How To Prevent SQL Worms in 2018 [Begineer's Method]

Hello Guys, we are back with another Interesting topic in SQL Server Database Info. Today we discuss "How to Prevent SQL Worms". This is the best beginners method to Prevent SQL Worms as well as SQL slammers.

Best Method for Preventing SQL Worms 2018

Most of the damage caused by SQL worms targeting SQL Servers could easily have been prevented by applying service packs to SQL Servers prior to the attacks. Properly configured firewalls could have the limited propagation of the worm. SQL worms are a far greater threat than many people realize because there are many SQL Servers out of sight and out of mind. Since SQL 7, the SQL Server database engine has been offered for free as MSDE, Microsoft Desktop Engine. MSDE 1.0 is the SQL 7 engine; MSDE 2000 is the SQL 2000 engine. MSDE is effectively limited to five connections, two-gigabyte databases, and does not come with any tools such as the Enterprise Manager or the Query Analyzer. Any strategy put in place to protect against SQL worms and other threats must protect both SQL Servers and MSDE installations.
MSDE may be installed as part of an Office XP Developer Edition, Visual Studio .NET, Web Matrix, or other Microsoft product installation. Untold numbers of third-party applications install and use MSDE behind the scenes.

Finding SQL Servers Including MSDE

SQL Servers (for the rest of this article, this term includes MSDE) are applications named sqlservr.exe (not sqlserver.exe). There can be multiple copies of sqlservr.exe installed on a machine as long as each is in its own directory. You can identify instances of SQL Server by searching for sqlservr.exe, but keep in mind that by default, XP and Windows 2003 Server do not search all folders as the following screen capture shows:

prevent SQL worm, SQL slammer
It is possible that SQL Server could have been installed to a location other than the default. Be sure to check Search hidden files and folders before starting your search.
A faster and more convenient way to find SQL Servers on a machine is to use the Services applet under either Administrative Tools or Computer Management (which is itself under Administrative Tools). On XP, Administrative Tools is not visible by default. To make it visible, right-click on the Start button, select Properties, click the Customize button, click the Advanced tab, scroll to the bottom of the Start menu items list and make a selection to Display the System Administrative Tools. The following screen capture from a Windows 2003 Server shows the Services applet. Because of space considerations, only a few services appear in this screen capture.
SQL Servers are installed as services and may be installed as either what is known as a default instance or a named instance. A default instance of SQL Server has a service name of MSSQLSERVER. Named instances begin with MSSQL$. As you can see, the first three entries shown in the preceding screen capture indicate that there are three SQL Servers installed. MSSQLSERVER is the default instance. MSSQL$NetSDK and MSSQL$WEBMATRIX are named instances. They are intended for use by software developers and may not be as properly secured as a production database should be.
All three SQL Servers are running with elevated privileges. It would be safer to run a SQL Server service under the context of a domain user account instead of a domain administrator account or Local System. The same is true of the SQL Server Agent service accounts.

SQL Security Tools

Microsoft has tools to help you identify instances of SQL Server that need to be patched. The tools are SQL Scan and SQL Check. You can download them from the Microsoft download center, These are command line tools. You need to read the readme.txt files that come with these tools and choose the appropriate switches. SQL Scan has the ability to check an entire domain or range of IP addresses.


This is the best method to prevent SQL Worms for beginners. In the next post, we will publish the Advanced Method for Preventing SQL Worms. I think you should go through that very nearly. Still then bye bye.

No comments

Post Top Ad