100 Chapter 4 SECURING THE INSTANCE NotedCont'd before anyone noticed the worm, this time with a dangerous payload running on SQL Servers and desktops in almost every company. The worm was able to make its way into most companies, not by going through corporate firewalls, but by infecting company laptops that had the MSDE edition installed on them (often without the user's or the DBAs' knowledge). The employee would then bring the infected laptop onto the company network where it would begin looking for internal and external SQL Servers to infect. Microsoft's saving grace with regard to the SQL Slammer worm was that the patch for the problem had been released in October 2002. However DBAs were slow to install the patch on their servers, leaving them open to SQL Slammer attack, which came three months later. While the SQL Slammer worm didn't do any damage with regard to data loss or data theft, several companies were unable to operate for days or weeks while they patched and cleaned hundreds or thousands of computers, all of which had been infected with the SQL Slammer worm. This included at least one of the major banks in the United States, which was unable to process debit card transactions for several days while the SQL Slammer cleanup proceeded. You can read more about SQL Slammer by looking at the cert advisory published for the worm at http://www.cert.org/ advisories/CA-2003-04.html or by looking at the Microsoft Security Bulletin MS02-061, which can be found at http:// www.microsoft.com/technet/security/bulletin/MS02-061.mspx. SQL Slammer was a wakeup call to SQL Server DBAs who, until this time, were known to install Service Packs only when there was a specific reason for installation. After the SQL Slammer was released on the world, DBAs became much more willing to install Service Packs and hotfixes more regularly on the database servers. Because of the extent of the problems, damage, and lost revenue that SQL Slammer caused, business users became more willing to accept the small amount of downtime that SQL Server patching required in order to protect themselves. When installing a new Microsoft SQL Server, only install those components that are actually necessary for the application or applications that will be using the instance to function. If SQL Reporting Service and SQL Integration Service aren't needed, then do not install those components. The same applies to the SQL Server Management tools. If you don't have a need to run the SQL Server Management Tools on the server's console, there is no need to install them. This is especially true on SQL Server 2005 and newer as installing the management tools also installs the Visual Studio shell, which gives yet another product that needs to be patched to ensure that it is safe to have installed. SQL Authentication and Windows Authentication Microsoft SQL Server has for many years now, going back to 6.0 if not further, given two different authentication methods