IS THE PORT 1433 A SECURE PORT

Hello,

is the port 1433 default port for a secure port.. and are the passwords that move back and forth between the application and the database are encrypted?

If not, and somebody advice how is it done? what are the practices?

asked Apr 29 '10 at 04:00 PM in Default

Katie 1
1.4k ● 110 ● 161 ● 202

(comments are locked)

3 answers:

SQL Server uses a protocol called TDS, ~~and this has had encrypted passwords~~ and this has had support for encrypted passwords for NT authentication sent over the wire since version 7.0, which was the version used with SQL Server 7.

As for 'is it a secure port'? No port is inherently secure - it's made secure by your restrictions on access to it, through configuration of your network.

answered Apr 29 '10 at 04:16 PM

Matt Whitfield ♦♦
29.2k ● 56 ● 63 ● 87

Nuts. Watching the blue bar appear. I had to finish anyway.

Apr 29 '10 at 04:22 PM Grant Fritchey ♦♦

Passwords are not encrypted, you can sniff them with Wireshark when the client connects. TDS will send a specific login packet with the login/password visible. You would need to set up IPSec or use an encrypted connection as Grant suggests

Apr 30 '10 at 12:43 AM Scot Hauder

@Scot - sorry - I've just seen I missed a whole bit out of that! Lame...

Apr 30 '10 at 03:40 AM Matt Whitfield ♦♦

(comments are locked)

Is it a secure port by default? That depends on your firewall, not SQL Server. However, SQL Server can use an encrypted connection, but I don't think it's the default Here's a link to a security document from Microsoft that can fill in some of the details..

answered Apr 29 '10 at 04:21 PM

Grant Fritchey ♦♦
64.9k ● 13 ● 20 ● 66

Grant and Matt, actually to tell you where i was going with this question was.. would it fall into the DBA's lap or the network admin's lap as to configure this part. I am not sure.. how would a DBA contribute from her/his side to make the whole interaction over the network as secure as possible.

Apr 29 '10 at 04:49 PM Katie 1

@Katie, whether it would fall to the DBA or the network admin is a decision that is made on an organization by organization basis. In most organization, that is something that should be handled jointly by the DBA and network teams. In my last organization for instance, we always collaborated on those issues together. The only time we couldn't come to an agreement we brought it to our mutual boss to make the final call.

Apr 29 '10 at 06:14 PM TimothyAWiseman

@Katie @Timothy - absolutely agree, thats why I mentioned your contact in the Net Admin team. You all need to work on the cross-over points.

Apr 29 '10 at 06:16 PM Fatherjack ♦♦

(comments are locked)

Grant and Matt have covered most of the topic - its as secure as any other port on your network so use your connections in the Network Admin team to make sure the firewall is clamped down to only allow traffic you decide should get to the IP address/port combination you elect to use.

Given that 1433 is the default port it is the one that probably gets the most attention from intruders, certainly its widely known to have a SQL server on it more often than not. You can alter the port number just to add a little layer of misdirection to the proceedings but in all honesty with the software available to scan for SQL Server traffic it wont slow down anyone a great deal if they are intent on making attacks.

answered Apr 29 '10 at 04:50 PM

Fatherjack ♦♦
38.8k ● 57 ● 73 ● 104

Thank you Fatherjack!

Apr 29 '10 at 05:16 PM Katie 1

+1 (to you and grant actually) - I used to have a great relationship with the network admin where I used to work, we'd thrash everything out - sometimes gettting quite heated in the process - but we always arrived at a solution thay we were both happy with then went out for a drink! Collaboration ftmfw

Apr 29 '10 at 06:43 PM Matt Whitfield ♦♦

(comments are locked)