Step 2: Look in the memory

You can use the Windows Task Manager to search for applications that don't seem to belong or those using up serious memory or processor time. I recommend using Sysinternals' Process Explorer (shown below highlighting the NetBus Trojan) since it provides more information on running processes as well as a more reliable way to kill processes that don't belong.

Sysinternals' Process Explorer shows details about all processes – including Trojans

You're probably thinking this seems like too much effort – how could you possibly keep up with what's loaded on your Windows server. It's not too much when you think about it; Of all the systems on your network, you really need to know your database server inside and out – which includes documenting which processes are supposed to be running and which aren't. So, if you get a good baseline after a fresh install -- or even now, assuming things are running well – you can use that as your basis for comparison when troubleshooting Trojan-type issues down the road.

Test for a Trojan horse on your SQL Server

 Home: Introduction
 Step 1: Scan your SQL Server for malware
 Step 2: Look in the memory
 Step 3: Look at open ports
 Step 4: Peek into your network traffic
 Step 5: Approach with a malicious mindset

---

ABOUT THE AUTHOR:

Kevin Beaver Kevin Beaver is an independent information security consultant and expert witness with Atlanta-based Principle Logic, LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has authored/co-authored six books including , Hacking Wireless Networks For Dummies, and Securing the Mobile Enterprise For Dummies (all by Wiley), as well as The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver ~at~ principlelogic.com. Copyright 2006 TechTarget

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT SQL Server security Secure SQL Server from SQL injection attacks How insiders hack SQL databases with free tools and a little luck Sarbanes-Oxley compliance checklist: IT security and SQL audits SQL Server source code analysis and management adds database security Ten common SQL Server security vulnerabilities you may be overlooking SQL Server 2008 security and compliance features reduce security risks Get your SQL Server security goals in order How secure is your SQL Server network design? Creating a SQL Server user authentication schema Could a join of encrypted SQL Server data have a problem? SQL Server performance and tuning Virtual database storage for SQL Server: Friend or foe? Tutorial: SQL Server 2005 Analysis Services Tutorial: Migrating to SANs from local SQL Server disk storage SQL Server memory configurations for procedure cache and buffer cache Using the OUTPUT clause for practical SQL Server applications Check SQL Server database and log file size with this stored procedure SQL Server PerfMon counters for access methods and buffer manager Find size of SQL Server tables and other objects with stored procedure Monitor SQL Server disk I/O with PerfMon counters SQL Server tempdb best practices increase performance

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary data corruption  (SearchSQLServer.com) data hiding  (SearchSQLServer.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary