We envision a world where the connection is the network: cloud services, connected devices and endpoints, easily and securely connect to each other, any time, anywhere.
According to an article by Shadowserver foundation, there were 2.3 million MySQL server instances on port 3306 that were scanned and found accessible worldwide. I was really surprised by the large number and am pretty certain that most people didn't do this on purpose.
First, let’s talk about the reason why having your MySQL (or any port) accessible on the public internet is an attack surface. Any port which is accessible on a public IP address will be scanned, this is a fact. Once a port has been scanned and found that there is a service responding, then the attacks will begin. These will include brute force attacks of username/password combinations, known exploits of OS and applications, various other known Common Vulnerabilities and Exposures, and new hacks are being developed constantly.
Read the complete list of pros and cons for each mitigation option.
The mitigation solutions are not Zero Trust Network Architecture (ZTNA) where you are giving each user access to only the resources to which they are authorized. Least priviledges possible.
Remote.It allows you to close the open port while still allowing your people and resources access. When you connect to a resource such as MySQL via Remote.It, you will be given a localhost address and a unique port. You can use this in your development environment connection configuration, database query tools, etc. There is no connecting, disconnecting, and reconnecting when you change locations or your laptop wakes up from sleep. These on demand connections will go idle when you are not actively using it and go active when you do.
Use our tool to see if your MySQL server is exposed.
If your MySQL server is exposed, consider implementing the mitigations listed above. The recommendations can be used together. Remote.It accounts are free for up to 5 endpoints.
We support these popular cloud providers:
Have a self-hosted database? We support that as well with options for Windows and Linux distributions. Learn more about Remote.It and get started
If you have any questions, comment below or drop us a line at firstname.lastname@example.org
Read the full article Dev.to Is your MySQL server open to the public Internet?