How To Prevent SQL Worms Like PRO [Advanced Method]
hello guys, today i'll show you the advanced method to get relief from sql slammer, yes it's about the preventing sql worm advanced method. before it you should check the SQL Worms preventing Begineer's method.
Installing the Service Pack 3 for MSDE 2000 requires that you have administrative rights on the computer. Be sure to read the documentation carefully. The setup.exe is not just for applying a service pack; it will also install an instance of MSDE 2000. To only install the service pack, you will have to apply command line switches as described in the sp3readme.htm help file. You either need to know the instance name or which .msi file was used to install MSDE. As described previously, you can use the Services applet to find the instance names.
The Slammer/Sapphire worm exploits a buffer overrun vulnerability on SQL Server port 1434. Blocking UDP ports 1433 and 1434 at your firewall will protect your server from this worm and many other SQL Server exposures. You can also block your SQL Servers for inbound traffic on UDP port 1434, but this would interfere with name resolution.
Additionally, if the MSDE being upgraded has a blank sa password (actually a NULL password, there actually isn't a password), the installation will fail and show the following error message:
If you choose not to take advantage of the opportunity to fix this security vulnerability, use the following syntax:
setup /l*v c:\msde.log /upgradesp BLANKSAPWD=1 . . .
To change from a NULL password to a real password using osql, use syntax similar to this:
C:\>osql -E 1> sp_password NULL, 'Str0ngP@sswOrd', sa 2> go Password changed.
Additionally, as the following link indicates, if you have both Visual Studio .NET and the .NET SDK MSDE installed, you should apply both the regular MSDE Service Pack 3 as well as the .NET SDK Service Pack 3:
http://support.microsoft.com/default.aspx?scid=kb;enus;813850
http://support.microsoft.com/?kbid=813115
Download the Microsoft Baseline Security Analyzer from:
http://www.microsoft.com/technet/treeview/default.asp?url= /technet/security/tools/Tools/MBSAhome.asp
Preventing SQL Worms Advanced Method
First and foremost, you must keep current on service packs. Currently, SQL Server Service Pack 3 is available for download from here. It is actually three different service packs, one for SQL Server 2000, one for MSDE 2000, and another for SQL Server 2000 Analysis Services. You must download and install the service pack appropriate for which of these components you have installed on the machine. It is important to understand that once the service pack is downloaded, running the service pack executable does NOT install the service pack. It merely unpacks the files needed to install the service pack. You must stop the SQL Server service before a service pack can be applied. You should back up your databases before applying a service pack.Installing the Service Pack 3 for MSDE 2000 requires that you have administrative rights on the computer. Be sure to read the documentation carefully. The setup.exe is not just for applying a service pack; it will also install an instance of MSDE 2000. To only install the service pack, you will have to apply command line switches as described in the sp3readme.htm help file. You either need to know the instance name or which .msi file was used to install MSDE. As described previously, you can use the Services applet to find the instance names.
The Slammer/Sapphire worm exploits a buffer overrun vulnerability on SQL Server port 1434. Blocking UDP ports 1433 and 1434 at your firewall will protect your server from this worm and many other SQL Server exposures. You can also block your SQL Servers for inbound traffic on UDP port 1434, but this would interfere with name resolution.
MSDE Issues
MSDE requires special attention to the instructions in sp3readme.htm. Not all attempts at applying Service Pack 3 to MSDE have been successful.Additionally, if the MSDE being upgraded has a blank sa password (actually a NULL password, there actually isn't a password), the installation will fail and show the following error message:
If you choose not to take advantage of the opportunity to fix this security vulnerability, use the following syntax:
setup /l*v c:\msde.log /upgradesp BLANKSAPWD=1 . . .
To change from a NULL password to a real password using osql, use syntax similar to this:
C:\>osql -E 1> sp_password NULL, 'Str0ngP@sswOrd', sa 2> go Password changed.
.NET SDK MSDE and Visual Studio .NET
Users of the .NET SDK Version 1.0 must apply a special version of Service Pack 3 which can be found at this location: http://msdn.microsoft.com/netframework/downloads/update s/sdkfix/default.aspAdditionally, as the following link indicates, if you have both Visual Studio .NET and the .NET SDK MSDE installed, you should apply both the regular MSDE Service Pack 3 as well as the .NET SDK Service Pack 3:
http://support.microsoft.com/default.aspx?scid=kb;enus;813850
Application Center 2000
Application Center 2000 uses MSDE and has specific requirements for applying Service Pack 3. Details may be found at:http://support.microsoft.com/?kbid=813115
Deworming
The Slammer/Sapphire worm is memory resident only. Stopping and restarting the SQL Server service will clear the worm from the instance, but will not by itself prevent reinfection. Applying Service Pack 3 stops and restarts the service, so it both clears the worm and prevents reinfection.Baseline Security Analyzer
It is important not to focus so much attention on widely publicized threats as to overlook other weaknesses. Microsoft provides a free tool to help identify other vulnerabilities your machine may have.Download the Microsoft Baseline Security Analyzer from:
http://www.microsoft.com/technet/treeview/default.asp?url= /technet/security/tools/Tools/MBSAhome.asp
Conclusion:
Security best practices can prevent unnecessary down time caused by security threats. Staying current on service packs and hotfixes is essential. By understanding and expecting threats, proper planning can mitigate risks.
About Unknown
No comments