September 28, 2006 at 9:39 am
Hi,
We have installed a new Cisco IPX hardware firewall on our server. The ISP is asking us how we want to configure the firewall. Can any one tell me the recommended firewall settings for SQL Server. The IIS and SQL Server are on the same machine, there are two ASP.Net web applications and 7 windows services that connect to the sql server. We would like to restrcit access to anything/anyone else. Except me, I access the server using Remote Desktop Connection.
Thanks.
September 28, 2006 at 10:05 am
The IIS and SQL Server are on the same machine
Ouch. I'd change that first. You really don't want to have any SQL Server sitting on a box that has a straight connection out to the public internet.
If you can't change that, why not just turn off TCP/IP in SQL Server network configuration? It shouldn't be needed for the webserver to talk to the SQL Server.
Assuming you're inside the firewall when you access the server, I'd obviously block 1433/1434 as well as RDP at the firewall. If you're outside use SSL VPN to get into the network and from there you can RDP into the machine. If you have to leave TCP/IP enabled, I'd recommend changing the SQL Server listening ports to something ridiculously high. Most attacker port scanners don't scan very high ranges. The better approach really is to block everything by default at the firewall and then open up those services you need (80, 443).
September 29, 2006 at 11:57 am
Since you're using RDP to connect to the server, block everything except 80 and 443, so your web server is the only thing open to the outside world.
Also open another port for RDP, but change from the default port to avoid attacks against RDP. Use something above 49152 if you can.
http://support.microsoft.com/default.aspx?scid=kb;en-us;306759
Joshua Perry
http://www.greenarrow.net
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply