Results 1 to 6 of 6
  1. #1
    5 Star Lounger
    Join Date
    Mar 2002
    Location
    Buenos Aires, Argentina
    Posts
    877
    Thanks
    0
    Thanked 0 Times in 0 Posts

    SQL Server 2000 Security

    Hi all,

    We have SQL Server 2000 running in several PCs. I am new to this and was checking on the system's security, which is nearly null. We have SQL's initial installation, with no Service Packs applied.
    a) I imagine the response to this answer, but would you recommend installing SPs? Which one? Some SPs are known to bring more trouble than solutions.
    [img]/forums/images/smilies/cool.gif[/img] Reading about SQL Server 2000 security on the 'net, I got to know the Microsoft Baseline Security Analyzer. The version of the MBSA to install (1.2.1 or 2.0) seems to be SP-dependent, and apparently no MBSA version will work for unSP'd SQL Server installations. Is MBSA worth the run?

    Thank you in advance

    Edited: I noticed I had generated a duplicate post. I deleted the first one which was incomplete, accidentally resulting from pressing ENTER in the subject field
    <img src=/w3timages/blue3line.gif width=33% height=2>
    <img src=/S/flags/Argentina.gif border=0 alt=Argentina width=30 height=18> <big><font color=4682b4><font face="Comic Sans MS">Diegol</font face=comic></font color=4682b4> </big>

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: SQL Server 2000 Security

    I believe that unpatched SQL Server 2000 is ripe for attack by the Blaster worm. Although such an attack from "outside" is unlikely, assuming your server is not exposed to the Internet, an infected contractor or family member plugging in a laptop for a quick email could bring down your server. You really don't have much choice in installing at least the security patches.

    We recently installed a new SQL Server 2000 box, presumably with the latest SPs, and I haven't heard of any problems. We followed the requirements of the application that uses it, and if you use third party applications that access the server, you should check those to make sure they are compatible with the latest SPs.

  3. #3
    5 Star Lounger
    Join Date
    Mar 2002
    Location
    Buenos Aires, Argentina
    Posts
    877
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: SQL Server 2000 Security

    Hi Jefferson,

    I didn't find info on the Blaster worm but on the Slammer one.
    I also found this site to check out: http://www.sqlsecurity.com. I think I'll spend a while to read articles and investigate a bit further.

    I'm downloading SP4. Then I believe I'll give MBSA a try.

    Thanks!
    <img src=/w3timages/blue3line.gif width=33% height=2>
    <img src=/S/flags/Argentina.gif border=0 alt=Argentina width=30 height=18> <big><font color=4682b4><font face="Comic Sans MS">Diegol</font face=comic></font color=4682b4> </big>

  4. #4
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: SQL Server 2000 Security

    Keep in mind that when you use the MBSA tool it's not completely accurate, mainly because Microsoft has never really had a standard means of identifying their own patches in their OS's and products. It's a good place to start, but don't bet the farm on it!
    -Mark

  5. #5
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: SQL Server 2000 Security

    Yes, Slammer, I should remember because it has that nice alliteration (SQL Slammer).

  6. #6
    5 Star Lounger
    Join Date
    Mar 2002
    Location
    Buenos Aires, Argentina
    Posts
    877
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: SQL Server 2000 Security

    Alright. I'll keep that in mind <img src=/S/smile.gif border=0 alt=smile width=15 height=15>.
    Thanks!
    <img src=/w3timages/blue3line.gif width=33% height=2>
    <img src=/S/flags/Argentina.gif border=0 alt=Argentina width=30 height=18> <big><font color=4682b4><font face="Comic Sans MS">Diegol</font face=comic></font color=4682b4> </big>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •