If you are running Microsoft SQL Server you probably aware of brute-force attacks on SA account. Almost every SQL server connected to the Internet is under constant attack.
Once a hacker has access to a SA (DBA) account, or even a normal user account, it can get full access to the file system on a server, or even to the files on the network to which it is connected.
If your SQL server accepts remote connections, System Event Log may contain thousands of entries like below:
Login failed for user 'sa' error 18456.
This means that someone is trying to get access to your server. Brute-force attacks may also abuse your server resources (CPU and bandwidth).
RdpGuard allows you to protect your MS SQL Server from brute-force attacks.
It monitors the EventLog and detects failed login attempts. If the number of failed login attempts from a single IP address reaches a set limit (three by default), the attacker's IP address will be blocked on the firewall.
For Windows Server 2003, Vista, 7, 8, 2008, 2012
To Enable MS-SQL Server Protection
1. Click Tools, Options and open the Monitoring tab:
Click Tools, Options
2. Check Enable MS-SQL protection
RdpGuard Monitoring Options
4. Click Save. RdpGuard service will be restarted.