July 28, 2008 at 11:55 am
Doing our year-end IT audit checklist and one thing we have never really 'tweaked' is that all of our 10 servers (we are a mid-size business) use the default port 1434.
I am thinking about changing this as per 'Best Practices' but thought about it....none of our users can access any type of application/sql server without connecting through our VPN...
So....is there a need to make the port change?
July 28, 2008 at 12:55 pm
You mean 1433, right?
1434, using the UDP protocol, is used to locate the port, named pipe, etc. for a named instance. The port a default instance of SQL Server listens on is 1433 using the TCP protocol.
K. Brian Kelley
@kbriankelley
July 28, 2008 at 12:59 pm
Yes sorry the 1433 port for TCP...that is what we have for 'listening'
July 28, 2008 at 1:28 pm
There are arguments either way. It's obfuscation at best, and will fool some automated tools. If you expose to the Internet, I'd do it.
Internally, easy for someone to port scan the server and look for whichever port is accepting SQL commands. Not that hard to do, so not sure if you've gained anything.
July 28, 2008 at 2:18 pm
It also means dealing with the fact that you'll have to do the manual configuration for every connection string... Depending on how tightly these things are controlled and whether or not your users connect to SQL Server directly, the risk reduction on a security side may very well be outweighed by the performance loss operationally.
K. Brian Kelley
@kbriankelley
July 28, 2008 at 2:48 pm
Thanks to both for the insight...I will review but I think the changing of the strings is one thing I forgot about...in fact we have an automation of Excel forms (about 20 of them) that connect to the string with 1433 port so that would have to be reconfigured and not sure if that is worth the headache...
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply