21 March,2016 by Tom Collins
Question: I noticed in the SQL Server Error Logs a regular Nessus Scan . The Nessus Scan was attempting to login using various SQL Login accounts – such as SA. The scan is completing a penetration test on SQL Servers and is part of a suite of measures to fulfill SQL Server - Security Risk Analysis and database security
A number of login failures were occurring triggering an account lockout. I was able to check the lockout status and the time the lockout occured via:
SELECT name, is_disabled, LOGINPROPERTY(name, N'isLocked') as is_locked, LOGINPROPERTY(name, N'LockoutTime') as LockoutTime FROM sys.sql_logins WHERE LOGINPROPERTY(name, N'isLocked') = 1
The interesting aspect was that after 30 minutes the account was unlocked. I’m curious to find out more about how these settings are managed and where to find the information.
Where can I check the password policy details ?
Answer: To check the password policy , you’ll need to use secpool.msc on your Windows system. Once secpool.msc is opened, check Account Policies and Account Lockout Policy.
How you manage the Account lockout duration,account lockout threshold and reset account lockout counter values will depend on how the Windows servers are managed. To change the value may include speaking to the domain administrator and discussing changing the policy to a different setting.
SQL Server Security Violations Report for t-sql tuesday - SQL
Database Security Countermeasures against hacker attacks - SQL ...
SQL Server - Database Server Security Audit Process - SQL Server ...
This is only a preview. Your comment has not yet been posted.
As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.
Having trouble reading this image? View an alternate.
Posted by: |