SQL Clone
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

Securing Your Instances

By Steve Jones,

I wrote a post about finding the port number of a SQL instance using PowerShell. Almost immediately I was taken to task by someone that noted port scanners can easily find SQL ports, so it's silly to move off 1433. Just use it because applications expect it. I can see that, and changing ports doesn't provide much security, but it does provide some obscurity, which may or may not be helpful. Certainly this also creates administrative and support burdens for a system. If you want other opinions, there's a Q&A on Stack Exchange for this topic as well.

Tom LaRock wote a post that this can be a way to obfuscate your database, prevent simple default connections, and potentially detect security issues before they become a problem. I tend to learn towards this approach as well, because these small changes can potentially provide a little protection. A port scan is quick, but firewalls are getting better at detecting these. Certainly criminals get smarter, but changing a port number isn't intended to stop everyone. If it stops a few, then that's fine.

Security comes about because of layers, and limitations, and will never be perfect. There will always be ways that someone can get around security, but the more layers, the more obstacles you place in their way, the fewer people that will overcome all of them. I'd also note that plenty of attacks come from vandals. People that are just bored and looking for easy ways to get into a system. Most of these people are using pre-written scripts and programs that try out defaults. These aren't concerted, directed attacks. They're attacks from boredom.

I'm curious today how many of you think a little bit of security from obfuscating ports is a good idea. I wouldn't recommend the SQL Browser be open, but that legitimate connections know about the port needed, and use that in their connection strings. I think it helps, and if this limits some attacks, especially inside-the-firewall virus attacks from trusted machines, I think it's worth doing.

Total article views: 58 | Views in the last 30 days: 1
Related Articles

Security Focus

Are IT administrators focusing on the wrong attacks when securing their systems? Should we as DBAs a...


4 Common Misconceptions About SQL Injection Attacks

Photo by Jaanus Jagomägi on UnsplashInterested in learning more about SQL injection attacks, includi...


injection attack

injection attack to saeed


Security Alert : SQL Server Worm Virus Attacking Systems

This past week, a worm virus began to attack SQL Servers on the internet that hold a blank password....


An Extra Defense For SQL Injection Attacks

TDSe-cure is a proxy service to SQL Server to block SQL injection attacks.

friday poll