbing finding of Litchfield 2007 survey is many of these unprotected database are also unpatched.
Via: CIO