How do I hide SQL Server version information?

Asked 1 years ago, Updated 1 years ago, 328 views

environment
OS:Microsoft Windows Server 2012 R2 SQL:Microsoft SQL Server 2008 R2 Express

What do you want to do
Port scanning tools such as nmap display version information.
Could you please let me know if there is a way to hide the MSSQL version?
As for DB servers, is it not possible to hide banner information like Web servers (such as Apache)?

Regardless of MSSQL, I could not find information to hide version information for other DBs, such as MySQL.

sql-server

2022-12-07 09:43

1 Answers

I don't know exactly what the combination of nmap and SQL Server is, but it's general.

There are several ways the scanning tool can identify the server version.

Most settings can be hidden in 1.2. There are times when the interpretation of may need to be changed depending on the version, and there are many things that cannot be hidden or that cannot be hidden.3. There's nothing I can do about it.

The bottom line is that it should not be hidden by settings.

If the configuration looks like a person who is having trouble seeing the version information, it's a problem in itself

No, it's not.The version information is not inherently relevant to whether the system is safe from attacks.

The bad one is 3.4.

A decade ago, when there were no sufficient authentication mechanisms or data protection, DB was absolutely something to hide, but nowadays TLS encryption and authentication are possible, and both the idea itself and the internal network are shifting to unreliable assumptions.

Ideally, whether external or internal, it should be secure and the version information is visible and invisible (both visible and unconnected and unconnected) is essentially irrelevant.


2022-12-07 16:33

If you have any answers or tips


© 2024 OneMinuteCode. All rights reserved.