This post was formerly published at my beloved old blog "On the quest of a DBA's adventure......"
In a risk assessment meeting, our security manager has asked me to try to being "naughty" - By pretending to be a hacker and see if I can get into any SQL server on the network. So, I pretend I didn't know much about my network topology (Well, that seems to be the hardest part...) and try to first find SQL server on the network and then hack it.
To accomplish the task, I need to first locate my SQL server on the LAN. I come across Pinal Dave's blog entry regarding to how to locate MS SQL Server on local network. This can be done as simple as just use the command-line command "osql", or its later version "sqlcmd". Here is the example:
or
With the capital L switch, it lists all the SQL Server on local network. Now you could see that your first defense could simply be the segmentation of the server subnet from the evil, dirty, sick-minded local user subnet.....
No comments:
Post a Comment