SQL Server® Audit

This tool enables you to test the password vulnerability of the ‘sa’ account (i.e. root administrator), and any other SQL user accounts configured on the SQL Server®. During the audit process, this tool will perform dictionary attacks on the SQL Server® accounts using the credentials specified in the ‘passwords.txt’ dictionary file. However, you can also direct the SQL Server® Audit tool to use other dictionary files. You can also customize your dictionary file by adding new passwords to the default list.

To perform a security audit on a particular SQL Server® installation:

1. Launch GFI LanGuard.

2. Click Utilities tab and select SQL Server Audit in the left pane under Tools.

SQL Server® Audit

3. In the Audit MS SQL Server menu, specify the IP address of the SQL Server® that you wish to audit.

4. From Common Tasks in the left pane, click Edit SQL Server® Audit options or Options button on the right pane to edit the default options such as performing dictionary attacks on all the other SQL user accounts.

5. Click Audit to start the process.