Hello,
is the port 1433 default port for a secure port.. and are the passwords that move back and forth between the application and the database are encrypted?
If not, and somebody advice how is it done? what are the practices?
asked
IS THE PORT 1433 A SECURE PORT
SQL Server uses a protocol called TDS,
and this has had encrypted passwords
and this has had support for encrypted passwords for NT authentication sent over the wire since version 7.0, which was the version used with SQL Server 7.
As for 'is it a secure port'? No port is inherently secure - it's made secure by your restrictions on access to it, through configuration of your network.
Is it a secure port by default? That depends on your firewall, not SQL Server. However, SQL Server can use an encrypted connection, but I don't think it's the default Here's a link to a security document from Microsoft that can fill in some of the details..
@Katie, whether it would fall to the DBA or the network admin is a decision that is made on an organization by organization basis. In most organization, that is something that should be handled jointly by the DBA and network teams. In my last organization for instance, we always collaborated on those issues together. The only time we couldn't come to an agreement we brought it to our mutual boss to make the final call.
Grant and Matt, actually to tell you where i was going with this question was.. would it fall into the DBA's lap or the network admin's lap as to configure this part. I am not sure.. how would a DBA contribute from her/his side to make the whole interaction over the network as secure as possible.
Grant and Matt have covered most of the topic - its as secure as any other port on your network so use your connections in the Network Admin team to make sure the firewall is clamped down to only allow traffic you decide should get to the IP address/port combination you elect to use.
Given that 1433 is the default port it is the one that probably gets the most attention from intruders, certainly its widely known to have a SQL server on it more often than not. You can alter the port number just to add a little layer of misdirection to the proceedings but in all honesty with the software available to scan for SQL Server traffic it wont slow down anyone a great deal if they are intent on making attacks.
