Step 1. Patches and Updates


Failure to apply the latest patches and updates in a timely manner means that you are providing opportunities for attackers to exploit known vulnerabilities. You should verify that your database server is updated with the latest Windows 2000 and SQL Server service packs and updates.

Important  

Make sure to test patches and updates on test systems that mirror your production servers as closely as possible before applying them on production servers.

Detect Missing Service Packs and Updates

Use the Microsoft Baseline Security Analyzer (MBSA) to detect the necessary Windows and SQL Server updates that may be missing. MBSA uses an XML file as the reference of existing updates. This XML file is either downloaded by MBSA when a scan runs, or the file can be downloaded on the local server or from a network server.

 Task   To detect and install patches and updates

  1. Download and install MBSA.

    You can do this from the MBSA home page at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/Tools/mbsahome.asp.

    If you do not have Internet access when you run MBSA, it will not be able to retrieve the XML file containing the latest security settings from Microsoft. In this event, download the XML file manually and put it in the MBSA program directory. The XML file is available from http://download.microsoft.com/download/xml/security/1.0/nt5/en-us/mssecure.cab.

  2. Run MBSA by double-clicking the desktop icon or selecting it from the Programs menu.

  3. Click Scan a computer . MBSA defaults to the local computer.

  4. Clear all check boxes apart from Check for security updates . This option detects which patches and updates are missing.

  5. Click Start scan . Your server is now analyzed . When the scan is complete, MBSA displays a security report, which it also writes to the %userprofile%\SecurityScans directory.

  6. Download and install the missing updates.

    Click the Result details link next to each failed check to view the list of security updates that are missing. The resulting dialog box displays the Microsoft security bulletin reference number. Click the reference to find out more about the bulletin and to download the update.

For more information about using MBSA, see "How To: Use the Microsoft Baseline Security Analyzer" in the "How To" section of this guide.

For more information about applying service packs, hot fixes, and security patches, see http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bestprac/bpsp.asp .

Patching MSDE

The Microsoft Desktop Edition (MSDE) of SQL Server must be patched differently than the full version of SQL Server. For details about patching MSDE, see "How To: Secure Your Developer Workstation" in the "How To" section of this guide.




Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net