March 21, 2002 at 1:43 pm
I have to do some consultancy on various SQL topics, and I'm confident on them all, apart from a more teccie one to do with security. The client wants to know if there are security issues with using TCP/IP and 1433 as the default port. Can it be changed, and if so what to and what would be the results?
Any help appreciated.
Paul Ibison
Paul Ibison
Paul.Ibison@replicationanswers.com
March 21, 2002 at 2:06 pm
It's a security issue in that SQL doesn't "lock" accounts, so someone can constantly be connecting to that server and trying passwords. sa is a well known account. You can disable SQL auth and that will help.
You can move this port using the Server Network Utility to anything you want. Here we moved it to a different port using our firewall and port redirection.
Steve Jones
April 1, 2002 at 10:24 am
Hi Steve,
Can you help me with this issue.
How do I restart SQL Server with a different IP port number? I want to control the IP port number each time SQL Server is started.
April 1, 2002 at 10:36 am
Can't do this unless you can get command access and script something to hit the registry.
I have a method to access using Secure Shell (secure Telnet) if you have a secure shell server available. These are standard on *nix and you can get them for Windows.
Steve Jones
April 1, 2002 at 1:57 pm
Hi Steve I do have command access and I can get to the registry from a C program or a batch file. Is it still possible?
Thanks,
quote:
Can't do this unless you can get command access and script something to hit the registry.I have a method to access using Secure Shell (secure Telnet) if you have a secure shell server available. These are standard on *nix and you can get them for Windows.
Steve Jones
April 1, 2002 at 2:28 pm
Not through SQL . There might be acess with some extended stored procedures. If you can put the batch file on there, you can access it through xp_cmdshell.
Steve Jones
April 1, 2002 at 2:35 pm
Thanks Steve,
I'll have to slepp on this.
quote:
Not through SQL . There might be acess with some extended stored procedures. If you can put the batch file on there, you can access it through xp_cmdshell.Steve Jones
April 1, 2002 at 2:55 pm
Hard to move that port and match things up dyanmically. not sure it helps because anybody can still scan. The best thing is to VPN in somehow. Secure shell, PPTP, IPSec, all do this.
Steve Jones
Viewing 8 posts - 1 through 7 (of 7 total)
You must be logged in to reply to this topic. Login to reply