SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Port Blocking, SQL Server, and the Internet


Port Blocking, SQL Server, and the Internet

Author
Message
Ian Yates
Ian Yates
SSCrazy
SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)

Group: General Forum Members
Points: 2496 Visits: 445

I tend to err on the side of caution - I'd never expose SQL directly to the net. A VPN using the standard MS PPTP connections is very easily configured at both the server and client ends... This is by far more secure and helps ensure that any future exploits for SQL don't find their way into your network.

You could, if desired, make use of the features of your NAPT firewall to have SQL use 1433 internally and appear on a different port externally - security through obscurity I do this for Terminal Services - rather than exposing 3389 for a single server to the net I'll map something like 4001, 4002, 4003 etc each being pointed at a different internal IP address for port 3389. The less of your network that is exposed, the more secure you are (generally).





Denny Figuerres
Denny Figuerres
Valued Member
Valued Member (68 reputation)Valued Member (68 reputation)Valued Member (68 reputation)Valued Member (68 reputation)Valued Member (68 reputation)Valued Member (68 reputation)Valued Member (68 reputation)Valued Member (68 reputation)

Group: General Forum Members
Points: 68 Visits: 5

Wow this is still looked at... been a while since my bit on sql.

for an outside client to get at the data my general plan is to use another server to manage the request.

examples include web services / xml or an app server remoting the data

any client on the "outside" of the corp. data center should never see the IP of the SQL db server.

should never have direct access to it via SQL connection.

and in many cases a middle server can cache some data thus reducing the work load and # of connections on the sql server.

less vulnerable, more scalable, more managed.

seems good to me.


Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search