Physical Architecture

The first step in appraising the overall security of SQL Server within a corporate network is to take a wide view of its positioning and interaction with other elements of the enterprise. This section examines the typical deployment of the server, the behavior of its low-level network protocols, and authentication procedures.

Microsoft SQL Server is confined to the Microsoft Windows family of operating systems. This introduces a narrow range of server configurations in comparison to Oracle, for example, which is currently available for 26 combinations of operating systems and server hardware. This has historically added to the effectiveness of SQL Server worms, which often rely heavily on uniformity of installations using hard-coded memory addresses for buffer overflows and the calling of system functions.

The Microsoft Data Engine (MSDE), a very basic version of SQL Server, is often installed along with Windows applications that require a simple database to organize their information. For this reason the SQL Server architecture itself has become far more widespread, especially for end users. System administrators, and even the user, are often unaware of MSDE installations on a particular host. MSDE installations inside company LANs, both un-patched and un-firewalled, expedited the spread of the Slammer worm, which utilized an exploit common to both MSDE and the full version of SQL Server.

Tabular Data Stream (TDS) Protocol

The native network protocol used ...

Get The Database Hacker's Handbook: Defending Database Servers now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.