MS SQL Server Security Overview

MS SQL Server Security Overview

Black Hat via YouTube Direct link

Ability of an attacker to inject unintended SQL statements into application - Consequences

17 of 18

17 of 18

Ability of an attacker to inject unintended SQL statements into application - Consequences

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

MS SQL Server Security Overview

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 BLACK HAT WINDOWS 2000 SECURITY
  3. 3 Biztalk Server 2000 Commerce Server 2000 Application Center Server 2000 Third-Party Apps (MSDE)
  4. 4 Windows Authentication Mode Requires user to be authenticated by Windows NT/2000 This is the new default for SQL Server 2000
  5. 5 SQL Server Security Modes (cont.) Mixed Mode Both SQL Server and Windows Authentication -Lacks strong authentication controls such as password complexity, expiration, lockout, or history when using S…
  6. 6 Good Idea - What's the problem? Microsoft recommends Windows Authentication Mode - Sounds like a no-brainer The Problems
  7. 7 C2 Style Auditing exec sp_configure 'C2 Audit Mode', 1
  8. 8 Microsoft has made some great strides to improve the security of SQL Server Some ideas for future releases
  9. 9 Fingerprinting/Discovery Acquiring Access Privilege Escalation Potential Pitfalls Custom DLL - Application Requirements - Source Disclosure
  10. 10 SQL Server Discovery Multiple instancing capabilities of SQL Server 2000 make enumeration a functional requirement A specially formed UDP packet directed at port 1434 will cause the SQL 2K listener s…
  11. 11 Since the listener may exist on multiple machines, it is possible to send a broadcast UDP packet to port 1434 to discover all instances of SQL Server 2000 on a subnet - Osql-L (will return a raw list…
  12. 12 Account Acquisition (cont.) Sniffing (mixed or NT security mode) -LOphtcrack (to obtain NT account) TCP 1433 traffic (non SSL) Connection strings (mixed mode) - Client registry (regedit) - Imbedded i…
  13. 13 Privilege Escalation xp_cmdshell -- Extended stored procedure that allows access to the operating system
  14. 14 Create a backdoor account Trojan sp_password to capture passwords to use on operating system Use tftp to pull a trojan extended stored procedure Use this SQL Server to launch attacks against other ho…
  15. 15 Sensible configuration management will help secure SQL Server itself Take the time to scan your networks and determine what people on the inside and the
  16. 16 SQL Code Injection Best Practices .NET Beta Functionality The Future "What can I do TODAY?"
  17. 17 Ability of an attacker to inject unintended SQL statements into application - Consequences
  18. 18 Scope of SQL Injection SQL injection attacks rarely alerts IDS systems especially over SSL Difficult to track down all the areas of exploitation since the only real solution is manual code review No …

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.