In this tutorial I demonstrate the install of MS SQL Server on a VM and the failed login attempts into SQL server from another VM, an “attack VM” I created. I show this through the security logs on windows event viewer in the main VM.
Environments and Technologies Used
-Microsoft Azure Cloud Platform
-Microsoft Azure (Virtual Machines) abbreviated VM. VMs are used to install the SQL Server and also view the event logs.
-Remote Desktop Protocol (RDP) is used to connect to the virtual machines. (For this demonstration I use the RDP app in the Microsoft Store).
-Windows Event Viewer to view the logs showing the failed authentication attempts.
Operating Systems Used
-Windows 10 (21H2)
Video Demonstrations
Part one below I complete the follwing:
-Configure the VM firewall too accept all inbound traffic
-The install of MS SQL Server
-Turn off windows firewall
-The install of SQL Server Management Studio (SSMS)
-Enable logging for the SQL server to be ported into event viewer
-Test logging in event viewer
In Part two below I complete the following:
-Attempt to RDP five times into the main VM from the attack VM using the wrong credentials
-RDP into the main VM from the attack VM using the correct credentials
-From the main VM, inspected the failures and successes (Security log for RDP, Application log for SQL)
