Category: SQL Assess

Am I affected by MrbMiner malware?

SQL Server hardware can be powerful. Lots of CPU cores and memory. Just what a crypto miner may need in their quest to generate cryptocurrency. In the case of the MrbMiner exploit, numerous SQL Servers have been exploited with brute-force attacks. These attacks are scanning for servers exposed directly to the internet and are using…
Read more

Vollgar: 6 Scripts to Help Review Your SQL Servers

Last week, Guardicore released information about a newly discovered attack that uses SQL Servers to compromise servers and networks. Here’s a link; I’d really encourage you to read it. The attack known as Vollgar uses a simple brute force attack to gain access to SQL Servers exposed to the internet. It then uses the elevated…
Read more

Is My SQL Server Configured Properly?

Installing SQL Server is surprisingly easy. Download the media, double-click the setup file, answer a few configuration questions, and in less than 15 minutes you have a fully functional database server. And the server performs well. For a while. Then it slows down and maybe even a database corrupts. You recover by restoring the prior…
Read more

4 Options Now That Your SQL Server 2008 Is Out of Support

As of July 9, 2019, SQL Server 2008 and SQL Server 2008 R2 have officially passed from Extended Support to No Longer Supported. What does that mean? It means that Microsoft will no longer release any updates for any version of SQL Server 2008. That includes security patches and data integrity fixes. If a hacker…
Read more

How Many tempdb Data Files Should My SQL Server Have?

We’re frequently asked how many tempdb files a SQL Server should have, especially from those who have downloaded our free 5 Common SQL Server Configuration Issues PDF. That’s because there’s a lot of well-intended but incorrect information posted on the internet about tempdb.  What Is tempdb? Let’s start with a very brief description of tempdb. When SQL…
Read more

Are Your SQL Servers Safe? IIS Attacks Increased 782x in One Quarter

Just when we thought that most cybersecurity attacks came via social engineering, we see this. Attacks on IIS, Microsoft’s web server, increased from 2,000 in Q1 2018 to over 1.7 million in Q2 2018. That’s a mind-boggling 782x increase! This is according to an esentire Security Advisory released last week. Hackers go-to tool of choice? PowerShell was the most commonly…
Read more

Why 9 Out of 10 SQL Servers Aren’t Configured with Best Practices

“The nice thing about standards is that you have so many to choose from,” quipped renown computer scientist Andrew Tanenbaum. In the SQL Server world, we have industry best practices. These are guidelines that most every knowledgeable database professional will agree is a good idea or a good baseline. Sure there are exceptions, specific tweaks…
Read more