Step-by-Step Guide: How to patch SQL Server

By Chip Andrews, Contributor 21 Mar 2005 | SearchSQLServer.com

Digg This!     StumbleUpon     Del.icio.us

So you've decided to secure your SQL Server infrastructure and you don't know where to start. This first guide in a two-part series on SQL Server patch deployment will help you track down those pesky servers before getting them properly patched.

SQL Servers represent a significant security challenge for a number of reasons. Primarily, they are ubiquitous. Hundreds of software packages use SQL Server as a data store as do a large number of commercial websites. In addition, since SQL Server 2000 can have multiple instances on a single machine that must each be patched separately, developers generally have at least one instance for their local builds or sample applications. SQL Server has features not rolled into Microsoft's Windows Update or Windows Update Services Tools and thus the servers rarely receive the patching attention they deserve. And finally, SQL Servers usually run with a very high level of privilege (LocalSystem) despite the fact that SQL Server 2000 defaults to the designation of a domain user account.

Most people run SQL Server as a LocalSystem account, and there are several reasons: They never took the time to ask their administrator for a domain user account for SQL Server; they don't know that a local user account will also work in most cases; and using LocalSystem is so much more convenient since no account creation is needed at all. In the world of users (and, sadly, some systems administrators and developers), convenience has long trumped security.

The first thing we need to do in order to patch our SQL Servers is to get our infrastructure identified and assessed so we can prepare a plan to patch them.

HOW TO PATCH SQL SERVER, PART 1

 Home: Introduction
 Step 1: Map your network
 Step 2: Perform an active scan
 Step 3: Check for SQL registrations
 Step 4: Probe remote services
 Step 5: Probe for SSNetlib.dll versions
 Step 6: Directly request version information
 Go to: How to patch SQL Servers, part 2

ABOUT THE AUTHOR:

Chip Andrews, CISSP Chip Andrews is the director of research and development for Special Ops Security Inc. and the founder of the SQLSecurity.com Web site, which focuses on Microsoft SQL Server security topics and issues. He is also the author of SQL Server Security. Copyright 2005 TechTarget

Tags: Database Management and Administration,  SQL Server Security,  SQL Server Migration Strategies and Planning,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Database Management and Administration Password cracking tools for SQL Server Using traces in SQL Server Profiler Meet compliance requirements with improved database security practices Hardening the network and OS for SQL Server security Securing the server and database in SQL Server How SQL Server 2008 components impact SharePoint implementations Troubleshooting Distributed Transaction Coordinator errors in SQL Server Achieving high availability and disaster recovery with SharePoint databases Clearing the Windows page file and its effect on server performance Deploying a SQL Server virtual appliance for Microsoft Hyper-V SQL Server Security Password cracking tools for SQL Server Meet compliance requirements with improved database security practices Hardening the network and OS for SQL Server security Securing the server and database in SQL Server SQL Server security made simple and sensible Blog: Protect your databases from the internal threat Setting up SQL Server Service Broker for secure communication The keys to database backup protection for SQL Server Understanding transparent data encryption in SQL Server 2008 The fine line between not encrypting your databases and breach notification SQL Server Migration Strategies and Planning eZines and eBooks for SQL Server professionals New SQL Server 2008 R2 CTP set for November PASS Summit 2009 Preview Are data warehouses made for the cloud? Q&A: Moving forward with SQL Server in the cloud SQL Server Mailbag: Migrating down to Standard Edition Microsoft releases SQL Server 2008 R2 CTP A first look at Microsoft SQL Server 2008 R2 Using Microsoft Hyper-V for SQL Server consolidation Migrating to SQL Server 2008 and leveraging new features

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary data corruption  (SearchSQLServer.com) data hiding  (SearchSQLServer.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary