[dba-SQLServer] SQL Server security

jwcolby jwcolby at colbyconsulting.com
Sun Sep 18 06:29:56 CDT 2011 

Jim,

My point is that I have not established port forwarding at the router so while the port is there to 
probe, it is not routed on to any machine, and therefore my SQL Server will not answer up.  The SQL 
Server only answers up on it's specific 5.x.x.x IP address which is assigned to specific Hamachi 
networks belonging to me.  Thus the hacker needs to have physical access to one of the handful of 
machines in the world which have Hamachi installed, and have been set up to belong to my networks.

Thanks for pointing out this OpenVPN though.  I am always looking for alternatives.  In particular 
the Wikipedia article discusses routers running Tomato or DD-Wrt which opens up the alternative of 
having my end handled by my router, though I do not currently have a router able to run those 
firmware.  But I could go get one.

I have to say that Hamachi has really built out their administrative software nicely, with a web 
based interface allowing me to set up various kinds of networks - hub and spoke etc.  It allows me 
to assign and unassign machines to the created networks and create new networks.  Really quite nice.

I imagine if I go to something like this I am back on my own doing that stuff.  OTOH it is probably 
more secure since there is no central server to hack to worm your way into my networks.

John W. Colby
www.ColbyConsulting.com

On 9/18/2011 2:33 AM, Jim Lawrence wrote:
> No not really...Your address that you are using for your principal connect
> may be protected but Himachi but it is not like a full VPN connection which
> protects all ports in and out. Check out OpenVPN at: http://openvpn.net/ and
> http://en.wikipedia.org/wiki/OpenVPN
>
> Jim
>
>
> -----Original Message-----
> From: dba-sqlserver-bounces at databaseadvisors.com
> [mailto:dba-sqlserver-bounces at databaseadvisors.com] On Behalf Of jwcolby
> Sent: Saturday, September 17, 2011 5:54 PM
> To: Access Developers discussion and problem solving; Sqlserver-Dba
> Subject: [dba-SQLServer] SQL Server security
>
> I see logs of references to people probing ports looking for SQL Server
> ports (and mysql as well I
> assume).
>
> If I come in through a Hamachi VPN then I do not directly expose the port to
> the outside world
> correct?  IOW the hacker would need to belong to my VPN network in order to
> directly get to the open
> port?
>

More information about the dba-SQLServer mailing list