How to block all traffic but SQL Server

  • Thread starter Thread starter hug gozz
  • Start date Start date
H

hug gozz

We are installing a new server, and it is suppose to be used ONLY for SQL
SERVER 2000, how can I block all traffic and all ports and allow only the
ports used by SQL Server?
Norton Security is not working right, some time it blocks legit queries and
access to SQL Server.
Thanks, I have to choose our next firewall program and I dont know the best
for this job.
 
Of course layering things is best. However, on the SQL machine itself
you can also define use of IPsec in a filtering mode, where all traffic is
rejected and then you permit the SQL ports tcp 1433/1434 to only the
source IPs that should have any access. If the machine is W2k3 then
you should be at SP1 and you could look at using the firewall and
setting the machine up by use of the new security configuration wizard
(and after that layer in the mentioned IPsec filtering if desired).
 
We are installing a new server, and it is suppose to be used ONLY for SQL
SERVER 2000, how can I block all traffic and all ports and allow only the
ports used by SQL Server?
Click to expand...

Depends on whether or not this is behhind a firewall.
Norton Security is not working right, some time it blocks legit queries and
access to SQL Server.
Click to expand...

You shouldn't use a wokstation or home security product on a server
anyway.
Thanks, I have to choose our next firewall program and I dont know the best
for this job.
Click to expand...

Hardware firewall is best. If you use Server 2003 you have one built
in that does fine. Kerio seems to work okay on servers from what I've
tried. There is also a server version of Symantec's products, though
it isn't free.

Jeff
 
(e-mail address removed) (Jeff Cochran) wrote in

You are right, seems like I have to ask for Server 2003 upgrade, we have
Windows Advanced Server 2000 with SP4 and SQL Server 2000 with SP3.

Using Tiny Firewall, GFI Network Monitor and GFI LANGuard Security Scanner.
Doing pretty good, but still want to safer. I will be rewieing Keri to see
what it has. Norton Security used at the beginning as we have no budget,
but discarded almost the same day.
Panda´s Server was to complicated, I spent too much time trying to figure
everything up.

Thanks for the answers.
 
As Roger said you can block everything except SQL
trivially with the built-in IPSec -- and it's built-into
every OS workstation or server since Win2000.

But the origianal question may not be precisely what
is desired if this is to be a domain machine and/or
use integrated security for accessing the data, allow
management tool access, or other resource management.

There are more ports to open but they can be open to
specific addresses.
 
Back
Top