Your MySQL instance may be publicly accessible #209
Comments
TitleRemote access on MySQL instance detected TL;DRWe detected that a MySQL instance on {devices} may be accessible remotely. Consider either blocking port 3306 through the WoTT firewall management tool, or reconfigure MySQL to only listen on localhost. FAQMySQL is a powerful database tool used by major corporations worldwide. Such a demand for this tool translates to a demand in attackers breaking into company databases to steal information that could be used to further attack the company (i.e. stealing high level employee details and thus logging into company websites/remote servers and stealing/corrupting company information). For this reason, it is imperative your MySQL instances are up to date with the latest security updates, but also that you do everything possible to limit the opportunities an attacker may have. Allowing your MySQL instance to be remotely accessible is, in most cases, an unnecessary feature that should be closed. The vulnerabilities it opens up by leaving it open can be devastating. One such attack that is used on open ports is a DOS attack. If an attacker somehow was able to get their hands on login credentials from one of your employees, they could connect to your MySQL through remote access and it wouldn't be flagged as they logged in with the correct credentials. In addition, traffic over MySQL connections are not encrypted, therefore opening the avenue for an attacker to be listening/sniffing the data being transmitted from a remote host to the database. Wott firewall management tool has a feature that allows you to block the port 3306, which is the port used by MySQL for remote access. Alternatively, you can reconfigure the MySQL configuration file to only listen on localhost. To do so, find your config file usually located at Please remember to restart your MySQL instance as this will not take effect without doing so. |
|
I'm not happy with the FAQ version here. Please refactor this. There's too much fluff in that isn't relevant to the security. |
|
FAQ Rewrite proposal MySQL remains one of the most, if not the most, popular Relational Database Management System for SQL written databases. As an open-source system, it remains a strong tool for developers to use in database design. By default, remote access is usually disabled. Allowing your MySQL instance to be remotely accessible can leave you unnecessarily vulnerable to attack by human error, such as unprotected remote login, and access via stolen credentials. Additionally, traffic over MySQL connections are not encrypted by default, therefore opening an avenue for an attacker to be listening/sniffing the data being transmitted from a remote host to the database. WoTT's firewall management tool has a feature that allows you to block the port 3306, which is the port used by MySQL for remote access. Alternatively, you can reconfigure the MySQL configuration file to only listen on localhost. To do so, find your config file usually located at Please remember to restart your MySQL instance as this will not take effect until you do so. |
by default - it does support it. https://dev.mysql.com/doc/refman/5.7/en/encrypted-connections.html |
|
updated above |
|
Title TL;DR FAQ In most configurations, remote access is usually disabled. However, depending on the configuration and environment, it may be necessary to allow network access to your MySQL access (such as if you have other servers on the network talking to the server). In such instances, it is recommended that you configure a locked down firewall policy that only allows access from these servers. Failure to do so, may expose your MySQL server to the rogue actors on the internet, which may cause leakage of customer data. WoTT's firewall management tool has a feature that allows you to block the port 3306, which is the port used by MySQL for remote access. If no network access is needed, we recommend that you can reconfigure the MySQL configuration file to only listen on localhost. To do so, find your config file usually located at `/etc/mysql/my.cnf` and add or edit the following line: ``` Please remember to restart your MySQL instance as this will not take effect until you do so. Code Snippet None at this time. |
We detected that a MySQL instance on {devices} may be accessible remotely. Consider either blocking port 3306 through the WoTT firewall management tool, or re-configure MySQL to only listen on localhost.
part of #198
The text was updated successfully, but these errors were encountered: