Re: ANNOUNCEMENT: New SQL Server security tool - SQL Server 2000 Scan Tool

From: Bill Sanderson (Bill_Sanderson@msn.com.plugh.org)
Date: 01/31/03 

From: "Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org>
Date: Thu, 30 Jan 2003 19:43:44 -0500

Jerry - For a particular class of users--folks who just own windows and
wonder if this thing is in there somewhere (they've heard it is part of
Office or of Access, or .....) I'd like to have a direct URL to a single
tool to scan their machines.
(I can't always classify a user by their post, but I'm worried that pointing
such users at the download location for the tools suite will just lead to
bewilderment.)

I'm going to go back and look, but I don't think I can easily do this the
way things are arranged at present.

Is there a plan for an "end user" view of this thing--akin to the difference
between the \security and the \technet\security views of security patches?
Something reassuring but also technically rigorous which can assure every
windows user that they aren't running this code? This is a little tricky,
'cause it may be out there on the Office CD awaiting installation, but I'll
leave that end of it to somebody else to worry about!

"Jerry Bryant [MSFT]" <jbryant@online.microsoft.com> wrote in message
news:eB4H16LyCHA.2648@TK2MSFTNGP11...
> Check the docs there. There are more than one scanning tools:
>
> SQL Scan will scan a computer, a domain or a range of IP addresses.
>
> SQL Check scans the local machine
>
> The third tool available, SQL Critical Update, scans the computer on which
> it is running for instances of SQL Server 2000 and MSDE 2000 that are
> vulnerable to the Slammer worm, updating the affected files. SQL Critical
> Update runs on computers running Windows NT 4.0 or higher.
>
>
> --
> Regards,
>
> Jerry Bryant - MCSE, MCDBA
> Microsoft IT Communities
>
> Get Secure! www.microsoft.com/security
>
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> "neo techopolis" <ne0@collusion.org> wrote in message
> news:4db46b8d.0301301358.1bcf0b9c@posting.google.com...
> > It only scans the HOST? Are you kidding? You've had DAYS to work on
> > this and you produce this utility. There are tons of REAL tools out
> > there to help diagnose vulnerability posture. Try eEye's Sapphire
> > worm scanner.
> > (http://www.eeye.com/html/Research/Tools/SapphireSQL.html)
> > The freeware version scans 256 IP's at a time. HFNetCheck has a
> > similar scanner but it only checks registry keys (eg you must have
> > administrative priv's). eEye's is the only one I know of that figured
> > out how to do this w/out admin priv's and it's a bit more accurate
> >
> > "Jerry Bryant [MSFT]" <jbryant@online.microsoft.com> wrote in message
> news:<OgkKKfHyCHA.2916@TK2MSFTNGP09>...
> > > Please read below for information about this tool. For discussions on
> this
> > > tool, please go to:
> > >
> > > microsoft.public.sqlserver.securitytools
> > >
> > > --
> > > Regards,
> > >
> > > Jerry Bryant - MCSE, MCDBA
> > > Microsoft IT Communities
> > >
> > > Get Secure! www.microsoft.com/security
> > >
> > >
> > > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> > > "Euan Garden[MS]" <euang@online.microsoft.com> wrote in message
> > > news:uKNPW2CyCHA.2196@TK2MSFTNGP10...
> > > > SQL Server 2000 SQL Scan Tool (SQL Scan)
> > > > This utility scans an individual computer, a Windows domain, or a
> range of
> > > > IP addresses for instances of SQL Server 2000 and MSDE 2000, and
> > > identifies
> > > > instances that may be vulnerable to the Slammer worm. SQL Scan runs
> > > > on
> > > > computers running Windows 2000 or higher and can identify instances
> > > running
> > > > on Windows NT 4.0, Windows 2000, or Windows XP.
> > > >
> > > > http://www.microsoft.com/sql/downloads/securitytools.asp
> > > >
> > > > Please direct any questions you have on this tool to
> > > > microsoft.public.sqlserver.securitytools or to Microsoft Product
> Support
> > > > Services.
> > > >
> > > > --
> > > > -Euan
> > > >
> > > > Please reply only to the newsgroup so that others can benefit. When
> > > posting,
> > > > please state the version of SQL Server being used and the error
> > > number/exact
> > > > error message text received, if any.
> > > >
> > > > This posting is provided "AS IS" with no warranties, and confers no
> > > rights.
> > > >
> > > >
> > > >
>
>

Relevant Pages

  • Re: ANNOUNCEMENT: New SQL Server security tool - SQL Server 2000 Scan Tool
    ... windows user that they aren't running this code? ... > SQL Scan will scan a computer, a domain or a range of IP addresses. ... > Jerry Bryant - MCSE, ... > rights. ...
    (microsoft.public.win2000.security)
  • Re: ANNOUNCEMENT: New SQL Server security tool - SQL Server 2000 Scan Tool
    ... windows user that they aren't running this code? ... > SQL Scan will scan a computer, a domain or a range of IP addresses. ... > Jerry Bryant - MCSE, ... > rights. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: SQL admin versus Windows admin
    ... SQL services, fully admin the SQL databases, etc.) without giving them ... I know that a large portion of what they need can be done via the rights ... On the Windows side you'll need Windows-specific ...
    (microsoft.public.sqlserver.security)
  • Windows Impersonation authentication to SQL Server?
    ... Impersonation will each Windows Domain user accounts need to be granted ... all be tracked and displayed in SQL Profiler? ... or SQL security but the article is discussing Windows security. ...
    (microsoft.public.sqlserver.security)
  • Re: Windows Authentication to SQL Server?
    ... oranges in trying to convert an asp.net app which uses forms authentication ... mode throughout the app with one SQL login account into SQL Server versus ... converting the asp.net app into a full individual Windows authentication ... Ultimate goal would be to see the individual windows ...
    (microsoft.public.dotnet.framework.aspnet.security)