"Not realizing the server was on the perimeter, they had opened the SQL Server’s port in the local firewall, left it with a blank admin account, and enabled xp_cmdshell"
As the Mark states in the article, this is terrible even within the network, let alone on the perimeter. Microsoft actually recommends against running Exchange and SQL Server on the same box anyways [1] for performance reasons.
Is there a good intention that would motivate someone to install something on a production box, leave it in an insecure config, and not document it?
As the Mark states in the article, this is terrible even within the network, let alone on the perimeter. Microsoft actually recommends against running Exchange and SQL Server on the same box anyways [1] for performance reasons.
Is there a good intention that would motivate someone to install something on a production box, leave it in an insecure config, and not document it?
[1] http://technet.microsoft.com/en-us/library/aa997379(v=exchg....