Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

Port Blocking, SQL Server, and the Internet

By Denny Figuerres,

While random blocking of ports by ISP’s could lead to a severely crippled Internet I do not believe that it is in the best interests of most users (private or business) to leave all ports open to all users. As an example of this lets take a look at the “MSBlast” worm and the damage it caused the IT community. The while no one can deny that Microsoft had a bug in the code that needed to be patched we can also see that 1) a fix was available and that 2) many servers were not patched and were left open to infection due to the ports used by SQL server being left open to the Internet.

Now lets consider what would have happened if say 70% of the Internet routers and firewalls as whole simply dropped traffic for that port. Sure the worm would have still spread and done harm but how much less damage would it have done? How many millions of dollars would have been saved?

Look at the SPAM problem many experts agree that a large amount of it is coming from “rouge” SMTP servers often running on home PC’s that the owner is unaware of. If many ISP’s blocked home users machines from making outbound connections as SMTP servers it could block much of the SPAM we see every day.

Yes there are issues, yes legitimate traffic should be allowed across the networks.

But I think we as IT professionals have to assess:

  1. Does this service need to be open to the public?
  2. What is the possible impact to the business if this service is exposed?
  3. Is this service secure?
  4. Is there a better way to accomplish the same work or task?

In the case of a SQL Server I see almost no case where the ports should be left open. By default SQL server transmits plain text data. This means that it is trivial to hack.

Here are some options for connection:

Remote administration:

  • VPN
  • Remote Desktop
  • VNC
  • A secured web site with custom pages

Server to server data exchange:

  • VPN between sites

Remote Clients such as applications:

  • Web Services interface
  • Web pages called “Inside” an application
  • Custom binary protocol with encryption and authentication
  • VPN tunnel to the server

So given that list of options, considering how many of them should take less than 20 minutes to implement (Like remote desktop or VNC) I have to ask why you would ever want to risk the valuable data and resources of that SQL server?

After all your clients and or your boss may not understand the problems but if you don’t put up a good set of security methods and practices and the network or data is compromised it may well be your job and your future credibility that are one the line. I for one would rather not be in the hot seat if I can avoid it. I would say it’s time well spent.

Denny Figuerres ©June, 2004

Total article views: 8895 | Views in the last 30 days: 4
 
Related Articles
FORUM

Blocking

Blocking & Blocked by

BLOG

Reporting Services and Internet Explorer 9

Turns out there is a snag when it comes to using Internet Explorer 9 with SharePoint and SQL Serve...

FORUM

blocking

blocking

FORUM

Merge Replication accross internet Using SQL Server

Merge Replication across internet using SQL SErver 2005

FORUM

Merge Replication accross internet Using SQL SERVER

Merge Replication accross internet Using SQL SERVER 2005 or 2000

Tags
other    
rants    
 
Contribute

Join the most active online SQL Server Community

SQL knowledge, delivered daily, free:

Email address:  

You make SSC a better place

As a member of SQLServerCentral, you get free access to loads of fresh content: thousands of articles and SQL scripts, a library of free eBooks, a weekly database news roundup, a great Q & A platform… And it’s our huge, buzzing community of SQL Server Professionals that makes it such a success.

Join us!

Steve Jones
Editor, SQLServerCentral.com

Already a member? Jump in:

Email address:   Password:   Remember me: Forgotten your password?
Steve Jones