tag:blogger.com,1999:blog-6948491385627856949.post4127548231135476877..comments2023-05-09T04:20:29.082-04:00Comments on Lost In The Flood: DISA auditing of a SQL 2005 Express databaseGreghttp://www.blogger.com/profile/04665093833913085619noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-6948491385627856949.post-88321306059834099222012-05-03T13:38:29.190-04:002012-05-03T13:38:29.190-04:00I had no problem with the SRRs. And, using osql, ...I had no problem with the SRRs. And, using osql, I was able to gather the results of the manual checks. Bear in mind that the machine was configured such that the SRRs ran without a problem. Quite possibly, if the machine was more locked down, results would vary.<br /><br />I did not run AppDetective at all. I knew I was going to run the SRRs and do the manual checks. I knew I was covering the entire checklists.<br /><br />There are some findings that will really need analyzing as the results returned do not really apply to a desktop SQL environment. There are controls where it is hard to evaluate a desktop SQL installation verses a regular production server.Greghttps://www.blogger.com/profile/04665093833913085619noreply@blogger.comtag:blogger.com,1999:blog-6948491385627856949.post-85710426914919945802012-05-03T11:15:02.347-04:002012-05-03T11:15:02.347-04:00So, how successful were you in getting scan result...So, how successful were you in getting scan results? Was the scan successful? Were the results useful or just full of junk?<br /><br />I've wondered if anybody has succeeded in getting decent scan results from either the SRRs or AppDetective against a version of SQL Server that wasn't necessarily a full-blown version. <br /><br />This could be the solution to a couple of my problems. It's hard to implement "trust, but verify" when you can't necessarily verify independently.Nightmares in Applicaton Securitynoreply@blogger.comtag:blogger.com,1999:blog-6948491385627856949.post-33479989190058409372012-04-03T04:35:01.706-04:002012-04-03T04:35:01.706-04:00Hello friends,
Microsoft SQL Server is a relation...Hello friends,<br /><br />Microsoft SQL Server is a relational database server, developed by Microsoft, it is a software product whose primary function is to store and retrieve data as requested by other software applications, be it those on the same computer or those running on another computer across a network. Thanks a lot....Public Foldershttp://www.stealthbits.com/noreply@blogger.com