Security help: SQL Server, cable modem and a linksys router
Posted on 2004-10-03
I'm a self starter and I have been working with building some .NET applications for my business. I have also have been using SQL Server 2000 for a number of years with these applications.
Last week I wrote a great little app for remote access to my SQL Server. My office is connected to the internet by a cable modem through a Linksys BRFSR41v3 router. I changed the SQL Server receiving port from 1433 to well...something else and routed incoming traffic on that port to the SQL Server box. I'm also using some pretty complex passwords. My application is connecting to the SQL Server and running just fine. In fact, by letting some employees work from home, this new app could save me hundreds of hours of work in the next year, not to mention dollars. OK, let’s mention dollars. If my SQL Server gets hacked, I loose many of them.
Now that I've opened that port to the outside world, I'm starting to get a bit nervous. I know I can filter out all incoming IP's except the one's I allow to connect but all users won't always have a static IP address. What would you do next? Thanks!