SQL Server Performance Forum – Threads Archive
SQL-Server serv specific IPs
I want to make our production server secure and prevent it from service to our test / developers department. The question is how it is possible to force the SQL-Server (in our production) to serv only specific IPs and do not serv the others? Or probably, you may have a better idea to implement this. CanadaDBAYou can change the default port 1433 to another port# that only those you want to connect to your SQL know it.
You cannot set any values on Server side to allow specific ip address to connect to SQL server, as
a client application communicates to SQL Server using the client-side network library Dbmssocn.dll (or Dbnetlib.dll for SQL Server 2000) and any client using Microsoft Data Access Components (MDAC) 2.6. By default, when an application requests a socket from the system for an outbound call, a port between the values of 1024 and 5000 is supplied. As suggested you can set a named port for SQL server and let clients know to configure the client connectivity with that value. If you can take help of FIREWALL you can allow certain IPs to connect to this port. Satya SKJ
Moderator
http://www.SQL-Server-Performance.Com/forum
This posting is provided “AS IS†with no rights for the sake of knowledge sharing.
Changing port is not foolproof, a port scanner would easily detect the new process port. Firewall would be a good way to do ip based access like satya suggests. Kerio personal firewall would be a reasonable (and free!) choice imo.
You could set up IPSec rules as well on the server . There is a MMC console for that. Acts like a firewall.
I use SYGATE’s personal firewall for development environment, easy to manage. A good point by Argyle about using IPSec,http://www.winnetmag.com/WindowsSecurity/Article/ArticleID/25730/25730.html &
http://msdn.microsoft.com/library/en-us/secmod/html/secmod32.asp links for information. Satya SKJ
Moderator
http://www.SQL-Server-Performance.Com/forum
This posting is provided “AS IS†with no rights for the sake of knowledge sharing.
You could also put the SQL Servers in their own VLAN. I created 4 VLANs for ours. The development environment is in a seperate VLAN from production. You then just limit the servers that can access each VLAN. MeanOldDBA
[email protected] When life gives you a lemon, fire the DBA.
Thank you all for your feedback. Thanks Satya for the supporting links (as usual). Derrick, would you give me more info? Do I need to have a software to create the VLAN? CanadaDBA
at this site we monitor and store temps, humidities, pressures for pharmaceuticals. the data goes to different report routers (PMI, Personal Machine Interface service). Having the same data routing to two different clients then data servers. I created the firewall on the secondary server only accepting through port 1433 and 24688 from a static IP client. (all of our workstations have static IPs) I can check with the company on how the report router process is written, but not sure about the whole copy right things. the
Bugster
I suggest to change port 1433 to another number as it is a default and easy to pick it. Satya SKJ
Moderator
http://www.SQL-Server-Performance.Com/forum
This posting is provided “AS IS†with no rights for the sake of knowledge sharing.
]]>