Patches, packages and protection
One reason for Slammer's reach was the failure to implement a single patch for three vulnerabilities highlighted by Microsoft, CERT and CVE in July 2002.
- Name: W32.SQLExp.Worm SQL Slammer Worm (ISS), DDOS.SQLP1434.A (Trend), W32/SQLSlammer (McAfee), Sapphire (F-Secure, eEye), W32.SQLExp.Worm (Symantec)
- Type: Win32 worm
- Infection length: 376 bytes
- Affected systems: Windows NT, Windows 2000, Windows XP
- CVE references: CAN-2002-0649
- Alert level: Critical
Securing SQL Server 2000
On Jan. 15, Microsoft released a checklist of ways to improve the security of SQL Server installation:
- Install the most recent service pack.
- Security patches should be installed as they're released. Notifications are vailable via e-mail.
- Use Microsoft Baseline Security Analyzer (MBSA) to assess a server's security.
- Use Windows Authentication Mode to shield a SQL Server installation from Internet-based attacks by restricting connections to Microsoft Windows user and domain user accounts.
- Isolate your server and back it up regularly.
- Assign a strong systems administrator password.
- Limit privilege level of SQL Server services.
- Disable firewall's SQL Server ports.
- Use secure file systems.
- Delete or secure old setup files.
- Audit connections to SQL Server.
Related reviews and commentary
What's wrong with today's antivirus apps
Commentary: It costs too much to keep your antivirus software up-to-date. And companies like Symantec are forcing you to upgrade to the latest versions. The worst part: You've got no better options.
PC-cillin 2003: Serious contender
Trend Micro PC-cillin 2003 regains its position among the top three
antivirus programs on the market.
A top-notch virus buster
For zapping viruses, worms, and other malicious code, you can't go wrong with Norton AntiVirus 2003. But current AntiVirus users need not
upgrade.
McAfee VirusScan 7.0: Clean up your act
McAfee VirusScan 7.0 is a top-notch virus slayer for first-time users,
but unless you use Outlook Express or Eudora, VirusScan 6.0 users won't need to upgrade.
Keep in mind many admins are *afraid* to apply patches for fear they will break things. I received at least one e-mail from an admin who had applied SP3, but had to remove it when it had negative impacts on the system.