Solved

How to Restrict access by IP address range to SQL Box

Posted on 2004-08-30
12
1,435 Views
Last Modified: 2008-02-01

I have inherited a SQL machine that has both internal (192.168.x.x) and public internet ip addresses, with web sites, assigned to it. The machine is constantly hammered by brute force connections to MS-SQL-S with logon attempts.

Is there a way to have SQL only bind to the internal IP address ?

- Or -

Can I limited the connections to the public IP address to only HTTP or FTP ?

Or something of this sort that will remove the exposure of the SQL server to the world at large ?

Thanks,

TMacT


0
Comment
Question by:TMacT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
12 Comments
 
LVL 5

Author Comment

by:TMacT
ID: 11936466

Note: this machine a stand-alone on a DSL link. My client does not have, and is not interested at this point, in a firewall.

0
 
LVL 11

Accepted Solution

by:
kabaam earned 250 total points
ID: 11936515
Microsoft SQL Server
a firewall can be configured to allow only the ports you want Such as 80 for http.  Or you can block the sql specific ports.


http://www.microsoft.com/smallbusiness/gtm/securityguidance/articles/ref_net_ports_ms_prod.mspx
Microsoft SQL Server 2000 provides a powerful and comprehensive data management platform. The ports used by each instance of SQL Server can be configured through the Server Network Utility.

System Service Name SQLSERVR

Application protocol Protocol Port
SQL over TCP
 TCP
 1433
 
SQL Probe
 UDP
 1434
 
0
 
LVL 5

Author Comment

by:TMacT
ID: 11936519
::: More info :::
SQL 7.0, Windows 2K SP4, Single NIC (Can install another if need to filter by NIC). Single Private address. Multiple Public addresses.

0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 5

Author Comment

by:TMacT
ID: 11936574
kabaam,

Thanks for your quick answer. Unfortunately, I can not configure a firewall at this time, and the Server Network Utility would let me change the ports, but not restrict access to the IP Address. I do not want to change the SQL port as the system is in production.

Still open ...
0
 
LVL 6

Assisted Solution

by:gwalkeriq
gwalkeriq earned 250 total points
ID: 11937498
Actually, even though there are other solutions, the recommended solution is to reconfigure the windows NT Sever hosting your database  so that it is not visible to the Internet at all. I.e, put the DB server on a subnet that is private. This not only avoids the hammering from the internet, it also closes a significant security hole. Leaving any machine exposed to the Internet without cause is just asking for trouble.
0
 
LVL 5

Author Comment

by:TMacT
ID: 11941168
Hi gwalkeriq,

>> put the DB server on a subnet that is private

My clients SQL server/web server is already running, and they just want to prevent external connections to the SQL. I need to put some quick solutions on the SQL box, then I can discuss moving the SQL to another system and getting a firewall.

... TMacT
0
 
LVL 18

Expert Comment

by:ShogunWade
ID: 11943843
IMHO,  If your client is not interested in getting a firewall then he deserved to be hit.   The wole world knows about 1433 and xp_cmdshell !!!!!!

0
 
LVL 5

Author Comment

by:TMacT
ID: 12160000
Hi TheLearned One,

While I appreciate the effort from the experts above, none of them actually answered the question I was asking.

After being in this business for 15 years, I tire of answers from hotshots like ShogunWade who do not demonstrate any experience working to resolve an issue within the stated limitations.

I was specifically asking for help implementing IP security on a SQL /  Win2K server. I did not get that answer. For everyone's reference, I found the solution here (http://www.analogx.com/contents/articles/ipsec.htm) , and have implemented it. I now have the breathing room to rework the network.

Althought I answered my own question, I am unlikely to ask 110 questions and use up my all my available points, so please split the points between kabaam, and qwalkeriq, who at least provided constructive alternatives and suggestions.

... TMacT

0
 
LVL 18

Expert Comment

by:ShogunWade
ID: 12160107
Tmac,   Im sorry that you "tire of answers from hotshots like ShogunWade"   However perhaphs I shouldnt have had to make this observation to someone "being in this business for 15 years"
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
In this article we will learn how to fix  “Cannot install SQL Server 2014 Service Pack 2: Unable to install windows installer msi file” error ?
Familiarize people with the process of utilizing SQL Server functions from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Ac…
Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question