Step 3: Look at open ports

You can use the netstat tool built into Windows to see what ports are open and connected on the server. At a command prompt, simply enter netstat –an|more to get a page by page count of what TCP and UDP ports are open and listening. An even better way to go about doing this is to use Foundstone's Vision tool or Sysinternals' TCPView tool as shown below with the NetBus Trojan highlighted.

Sysinternals' TCPView maps open ports to actual executable files

This is another reason to know your SQL Server inside and out. If you know what you're looking at then you'll know what you're looking for.

Test for a Trojan horse on your SQL Server

 Home: Introduction
 Step 1: Scan your SQL Server for malware
 Step 2: Look in the memory
 Step 3: Look at open ports
 Step 4: Peek into your network traffic
 Step 5: Approach with a malicious mindset

---

ABOUT THE AUTHOR:

Kevin Beaver Kevin Beaver is an independent information security consultant and expert witness with Atlanta-based Principle Logic, LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has authored/co-authored six books including , Hacking Wireless Networks For Dummies, and Securing the Mobile Enterprise For Dummies (all by Wiley), as well as The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver ~at~ principlelogic.com. Copyright 2006 TechTarget

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT SQL Server security FAQ: How to troubleshoot and grant SQL Server permissions Secure SQL Server from SQL injection attacks How insiders hack SQL databases with free tools and a little luck Sarbanes-Oxley compliance checklist: IT security and SQL audits SQL Server source code analysis and management adds database security Ten common SQL Server security vulnerabilities you may be overlooking SQL Server 2008 security and compliance features reduce security risks Get your SQL Server security goals in order How secure is your SQL Server network design? Creating a SQL Server user authentication schema SQL Server performance and tuning SQL Server errors, failures and other problems fixed from the trenches SQL Server database design disasters: How it all starts Can you shrink your SQL Server database to death? Parent-child dimensions in SQL Server 2005 with Analysis Services MDX SQL Server database design disasters: What not to do Tuning SQL Server performance via memory and CPU processing Troubleshoot Web service issues in SQL Server 2005 Reporting Services Ordering the results of a SQL query Configuring SQL Server with a changed computer name Change data capture in SQL Server 2008 improves BI reporting accuracy

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary data corruption  (SearchSQLServer.com) data hiding  (SearchSQLServer.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary