Microsoft SQL Server

Microsoft SQL Server is a relational database management system (DBMS) developed by Microsoft. The main query language used is Transact-SQL, created jointly by Microsoft and Sybase. Transact-SQL is an implementation of the ANSI/ISO structured query language (SQL) standard with extensions. It is used to work with small and medium-sized databases up to large enterprise-scale databases; competes with other DBMSs in this market segment.

SQL is a common interface to databases. "All industrial bases - Oracle, Microsoft SQL Server, PostgreSQL, MySQL - work on SQL.

Safety

2022

Servers covered a powerful wave of ransomware attacks

At the end of September 2022, it became known that servers Microsoft SQL was covered by a powerful wave of attacks using ransomware viruses. Malefactors use malware programs called Fargo and GlobeImposter.

According to INFORMATION SECURITY the specialists AhnLab Security Emergency Response Center (ASEC), the infection chain viruses extortioners begins with loading the.NET file by the MS-SQL process using cmd.exe and powershell.exe. The downloaded file loads additional malware, then generates and runs a BAT file that disables certain processes and services. Then malware it is injected into AppLaunch.exe and tries to remove the registry key of the Raccine utility, which serves to eliminate any processes trying to delete shadow copies in the OS Windows using vssadmin.exe. In addition, the malware disables recovery and completes all processes associated with the databases data in order to make their contents available for encryption.

Microsoft SQL servers covered a powerful wave of attacks using ransomware viruses

It was this strain that Avast researchers named "TargetCompany" in a February 2022 report, stressing that the files it encrypted could in some cases be recovered for free. Statistics on ransomware ID ransomware ransomware attacks indicate that the FARGO family of malware is quite active.

Encryption excludes multiple Microsoft Windows system directories, boot files, Tor Browser, Internet Explorer, user settings and settings, debug log file, or thumbnail database. After encryption is complete, the blocked files are renamed using the extension. "Fargo3," and the malware generates a ransom note ("RECOVERY FILES.txt"). Victims are threatened with leaking stolen files on the threatening subject's Telegram channel if they do not pay the ransom.

For Microsoft SQL server administrators, the ASEC September 2022 team recommends making sure they use fairly strong and unique passwords. In addition, tips for updating the machine with the latest fixes to security vulnerabilities are never out of fashion. Experts warn that databases are most often hacked by dictionary attacks and brute force, i.e. accounts with weak passwords are at risk.^[1]

Attacks on Microsoft SQL using anti-hacker software

On February 28, 2022, it became known that malefactors attacks Cobalt Strike was installed using brute-force and dictionary "beacons" miners on weakly protected SQL servers MS.

Information security experts are witnessing another wave of attacks on Microsoft SQL servers.

Cobalt Strike is a legal pentest and post-exploitation tool that is also used by cyber crime and cyber spies. Its "beacons" are local Cobalt Strike agents used to remotely monitor the network or execute further commands.

MS SQL Server is a well-known database management system based on which numerous Internet applications of any scale work. According to Ahn Lab, many of these servers are protected by weak passwords and are available from the global Web, making them a very attractive target.

Attacks begin with scanning servers with open TCP port 1433 - this is a sign of an externally accessible MS SQL server. After discovering such a resource, attackers launch brute force and dictionary attacks in order to open the password.

MS SQL servers are serially attacked using Cobalt Strike. Photo: safe.cnews.ru

If this succeeds, and the attacker gains access to the admin panel, they upload to the server, criminal cryptominers such as LemonDuck, KingMiner, Vollgar, as well as Cobalt Strike beacons, which provide the possibility of further reconnaissance of the local network.

CobaltStrike is loaded through a shell process (cmd.exe and powershell.exe), then injected and run into MSBuild.exe to avoid detection. After launch, the "beacon" is embedded in the process of the wwanmm.dll system library and expects commands from operators, remaining hidden.

In the future, attackers can run arbitrary commands, keylogging, file operations, establishing Socks proxies, elevate privileges, scan ports, and steal access details using Mimikatz on a compromised system.

Cobalt Strike's "beacon" itself is a file-free shellcode that is not too easy to intercept using antivirus and other security tools. Protection should be implemented primarily by the correct settings, including an effective password and additional authorization tools. Brute force will not work against really complex passwords, "- says Alexey Vodyasov, CTO of SEQ.

The expert also added that MS SQL servers should be regularly updated if there is such a possibility.^[2]

History

The source code of MS SQL Server (before version 7.0) was based on Sybase SQL Server code, and this allowed the Microsoft entry into the database market for enterprises where Sybase itself competed, and Oracle IBM, later, Sybase itself. Microsoft, Sybase and Ashton-Tate initially teamed up to create and market the first version of the program, called SQL Server 1.0 for OS/2 (circa 1989), which was actually the equivalent of Sybase SQL Server 3.0 for Unix, VMS, etc. Microsoft SQL Server 4.2 was released in 1992 and was part of operating system Microsoft OS/2 version 1.3. The official release of Microsoft SQL Server version 4.21 for NT Windows OS took place simultaneously with the release of Windows NT itself (version 3.1). Microsoft SQL Server 6.0 was the first version of SQL Server created exclusively for the NT architecture and without participating in the Sybase development process.

By the time Windows NT entered the market, Sybase and Microsoft had diverged and were following their own software product models and marketing schemes. Microsoft sought exclusive rights to all versions of SQL Server for Windows. Sybase later changed its product name to Adaptive Server Enterprise to avoid confusion with Microsoft SQL Server. Until 1994, Microsoft received three copyright notices from Sybase as a hint of the origin of Microsoft SQL Server.

After the separation, the companies made several independent releases of programs. SQL Server 7.0 was the first database server with a true GUI. To eliminate claims by Sybase of copyright infringement, all inherited code in the seventh version was rewritten.

SQL Server 2005 - was introduced in November 2005. The version was launched in parallel with the launch of Visual Studio 2005. There is also a "stripped-down" version of Microsoft SQL Server - Microsoft SQL Server Express; it is available for download and can be distributed free of charge with the software using it.

Since the release of the previous version of SQL Server (SQL Server 2000), an integrated development environment and a number of additional subsystems included in SQL Server 2005 have been developed. The changes affected the implementation of ETL technology (data extraction, conversion and loading), which is part of the SQL Server Integration Services (SSIS) component, an alert server, tools for analytical processing of multidimensional data models (OLAP) and collecting relevant information (both services are part of Microsoft Analysis Services), as well as several message services, namely Service Broker and Notification Services. In addition, performance improvements were made.

Functionality

Microsoft SQL Server uses a version of SQL called Transact-SQL (abbreviated T-SQL) as the query language, which is an implementation of SQL-92 (ISO standard for SQL) with multiple extensions. T-SQL allows you to use additional syntax for stored procedures and provides transaction support (database interaction with the management application). Microsoft SQL Server and Sybase ASE use an application-level protocol called Tabular Data Stream (TDS) to communicate with the network. The TDS protocol was also implemented in the FreeTDS project in order to provide various applications with the ability to interact with Microsoft SQL Server and Sybase databases.

Microsoft SQL Server also supports Open Database Connectivity (ODBC), an application interaction interface with. DBMS SQL Server 2005 provides the ability to connect users through web services using the SOAP protocol. This allows non-targeted client programs Windows to cross-connect to SQL Server. Microsoft also released a certified JDBC driver to allow applications running (Java such as BEA IBM and WebSphere) to connect to Microsoft SQL Server 2000 and 2005.

SQL Server supports database mirroring and clustering. A SQL server cluster is a collection of equally configured servers; such a scheme helps to distribute the workload between multiple servers. All servers have the same virtual name, and the data is distributed to the IP addresses of the cluster machines during the working cycle. Also, in the event of a failure or failure on one of the servers in the cluster, automatic load transfer to another server is available.

SQL Server supports redundant data duplication across three scenarios:

• Snapshot: Takes a "snapshot" of the database that the server sends to recipients.
• Change History: All changes to the database are continuously shared with users.
• Synchronize with other servers: Data Base of multiple servers synchronize with each other. Changes to all databases occur independently of each other on each server, and data is reconciled during synchronization. This type of duplication allows you to resolve database inconsistencies.

SQL Server 2005 has built-in support for the.NET Framework. Due to this, stored database procedures can be written in any.NET platform language using the full set of libraries available for the.NET Framework, including the Common Type System (Microsoft.NET Framework data type management system). However, unlike other processes, the.NET Framework, being the base system for SQL Server 2005, allocates additional memory and builds SQL Server management tools instead of using built-in Windows tools. This improves performance over general Windows algorithms because resource allocation algorithms are specifically configured for use in SQL Server structures.

Microsoft develops rival Oracle Exadata and SAP HANA

Microsoft has developed a new in-memory technology that will soon be added to SQL Server. The technology is called Hekaton. This was announced on November 7, 2012 by ComputerWorld.

Microsoft, in an effort to speed up online transaction processing (OLTP) processes, has added the ability to use relational database management systems to SQL Server.

It is planned that already in the next version of SQL Server, the ability to place part of the database tables or even all databases in the server memory will be enabled. Additional tools will also be added to simplify the launch of the technology.

According to Microsoft general manager Doug Leland, Hekaton technology is now being tested by some customers. But it has not yet announced a more accurate timing of its launch.

Microsoft claims that the server will perform operations faster if the necessary tables and databases are in memory, and not written to the disk to be accessed. The giant is confident that the technology will increase data processing speed by up to 50 times compared to similar systems for SQL Server.

The main areas for using Hekaton are online banking systems, ERP, and other transactional systems that need to quickly communicate and use databases. The technology can be installed on one server and then scaled to the rest of the servers, since it does not have severe restrictions on the memory used.

The release of Hekaton can be a major headache for companies such as Oracle with its Oracle Exadata product and for SAP, in particular SAP HANA. This is due to the fact that the technology greatly simplifies the IT architecture and eliminates the need to buy components for data processing, as is implemented by competitors.

Doug Leland argues that Hekaton is not Microsoft's first experience with in-memory technology. So the Microsoft Excel office application uses PowerPivot and Power View technologies, which allow you to quickly manipulate a large amount of data.

Microsoft also announced the imminent release of the next version of Data Warehouse Appliance, SQL Server 2012 Parallel Data Warehouse (PDW). And for SQL Server 2012, a service pack has been released, which in particular includes the ability for Exel 2013 users to work with data stored on SQL Server.

Application development

Microsoft and other companies produce a large number of software development tools that allow you to develop business applications using Microsoft SQL Server databases. Microsoft SQL Server 2005 also includes Microsoft.NET Common Language Runtime (CLR), which allows you to implement stored procedures and various functions for applications developed in.NET platform languages ​ ​ (for example, VB.NET or C#). Previous versions of Microsoft's development tools used only APIs to gain functional access to Microsoft SQL Server.

SQL Server Express Edition

Microsoft SQL Server Express is a free version of SQL Server, a development of the MSDE system. This version has some technical limitations. Such restrictions make it unsuitable for deploying large databases, but it is quite suitable for maintaining software systems on the scale of a small company. Contains full support for new data types, including XML specifications. In fact, it is a full-fledged MS SQL Server, including all its programming components, support for national alphabets and Unicode. Therefore, it is used in applications, in design or for self-study. There are no obstacles to further deploying the accumulated database on MS SQL Server with a non-express version. In 2007, Microsoft released a separate utility with a graphical interface for administering this version, which is also available for free download from the corporation's website.

Links

Microsoft SQL Server Home

Notes