Databases Reference
In-Depth Information
traffic) from SQL Servers and not allowing the UDP 1434 communica-
tions from one server to another.
SQL Slammer is a good example of a situation that would have been
avoided if databases were viewed not only as providers but also as consum-
ers. This is especially true given that most of the damage done by SQL
Slammer was caused by MSDE—sometimes referred to as Microsoft Data-
base Engine, sometimes Microsoft Embedded Database, and sometimes
Microsoft Desktop Engine. MSDE is an embedded database that is a free,
redistributable SQL Server instance that is embedded into Office products,
network infrastructure products from Cisco, virus protection software from
McAfee, and many more products. These “lightweight” databases should be
monitored even more closely because they run in a less secure environment
and because database libraries often “trust” communications that come
from what seems to be another database.
This monitoring is a good idea for three main reasons: (1) it is trivial for
an attacker to download, install, and run a database server—light or the full
version—and perform any activity that they would like using a client from
within this new server; (2) an attacker may be able to compromise a single
server in your enterprise (that may have not been hardened appropriately)
and then use it to launch an attack; and (3) there may be many instances of
database servers of which you are not even aware and that you would not
even consider to be database servers, but from a technical perspective that's
exactly what they are. MSDE is exactly one such example. From a commu-
nications perspective, any database communication that is initiated from
such a node looks like a server-to-server communication.
Incidentally, MSDE is not the only example of an embedded database
package that may be lying hidden in commercial software. Another com-
mon example is Berkeley DB, distributed by Sleepy Cat Software and
boasting more than 200 million deployments, embedded within products
from Motorola, Cisco, EMC, AT&T, HP, RSA, and many more. In addi-
tion, Berkeley DB is one of the possible underlying storage managers for
MySQL databases.
Initiating requests from within a database server is easy and supported
by all vendors. As an example, SQL Server offers a function called OPEN-
ROWSET to access remote data from an OLE DB data source. This
method is an alternative to accessing tables in a linked server and allows you
to establish an ad hoc connection to access remote data. The OPEN-
ROWSET function can be referenced in the FROM clause of a query as
though it is a table name and can be referenced as the target table of an
INSERT, UPDATE, or DELETE statement, subject to the capabilities of
Search WWH ::
Custom Search