Is it required for SQL to run on port 1433? I was wondering b/c I want to change the port that is used to try and not make it too easy for hackers. I have to remotely connect through VPN to other SQL servers from my main server. Just looking for some security measures I might be able to get going.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Ports
- Thread starter plyon70
- Start date
I want ask the same question, I doubt this can hide the SQL Server completely. If a port scan tool scan a server from port 0 to 65535 and get the service name for all the port if they have, SQL Server will show up, I'm not quite sure here, can someone explain this better?
The trick is to make sure all your SQL Servers have the latest security patches, set up your firewalls correctly, and to hide SQL Server behind a proxy or IIS server (if you're using web apps) so that the only way it can be accessed is through a "middleman" type of computer.
Or, in technical terms, set up a three tier application environment.
In Windows 2003 Server, you can also alter your trusts to 1 way non-transitive to better protect your setup.
There are lots of tools for port scanning, but if you change your port from 1433 to another one, it's harder to find it. At this point, it becomes a Web Server and a Network security issue. As long as the SQL Server doesn't accept interactive XML pages, is hidden behind a proxy so the hackers can't see its IP or other relevant stats, and has a company firewall, etc. and a decent Network security policy, you'll be in "as good as it gets" shape. No one can anticipant every security hole. However, if you can prove to the government you did your darnest and it took a really smart person to actually take you down, then they can't prosecute you over violation of HIPAA regulations.
Catadmin - MCDBA, MCSA
Beware the error of pre-emptive poultry inventory!
Or, in technical terms, set up a three tier application environment.
In Windows 2003 Server, you can also alter your trusts to 1 way non-transitive to better protect your setup.
There are lots of tools for port scanning, but if you change your port from 1433 to another one, it's harder to find it. At this point, it becomes a Web Server and a Network security issue. As long as the SQL Server doesn't accept interactive XML pages, is hidden behind a proxy so the hackers can't see its IP or other relevant stats, and has a company firewall, etc. and a decent Network security policy, you'll be in "as good as it gets" shape. No one can anticipant every security hole. However, if you can prove to the government you did your darnest and it took a really smart person to actually take you down, then they can't prosecute you over violation of HIPAA regulations.
Catadmin - MCDBA, MCSA
Beware the error of pre-emptive poultry inventory!
- Status
Similar threads
- Locked
- Question
- Locked
- Question