[dba-SQLServer]IP Connection to SQL

Arthur Fuller artful at rogers.com
Thu Apr 17 08:43:31 CDT 2003


That sounds excellent. We're already most of the way there -- sa is already
turned off and the client has rules about passwords (no words as such, must
mix alpha and non-alpha, >= 10 chars.

So, to recap (sanity check)... Tell the firewall to let traffic on 1433 in;
tell the router where to direct the traffic to, and let sql security take it
from there. Did I leave any steps out?

I think I'll cruise MSDN and see what I can learn about setting up the
built-in vpn stuff.

A.

-----Original Message-----
From: dba-sqlserver-bounces at databaseadvisors.com
[mailto:dba-sqlserver-bounces at databaseadvisors.com] On Behalf Of Jim
Lawrence (AccessD)
Sent: April 16, 2003 4:42 PM
To: dba-sqlserver at databaseadvisors.com
Subject: RE: [dba-SQLServer]IP Connection to SQL


Hi Arthur:

The port 1433 is only dangerous if you have not upgraded the appropriate SQL
patch. No port number is not vulnerable because most intruders simple scan
all ports when attempting to gain access. It is not worth trying to change
the port value as the port number might be used by some other product, like
a game. Also all the clients would have to setup individually as they will
automatically be expecting to access the SQL server through that 1433 port
number.

I personally would not waste my time with changing port numbers, for
security but I would turn off the SQL login, 'sa' and setup strong Server
side NT authentication.

My thoughts
Jim




More information about the dba-SQLServer mailing list