Hiding SQL server
-
Hi everyone,
Bit of a fast ball here.
Just had a requirement to hide our SQL servers for an accreditation audit. This was done via the hide SQL tick box on the TCP\IP properties box.
Did that all ok , after restart noticed that the default port has changed. Thus effecting web servers etc.
Is this known about , or have I missed something.
Cheers for quick responses.
-
Well, yes, it is known. It is how the Hide Server feature works.
It only changes the port from 1433 (default) to 2433 and also makes the server stop responding to broadcasts on the network.
-
Cheers Chris
-
Do this instead.
Create an IPSEC policy to block udp/1434 both inbound and outbound. If you do that, unless someone is doing a port scan on your SQL Server, they won't be able to detect a SQL Server is there. Now, this does mean you won't be able to discover other SQL Servers from the box in question, but it will hide the SQL Server while still allowing you to maintain the tcp/1433 port.
K. Brian Kelley
@kbriankelley -
Brian
Thanks for the info on this. Is there any chance you could point me in the right direction or explain to me how I go about setting this up ?
I am not familar with the IPSEC policy creation. Think we need to retain the 1433 port , but keep it hidden.
Many thanks for any info you can supply
-
How To Use IPSec to Provide Secure Communication Between Two Servers
This is the basics on how to setup an IPSec policy. The example they use is to restrict communication only between the web server and the SQL Server. That's not exactly what you're looking to do. Here's how to take it a step further once you've read the article.
Creating the appropriate filter action
Right-click on IP Security Policies on ...
Choose Manage IP filter lists and filter actions
Click on the Manage Filter Actions tab
Click the Add button
Give your action a name on the General tab. I used "Block Traffic" as my name.
Select Block on the Radio buttons on the Security Methods tab.
Click OK to finish configuring the new action.
Setting up the filter for your server as the source (this prevents your SQL Server from being located):
Click on the Manage IP Filter Lists tab.
Click on the Add button
Name your filter. I used "Block udp/1434" for mine.
Click the Add button (I'm assuming you're using the wizard).
Leave the Source and Destination addresses alone and click next on their screens.
Select UDP for the Protocol type and click Next.
Select the From this port: radio button. Leave the To any port radio button alone.
Enter 1434 in the text field under From this port and click Next.
Click Finish
Don't click Close yet as there is still some setup to do.
Setting up the filter for traffic going to your server (this prevents your server from locating other SQL Servers):
Click the Add button (I'm assuming you're using the wizard).
Change the Source to Any IP Address and click Next.
Change the Destination to My IP Address an click Next
Select UDP for the Protocol type and click Next.
Select the From this port: radio button. Leave the To any port radio button alone.
Enter 1434 in the text field under From this port and click Next.
Click Finish
Setting up the policy:
Right-click on IP Security Policies on ...
Choose Create IP Security Policy
Name your IP Security Policy and click Next.
Uncheck the Activate the default response rule and click Next.
Ensure Edit Properties is checked and click Finish.
Under the Rules tab, click the Add button.
Select the radio button corresponding to the filter you just created.
Click on the Filter Action tab.
Click on the filter action you created to block traffic.
Click OK.
Click OK again to set the policy.
In the right-hand pane, right click on the policy you just created and select Assign.
That should do it. As always, experiment in a non-production environment first to make sure you've got the steps down. I've got this partially written up in an article but time has prevented me from completing it. There's also a command line way to do these things that can make life much easier because you can deploy it quickly to all your SQL Servers. Maybe this weekend...
K. Brian Kelley
@kbriankelley -
Brian
Outstanding thanks for your help. I will read and try to understand what is happening.
Thanks again
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply