Tweet
Some Network Security Issues over SQL server:
Although your servers may be physically inaccessible, they're most likely connected to a network of some kind. This could be just an isolated company LAN with no outside connections, or it could be a direct connection to the Internet. No matter what the situation, there are some things you need to consider:
• Ensure that the Windows server has proper network security configured.
• Decide which network protocols to allow, and disable any that are not required.
• Ensure there is a firewall set up (such as Windows Firewall) and configure it to allow access to SQL Server (as shown in Figure 1).
• Decide whether to encrypt connections to SQL Server and configure appropriately.
• If Kerberos will be used, register a Server Principal Name. Kerberos is an authentication mechanism that underpins Windows authentication but it is poorly understood.
• Decide whether to use the SQL Server Browser Service to help clients find installed SQL Server instances, and decide whether you want to hide some instances. Hiding an instance means client applications and users will need to know the connection details of the SQL Server instance, but it prevents people from trawling the network to look for SQL Server instances.
Although your servers may be physically inaccessible, they're most likely connected to a network of some kind. This could be just an isolated company LAN with no outside connections, or it could be a direct connection to the Internet. No matter what the situation, there are some things you need to consider:
• Ensure that the Windows server has proper network security configured.
• Decide which network protocols to allow, and disable any that are not required.
• Ensure there is a firewall set up (such as Windows Firewall) and configure it to allow access to SQL Server (as shown in Figure 1).
• Decide whether to encrypt connections to SQL Server and configure appropriately.
• If Kerberos will be used, register a Server Principal Name. Kerberos is an authentication mechanism that underpins Windows authentication but it is poorly understood.
• Decide whether to use the SQL Server Browser Service to help clients find installed SQL Server instances, and decide whether you want to hide some instances. Hiding an instance means client applications and users will need to know the connection details of the SQL Server instance, but it prevents people from trawling the network to look for SQL Server instances.
Comment