Is your database server secure? You might want to think again. Security researcher David Litchfield recently warned that at least 500,000 database servers on the Internet are unprotected by any firewall.
He randomly sampled 1 million IP addresses and found 157 SQL Servers and 53 Oracle servers, leading him to estimate through a series of calculations that approximately 368,000 SQL Servers and 124,000 Oracle database servers are directly exposed to the Internet.
This researcher began studying related data two years ago, and at that time, the number of vulnerable database servers was 350,000.