October 15, 2004 at 12:31 pm
Hello All!
I'm jumping into the DBA contracting world and need help. I may have a job opportunity coming up and what I plan to do first thing is audit their systems. My question: What should I be looking for in terms of server version level, SQL Server version level, that represents either a stable configuration or need for immediate upgrade? All suggestions appreciated!
October 15, 2004 at 12:39 pm
SQL Server 2000 SP3a w/ MS03-031 hotfix applied is a completely patched SQL Server (this doesn't include the OS). If you run a SELECT @@VERSION query it should come back with 8.00.818. Anything > 818 likely means a non-security related hotfix. Typically, OS version level should be Win2k or Win2k3 with latest service packs/hotfixes as well. MDAC should be 2.7SP1 Refresh (Win2K) or 2.8 (Win2k3) with hotfixes. A good place to start:
Randy Dyess' presentation on SQL Server security assessment given at the 2004 PASS Community Summit:
http://www.database-security.info/Misc/PSSSA.ppt
His accompanying white paper:
http://www.database-security.info/Articles/SQLServer/PSSSA.pdf
K. Brian Kelley
@kbriankelley
October 16, 2004 at 3:23 pm
Thank You!
October 18, 2004 at 7:14 am
Be sure you check this againts software that they are using. It's possible there are reasons for downlevels. Not that they shouldn't be patched, but be sure that you know why they are downlevel in your report.
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply