Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Public Teleconferences
Join CIO Executive Council members and participate in the following live teleconferences:
* Planning for Succession:
Models for IT Leadership Development, June 23
* Change Leadership at General Growth Properties: A
Pathways Leadership Development Seminar, June 25
* Managing Change: Centralizing Your IT Organization
July 29
Apply today for a FREE subscription to CIO Magazine!
News
Researcher: Half a Million Database Servers Have No Firewall
According to an upcoming report by security researcher David Litchfield, nearly half a million database servers lack firewall protection. What's worse, many aren't even patched properly.November 14, 2007 — IDG News Service — Think your database server is safe? You may want to double-check. According to security researcher David Litchfield, there are nearly half a million database servers exposed on the Internet, without firewall protection.
Litchfield took a look at just over 1 million randomly generated Internet Protocol (IP) addresses, checking them to see if he could access them on the IP ports reserved for Microsoft SQL Server or Oracle's database. The results? He found 157 SQL servers and 53 Oracle servers. Litchfield then relied on known estimates of the number of systems on the Internet to arrive at his conclusion: "There are approximately 368,000 Microsoft SQl Servers... and about 124,000 Oracle database servers directly accessible on the Internet," he wrote in his report, due to be made public next week.
This is not the first time that Litchfield, managing director of NGSSoftware, has conducted this type of research. Two years ago, he released his first Database Exposure Survey, estimating that there were about 350,000 Microsoft and Oracle databases exposed.
This 2007 version of the Database Exposure Survey is set to be published Monday on Litchfield's Database Security Web site. IDG News was given a preliminary copy of the findings.
Litchfield said that, given the amount of press generated by corporate data breaches over the past two years, it's amazing to find that there are more databases exposed than ever before. "I think it's terrible," he said in an interview. "We all run around like headless chickens following these data breach headlines...organizations out there really don't care. Why are all these sites hanging out there without the protection of a firewall?"
This year's Oracle tally is actually down from Litchfield's 2005 estimate, which counted 140,000 Oracle systems. That same study placed the SQL server total at 210,000.
The security researcher wasn't sure why Oracle's numbers had declined while Microsoft's had risen. "Microsoft's technology is certainly easier to install. Maybe the increase in SQL server numbers is simply a function of that," he said.
In the 2005 survey, Litchfield found an even larger number of the open-source MySQL databases outside of the firewall. The 2007 survey does not count MySQL, however.
There was one other disturbing finding in Litchfield's 2007 survey: Many of these unprotected databases are also unpatched. In fact, 4 percent of the SQL Server databases Litchfield found were still vulnerable to the flaw that was exploited by 2003's widespread SQL Slammer worm. "People aren't protecting themselves with firewalls and the patch levels are atrocious," he said.
Riverbed RiOS 4.0: Raising the Bar in Wide Area Data Services
Forrester Research: Defining a Mobile Enterprise Policy
Windows Mobile Users Capture Value from Mobile Applications
Mobility for the People- Ready Business
Mobility Solutions in Enterprise-Size Businesses: Quantifying the Return on Investment (IDC Study)
Symantec Data Center Foundation Solutions
Windows Mobile Series: Improving Mobile Security and Management Webcast
Solutions to the Toughest IT Challenges in Remote Offices Webcast
Get Control of Mobile Data (and More): Improve security and reduce costs with a mobility management platform (Video webcast)
The Universal Wireless Client: How to simplify mobility and reduce the cost of supporting mobile workers (Video webcast)
Advanced DNS and Traffic Management Solutions: The Keys to Enhancing and Securing your Enterprise Network
ProCurve Access Control Video
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
Lithuania: Attacks Focused on Hosting Company
Google Bows to Pressure, Adds 'Privacy' Link to Home Page
TSMC Says 2Q in Line Or Better After Major Customer Falls
Asustek to Offer Eee PC with Built-in 3G Wireless
Asustek's Latest Eee PCs Shipping in Asia in July
Lenovo Seeks Prestige in Price-Sensitive Market
Microsoft's Silverlight Draws Patent Suit
A Tale of Two City Wi-Fi's
Google Under Pressure As App Engine Requests Rise
Wall Street Beat: IT Slumps in First Half
How To Do Nearly Anything
Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.
Over 25 tutorials on everything from business intelligence to virtualization.
