x

IS THE PORT 1433 A SECURE PORT

Hello,

is the port 1433 default port for a secure port.. and are the passwords that move back and forth between the application and the database are encrypted?

If not, and somebody advice how is it done? what are the practices?

more ▼

asked Apr 29, 2010 at 04:00 PM in Default

Katie 1 gravatar image

Katie 1
1.4k 132 163 202

(comments are locked)
10|1200 characters needed characters left

3 answers: sort voted first

SQL Server uses a protocol called TDS, and this has had encrypted passwords and this has had support for encrypted passwords for NT authentication sent over the wire since version 7.0, which was the version used with SQL Server 7.

As for 'is it a secure port'? No port is inherently secure - it's made secure by your restrictions on access to it, through configuration of your network.

more ▼

answered Apr 29, 2010 at 04:16 PM

Matt Whitfield gravatar image

Matt Whitfield ♦♦
29.4k 61 65 87

Nuts. Watching the blue bar appear. I had to finish anyway.
Apr 29, 2010 at 04:22 PM Grant Fritchey ♦♦
Passwords are not encrypted, you can sniff them with Wireshark when the client connects. TDS will send a specific login packet with the login/password visible. You would need to set up IPSec or use an encrypted connection as Grant suggests
Apr 30, 2010 at 12:43 AM Scot Hauder
@Scot - sorry - I've just seen I missed a whole bit out of that! Lame...
Apr 30, 2010 at 03:40 AM Matt Whitfield ♦♦
(comments are locked)
10|1200 characters needed characters left

Is it a secure port by default? That depends on your firewall, not SQL Server. However, SQL Server can use an encrypted connection, but I don't think it's the default Here's a link to a security document from Microsoft that can fill in some of the details..

more ▼

answered Apr 29, 2010 at 04:21 PM

Grant Fritchey gravatar image

Grant Fritchey ♦♦
101k 19 21 74

Grant and Matt, actually to tell you where i was going with this question was.. would it fall into the DBA's lap or the network admin's lap as to configure this part. I am not sure.. how would a DBA contribute from her/his side to make the whole interaction over the network as secure as possible.
Apr 29, 2010 at 04:49 PM Katie 1
@Katie, whether it would fall to the DBA or the network admin is a decision that is made on an organization by organization basis. In most organization, that is something that should be handled jointly by the DBA and network teams. In my last organization for instance, we always collaborated on those issues together. The only time we couldn't come to an agreement we brought it to our mutual boss to make the final call.
Apr 29, 2010 at 06:14 PM TimothyAWiseman
@Katie @Timothy - absolutely agree, thats why I mentioned your contact in the Net Admin team. You all need to work on the cross-over points.
Apr 29, 2010 at 06:16 PM Fatherjack ♦♦
(comments are locked)
10|1200 characters needed characters left

Grant and Matt have covered most of the topic - its as secure as any other port on your network so use your connections in the Network Admin team to make sure the firewall is clamped down to only allow traffic you decide should get to the IP address/port combination you elect to use.

Given that 1433 is the default port it is the one that probably gets the most attention from intruders, certainly its widely known to have a SQL server on it more often than not. You can alter the port number just to add a little layer of misdirection to the proceedings but in all honesty with the software available to scan for SQL Server traffic it wont slow down anyone a great deal if they are intent on making attacks.

more ▼

answered Apr 29, 2010 at 04:50 PM

Fatherjack gravatar image

Fatherjack ♦♦
42.7k 75 79 108

Thank you Fatherjack!
Apr 29, 2010 at 05:16 PM Katie 1
+1 (to you and grant actually) - I used to have a great relationship with the network admin where I used to work, we'd thrash everything out - sometimes gettting quite heated in the process - but we always arrived at a solution thay we were both happy with then went out for a drink! Collaboration ftmfw
Apr 29, 2010 at 06:43 PM Matt Whitfield ♦♦
(comments are locked)
10|1200 characters needed characters left
Your answer
toggle preview:

Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

New code box

There's a new way to format code on the site - the red speech bubble logo will automatically format T-SQL for you. The original code box is still there for XML, etc. More details here.

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

SQL Server Central

Need long-form SQL discussion? SQLserverCentral.com is the place.

Topics:

x1841
x162
x126
x26

asked: Apr 29, 2010 at 04:00 PM

Seen: 8081 times

Last Updated: Apr 29, 2010 at 05:20 PM