News Stay informed about the latest enterprise technology news and product updates.

Step 3: Check for SQL registrations

Learn how to check for SQL Server registrations in this SQL Server patch management guide.

Once you've performed an active scan, follow it up with another good "passive" detection method: the osql -L command....

Osql is a tool provided with SQL Server that allows for command-line queries and has a discovery option -L that allows you to query the browser service for SQL server registrations. While not 100% reliable, depending on how well your Windows browser service is synchronizing, it provides a good cross-reference for your active scans by revealing machines that might be behind personal firewalls or that may be using older SQL versions and non-standard ports (thus avoiding your scans).


HOW TO PATCH SQL SERVER, PART 1

 Home: Introduction
 Step 1: Map your network
 Step 2: Perform an active scan
 Step 3: Check for SQL registrations
 Step 4: Probe remote services
 Step 5: Probe for SSNetlib.dll versions
 Step 6: Directly request version information
 Go to: How to patch SQL Servers, part 2

 

ABOUT THE AUTHOR:
Chip Andrews is the director of research and development for Special Ops Security Inc. and the founder of the SQLSecurity.com Web site, which focuses on Microsoft SQL Server security topics and issues. He is also the author of SQL Server Security.

Dig Deeper on SQL Server Database Modeling and Design

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchBusinessAnalytics

SearchDataCenter

SearchDataManagement

SearchAWS

SearchOracle

SearchContentManagement

SearchWindowsServer

Close