My point is that if you are running 818 you are NOT fully patched.
-----Original Message----- From: John Paul Ashenfelter [mailto:[EMAIL PROTECTED] Sent: 01 March 2005 21:53 To: CF-Talk Subject: Re: Securing MS-SQL port 1433 On Tue, 1 Mar 2005 20:53:13 -0000, Robertson-Ravo, Neil (RX) <[EMAIL PROTECTED]> wrote: > I would say NONE - all of the SQL boxes we have (and we have thousands) are > a) protected with hardware and software security. They are all patched to > the highest degree (where needs be, as not all servers require all patches > for loopholes and indeed some cannot have them). Great! So by hardware and software security I'll take a stab at translating that as at least a firewall. So far we're in agreement. Remember, this started b/c I said anyone who left port 1433 open was an idiot -- now we're into discussing how to assess the risk from a specific vulnerability (choosing which patches to apply) and which service pack which *are* (potentially) past the normal desktop user's area of responsibility. > Let me ask you, what version of SQL are you running? 8.00.818? Actually, yes I am on my production servers. My clients are a mix of ..818 (post-SP3 hotfix) and .760 (SP3). And to be completely fair, my laptop actually runs 8.00.760 (with Named Pipes disabled). > Note you do not have to patch all risks if the risk is low - for example > there may be an issue where a maliscious user could access your server but > its only a problem/issue if the maliscious user can gain access to it... Agreed -- whether it's MS-SQL or Windows (or Linux or CF or whatever) you don't have to immediately apply patches if you're not vulnerable to the issue. As I've said, I run my laptop in *horrors* SP3 instead of the post-SP3 hotfix -- upgrading wasn't worth the risk (though when I build a new box, it goes to .818 by default) -- John Paul Ashenfelter CTO/Transitionpoint (blog) http://www.ashenfelter.com (email) [EMAIL PROTECTED] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:197079 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
