SQL Browser

Question

Post reply

SQL Browser

h.iddamalgoda 91897

Right there with Babe

Points: 797
More actions
December 8, 2016 at 3:51 am

#323938

What is the best practice for SQL Browser service? Keep running or keep stopped and run as required?

Viewing 10 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic. Login to reply

Igor Micev SSC-Dedicated Points: 33109 More actions · Answer 1

Keep it running.

Igor Micev,My blog: www.igormicev.com

John Mitchell-245523 SSC Guru Points: 148809 More actions · Answer 2

I wouldn't run it as required - I would either use it or not use it. It only works for named instance, so if you only have a default instance, disable the service. If SQL Server listens on the default port of 1433, you can also disable the service. If you want that extra layer of security by obscurity that not revealing the port number confers, then disable the service and insist on all connection strings including the port number. (I'm not arguing for or against that being a good thing.) Otherwise, have the service running and forget about it.

John

h.iddamalgoda 91897 Right there with Babe Points: 797 More actions · Answer 3

h.iddamalgoda 91897

Right there with Babe

Points: 797

December 8, 2016 at 4:01 am

#1916712

Thanks Igor, Is there an obvious to keep it running.

h.iddamalgoda 91897 Right there with Babe Points: 797 More actions · Answer 4

Thanks John.

I am merely concerned for security. That is why I am considering stopping them. All my instances (61 of them) are default.

John Mitchell-245523 SSC Guru Points: 148809 More actions · Answer 5

h.iddamalgoda 91897 (12/8/2016)
Thanks John.
I am merely concerned for security. That is why I am considering stopping them. All my instances (61 of them) are default.

Definitely don't have it running, then.

John

h.iddamalgoda 91897 Right there with Babe Points: 797 More actions · Answer 6

h.iddamalgoda 91897

Right there with Babe

Points: 797

December 8, 2016 at 4:16 am

#1916719

Cheers John, many thanks.

Igor Micev SSC-Dedicated Points: 33109 More actions · Answer 7

h.iddamalgoda 91897 (12/8/2016)
Thanks Igor, Is there an obvious to keep it running.

There is no cost of running it. If you want to forget about it, then keep it running. Here is a very good overview of it https://www.mssqltips.com/sqlservertip/1946/overview-of-the-sql-server-browser-service/

Igor Micev,My blog: www.igormicev.com

Joie Andrew One Orange Chip Points: 27360 More actions · Answer 8

There is no cost of running it.

From the security standpoint I am not sure that is a true statement. If SQL Browser is running then a potential attacker could use it to discover your SQL instances.

Hunting for Microsoft's SQL Server

http://null-byte.wonderhowto.com/how-to/hack-databases-hunting-for-microsofts-sql-server-0148993/[/url]

I would say if you can identify what connects to the instance (or instances), update the instances to listen on non-default ports, stop and disable SQL Browser and then update connection strings to refer to the non-default ports. For apps that cannot easily have the connection string changed, use a SQL alias.

Joie Andrew
"Since 1982"

Steve Jones - SSC Editor SSC Guru Points: 736128 More actions · Answer 9

I would say it's a security hole since most people worry less about UDP and this may be an open port on lots of firewalls to allow SQL instance discovery. With this, an attacker doesn't need a port scan. They can merely hit UDP1434 as a noramal query to look for databases. I wouldn't leave this on or run it without a reason.

By default in modern Windows OS and SQL installs, this is disabled to reduce attack surface.