Changing ports on production SQL Server - things to watch for 1433

Published 07 December 07 11:29 AM | SQL Master 

What is your criteria on assigning ports to SQL Server?

Are you leaving them to default 1433?

Is your SQL Server is exposed to Internet or any external sources where there is a chance to produce mass attach or run code injection?

Every DBA should give a review about these 3 points on the terms of security, many clients I attend to solve the issues on call will have 1433 as default port where their main application is exposed to internet with minimum security restrictions, scary isn't it!

Main task of changing ports must be tested with your application, as it is a general practice to define the port in the connection strings too. As you are aware that SQL Server (default instance) listens on 1433 and name instances is assigned to use dynamic ports. But the bit issue will be whenever the named instance SQL Server instance is started the port number will be changed based upon the availability, so for the default ports to avoid any attacks you can change it.

Using SQL Server 2005 configuration manager choose Network configuration then protocols, on TCP/IP properties change the port number and ensure to restart the corresponding SQL Server services (as the message box will prompt you to perform the same).  The default configuration of Database Engine is capable to listen on multiple ports on same IP address. Such as using 1433, 1533, 1633, in this case make sure to configure Listen All parameter on the same screen. As usual for Dynamic port settings you would see 0 (zero) for that database engine, to change this simply enter the relevant port number here.  So with the new configuration setup the SQL Server instance will be ready to listen on that specific port with a three ways options for client to connect. In this case make sure to choose the Browser services on that instance to connect by server name and similarly this can be achieved by setting up ALIAS on the client side with port number.

By all means any such configuration settings on security aspect must be tested before taking upon the production SQL Server instance.

 

 

Comments

# SSQA.net - SqlServer-QA.net said on December 7, 2007 12:20 PM:

What is your criteria on assigning ports to SQL Server? Are you leaving them to default 1433? Is your

# Other SQL Server Blogs around the Web said on December 7, 2007 3:12 PM:

What is your criteria on assigning ports to SQL Server? Are you leaving them to default 1433? Is your

Anonymous comments are disabled

About SQL Master

**__________________________________** SQL Server MVP, Sr. DBA & industry expert. - Knowledge is of two kinds. We know a subject ourselves or we know where we can find information on it. It is also a power and you will gain by sharing it.