sql

Are your Microsoft products End of Mainstream ( Bug \ Product Update ) Support?

As of today ( 30/4/2020) if you have Microsoft servers that are older then the list of below, then they are out of Mainstream Support

  • SharePoint 2016

  • Exchange 2016

  • SQL Server 2016 (SP1)

  • Windows Server 2016

What does that mean?

Mainstream support is the free warranty Microsoft puts on its software products ( usually around 3 years ) for any Security Issue or Bug or Product Changes found with it.

After this, the product switches to Extended Support

"Extended Support lasts for a minimum of 5 years and includes security updates at no cost, and paid non-security updates and support," says Microsoft.

Extended Security Updates for on-premises or hosted environments: Extended Security Updates will also be available for workloads running on-premises or in a hosting environment. Customers running SQL Server or Windows Server under licenses with active Software Assurance under an Enterprise Agreement (EA), Enterprise Subscription Agreement (EAS), or a Server & Cloud Enrollment (SCE), can purchase Extended Security Updates annually for three years after End of Support date. Customers can purchase Extended Security Updates only for the servers they need to cover. Extended Security Updates can be purchased directly from Microsoft or a Microsoft licensing partner.

What can you do ?

You can determine if not having product updates or bug fixes is an issue for your environment, auditing, and compliance. If only need Security updates, and these match your compliance and audit requirement then you just need to worry when extended support finishes!

If not then you need to purchase Extended Support From Microsoft , a cost of this for example with Windows 7 is 50$/Year or 25$ with a cloud license!

Or you can get it free for example SQL - Free and enabled by default when migrating on-premises servers to Azure Virtual Machines. You can then use the SQL Server registry service in the Azure portal to register your end-of-support SQL Server instance and download updates when they are made available.

Azure SQL Advanced Threat Protection (ATP) can save you being hacked and plastered on haveibeenpwned.com

People who code their own login forms and database-backed apps available publically should be careful of the SQL famouse Injection : 

'OR 1=1

For poorly coded forms this changes an SQL Query searching for a Username/Password to list all the logins

SELECT userid
FROM users
WHERE username = ''OR 1=1/*'
    AND password = ''
    AND domain = ''

You only need to look at Troy Hunts site and method to hack databases  to see how easy and how many people have been effected.

Azure SQL Advanced Threat Protection can detect these kinds of attacks for you stop or notify you as soon as they happen as well as let you know the hack 

Other Features is can help you with 

Vulnerability to SQL Injection:

This alert is triggered when an application generates a faulty SQL statement in the database. This may indicate a possible vulnerability to SQL injection attacks. There are two possible reasons for the generation of a faulty statement:

A defect in application code that constructs the faulty SQL statement

Application code or stored procedures don't sanitize user input when constructing the faulty SQL statement, which may be exploited for SQL Injection

Potential SQL injection

This alert is triggered when an active exploit happens against an identified application vulnerability to SQL injection. This means the attacker is trying to inject malicious SQL statements using the vulnerable application code or stored procedures.

Access from unusual location:

This alert is triggered when there is a change in the access pattern to SQL server, where someone has logged on to the SQL server from an unusual geographical location. In some cases, the alert detects a legitimate action (a new application or developer maintenance). In other cases, the alert detects a malicious action (former employee, external attacker).

Access from unusual Azure data center

 This alert is triggered when there is a change in the access pattern to SQL server, where someone has logged on to the SQL server from an unusual Azure data center that was seen on this server during the recent period. In some cases, the alert detects a legitimate action (your new application in Azure, Power BI, Azure SQL Query Editor). In other cases, the alert detects a malicious action from an Azure resource/service (former employee, external attacker).

Access from unfamiliar principal

This alert is triggered when there is a change in the access pattern to SQL server, where someone has logged on to the SQL server using an unusual principal (SQL user). In some cases, the alert detects a legitimate action (new application, developer maintenance). In other cases, the alert detects a malicious action (former employee, external attacker).

Access from a potentially harmful application

This alert is triggered when a potentially harmful application is used to access the database. In some cases, the alert detects penetration testing in action. In other cases, the alert detects an attack using common attack tools.

Brute force SQL credentials

This alert is triggered when there is an abnormal high number of failed logins with different credentials. In some cases, the alert detects penetration testing in action. In other cases, the alert detects brute force attack.

Cost

The cost of around  £11.18/node/month with a 60 day free trial, You will be needing to use a Managed SQL instance ( PaaS ) fo this feature