Re: SQL server port security Issue

From: Sue Hoegemeier (Sue_H_at_nomail.please)
Date: 07/06/04 

Date: Mon, 05 Jul 2004 21:00:43 -0600

In terms of security, using a different port instead of the
default port just makes it harder to find SQL Server
listening on the other port. But not much harder.
Enabling only the required services would be something you'd
want to do to secure any server whether it runs SQL Server
or not.
The following are good links for information on security
your SQL Server:
Microsoft SQL Server 2000 SP3 Security Features and Best
Practices
http://www.microsoft.com/technet/prodtechnol/sql/maintain/security/sp3sec/default.asp

SQL Server Security Resources Site:
http://www.microsoft.com/sql/techinfo/administration/2000/security/default.asp

-Sue

On Thu, 1 Jul 2004 22:46:01 -0700, vanishree
<vanishree@discussions.microsoft.com> wrote:

>Hi ,
>
>We have a requirement where in we need to connect to Server Database from client system over internet. That is from a web application, some component is running on client's system and trying to connect to DB on the web server. Which we are abele to do it.
>
>Now we are facing security issue since we are connecting to DB server from client system using IP address of DB server. For this to happen port 1433 is being open on DB server to enable for client system to connect to SQL server over the internet.
>
>What are steps that can be taken to secure SQL server when port is open? Please in this regard.
>
>I have got some of the links on net which puts some light on this :
>
>1. Using Proxy server
>2. Using different port, not the default port
>3. Enabling only the required services and blocking other services.
>
>But I need more light on each one of these. Also if anybody proovide me which is the safest and better way to secure SQL server port keeing it open. I am more interested to know more about securing SQL server using services option.
>
>Early reply will help us.
>
>Thanks,
>Vani
>
>
>

Relevant Pages

  • Re: hack using xp_cmdshell
    ... I'm no security expert, so please forgive if I'm not using the right ... install SQL Server in Windows Only mode and then Switch down to Mixed mode, ... Is the SQL Server instance a default instance? ... > port 65300, which has never been open on my firewall. ...
    (microsoft.public.sqlserver.server)
  • Re: ADP problems after SQL 2005 Upgrade
    ... Use the SQL Server Configuration Manager to create aliases; ... each port can be associated only with a single instance. ... Sylvain Lafontaine, ing. ...
    (microsoft.public.access.adp.sqlserver)
  • [NT] Microsoft SQL Server 2000 Unauthenticated System Compromise
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Microsoft's database server SQL Server 2000 exhibits two buffer-overrun ... clients connecting to TCP port 1433 or both. ... This message is a single byte packet, ...
    (Securiteam)
  • Re: Do SqlServer 2000 & SqlServer 2005 co-exist
    ... Either SQL Server 2000 or SQL Server 2005. ... So you have to move one of them to another port. ... You could allow an program exception in your firewall instead of a port number exception. ... I understand that you can connect to SQL 2000 named instance on the local ...
    (microsoft.public.sqlserver.setup)
  • Re: IIS, SQL 2000 & XPs Firewall
    ... Only one instance of SQL Server can use TCP port 1434. ... You may find it easier to use SQL Server Configuration Manager ... 2008 will be a named instance ... you will have to open those as exceptions in the firewall. ...
    (microsoft.public.sqlserver.connect)