Solved

Scanning for SQL vulnerabilities

Posted on 2012-03-22
5
276 Views
Last Modified: 2012-04-01
I'm preparing for a security audit next week and have been tasks with checking for SQL vulnerabilities.  I've compiled a list of all the various SQL servers on the LAN and I'm looing for some type of (free) utility that will let me scan them for known security issues.  Can you recommend one that may help with the audit?
0
Comment
Question by:First Last
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 17

Expert Comment

by:Barry Cunney
ID: 37752329
May be worth looking into Policy Based Management in SQL Server itself
http://msdn.microsoft.com/en-us/security/Video/ee216343
0
 
LVL 1

Author Comment

by:First Last
ID: 37752340
That looks like a cool way to lock things down across multiple SQL servers but really for now I just need a way to find out where I'm vulnerable in order to lock it down for the audit.  I'll definately look into that one once things have settled down next week.
0
 
LVL 17

Expert Comment

by:Barry Cunney
ID: 37752857
Here is an article on SQL Server Security Best Practices - I think if you examine each of the areas discussed in this article you should have most areas covered for the audit.

http://www.greensql.com/content/sql-server-security-best-practices

Examine the 'sa' profile - best if it is disabled but if it is used make sure only privileged persons are using it and it has a very strong password - make sure it is not used in connection strings or other login configurations in apps.

You can also use SQL Profiler to monitor who/what is connecting to the SQL Server's - may be worth doing this to try and identify items that may need to be locked down.

Also you can administer multiple servers from one single server using CMS
http://www.brentozar.com/archive/2008/08/sql-server-2008s-new-central-management-server/
0
 
LVL 1

Accepted Solution

by:
First Last earned 0 total points
ID: 37773683
I found a good one though it wasn't free:  Secure Auditor by Secure Bytes
0
 
LVL 1

Author Closing Comment

by:First Last
ID: 37792747
Found my own
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Evaluating Enterprise Antivirus solutions 2 37
SQL Get Store Procedure Column Name As Row 5 40
Merge join vs exist 3 24
Need multiple Group By's 8 25
In this article we will learn how to fix  “Cannot install SQL Server 2014 Service Pack 2: Unable to install windows installer msi file” error ?
Do you know what to look for when considering cloud computing? Should you hire someone or try to do it yourself? I'll be covering these questions and looking at the best options for you and your business.
Via a live example, show how to extract insert data into a SQL Server database table using the Import/Export option and Bulk Insert.
Viewers will learn how to use the SELECT statement in SQL and will be exposed to the many uses the SELECT statement has.

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question