Lock Down SQL Server 2005

The hard part about offering live exploitable holes is to block privilege escalation for malicious users. In my case I needed a locked down database where arbitrary SQL can't do any damage. And thus was born Lock Down SQL Server 2005, which teaches you a variety of techniques for hardening your whole MSSQL installation plus specific databases. It also has a world-accessible SQL Shell where you can experiment with a hardened database and attempt white-hat escalation.

Interestingly, we face a similar challenge in real-world production systems (as opposed to websites with kids' pictures :P), where we must run bastard applications guaranteed to have security problems. Hardening our systems against them to achieve a secure whole despite the weak links is what Defense in Depth is all about.

I have posted some code along with the article, I hope the stuff is useful to other people. Try it out!

Comments

• Find It

• Recently Written

  • CPU Rings, Privilege, and Protection
  • Memory Translation and Segmentation
  • Certification Demand and Quality
  • Lucky to be a Programmer
  • The Kernel Boot Process
  • How Computers Boot Up
  • Motherboard Chipsets and the Memory Map
  • Of Aviation Crashes and Software Bugs
  • Why Brazil Loves Linux
  • WordPress up and running

• Categories

  • Internals
  • Linux
  • Meta
  • Productivity
  • Programming
  • Security
  • Software Illustrated
  • Sysadmin

• Monthly Archives

  • August 2008
  • July 2008
  • June 2008
  • May 2008
  • April 2008
  • March 2008
  • February 2008

Copyright © 2008 Gustavo Duarte • Using Cangaço, based on Dropshadow theme by Brian Gardner