Is it still best practice to avoid using the default ports for SQL Server?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;







up vote
2
down vote

favorite












Historically, it has been recommended not to use the default ports for connections to SQL Server, as part of security best practice. On a server with a single, default instance, the following ports would be used by default:



  • SQL Server service - Port 1433 (TCP)

  • SQL Server Browser service - Port 1434 (UDP)

  • Dedicated Admin Connection - Port 1434 (TCP)

QUESTIONS:



  • Is this advice still relevant?

  • Should ALL of the above ports be changed?









share|improve this question























  • Maybe this post can help you dba.stackexchange.com/questions/213810/…
    – Eleonora Grigoryan
    19 mins ago






  • 1




    I think it is still recognised as a good idea, but the reality is this just slows down an attack more than prevents it. A port scanner is quickly going to find the ones it needs. Changing the port simply disassociates the application with that default port number, which means any hacker needs to do a little more work to figure out which application is listening on any port.
    – DimUser
    19 mins ago

















up vote
2
down vote

favorite












Historically, it has been recommended not to use the default ports for connections to SQL Server, as part of security best practice. On a server with a single, default instance, the following ports would be used by default:



  • SQL Server service - Port 1433 (TCP)

  • SQL Server Browser service - Port 1434 (UDP)

  • Dedicated Admin Connection - Port 1434 (TCP)

QUESTIONS:



  • Is this advice still relevant?

  • Should ALL of the above ports be changed?









share|improve this question























  • Maybe this post can help you dba.stackexchange.com/questions/213810/…
    – Eleonora Grigoryan
    19 mins ago






  • 1




    I think it is still recognised as a good idea, but the reality is this just slows down an attack more than prevents it. A port scanner is quickly going to find the ones it needs. Changing the port simply disassociates the application with that default port number, which means any hacker needs to do a little more work to figure out which application is listening on any port.
    – DimUser
    19 mins ago













up vote
2
down vote

favorite









up vote
2
down vote

favorite











Historically, it has been recommended not to use the default ports for connections to SQL Server, as part of security best practice. On a server with a single, default instance, the following ports would be used by default:



  • SQL Server service - Port 1433 (TCP)

  • SQL Server Browser service - Port 1434 (UDP)

  • Dedicated Admin Connection - Port 1434 (TCP)

QUESTIONS:



  • Is this advice still relevant?

  • Should ALL of the above ports be changed?









share|improve this question















Historically, it has been recommended not to use the default ports for connections to SQL Server, as part of security best practice. On a server with a single, default instance, the following ports would be used by default:



  • SQL Server service - Port 1433 (TCP)

  • SQL Server Browser service - Port 1434 (UDP)

  • Dedicated Admin Connection - Port 1434 (TCP)

QUESTIONS:



  • Is this advice still relevant?

  • Should ALL of the above ports be changed?






sql-server security best-practices dynamic-ports






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 24 mins ago









MDCCL

6,36731740




6,36731740










asked 26 mins ago









James D

404




404











  • Maybe this post can help you dba.stackexchange.com/questions/213810/…
    – Eleonora Grigoryan
    19 mins ago






  • 1




    I think it is still recognised as a good idea, but the reality is this just slows down an attack more than prevents it. A port scanner is quickly going to find the ones it needs. Changing the port simply disassociates the application with that default port number, which means any hacker needs to do a little more work to figure out which application is listening on any port.
    – DimUser
    19 mins ago

















  • Maybe this post can help you dba.stackexchange.com/questions/213810/…
    – Eleonora Grigoryan
    19 mins ago






  • 1




    I think it is still recognised as a good idea, but the reality is this just slows down an attack more than prevents it. A port scanner is quickly going to find the ones it needs. Changing the port simply disassociates the application with that default port number, which means any hacker needs to do a little more work to figure out which application is listening on any port.
    – DimUser
    19 mins ago
















Maybe this post can help you dba.stackexchange.com/questions/213810/…
– Eleonora Grigoryan
19 mins ago




Maybe this post can help you dba.stackexchange.com/questions/213810/…
– Eleonora Grigoryan
19 mins ago




1




1




I think it is still recognised as a good idea, but the reality is this just slows down an attack more than prevents it. A port scanner is quickly going to find the ones it needs. Changing the port simply disassociates the application with that default port number, which means any hacker needs to do a little more work to figure out which application is listening on any port.
– DimUser
19 mins ago





I think it is still recognised as a good idea, but the reality is this just slows down an attack more than prevents it. A port scanner is quickly going to find the ones it needs. Changing the port simply disassociates the application with that default port number, which means any hacker needs to do a little more work to figure out which application is listening on any port.
– DimUser
19 mins ago











1 Answer
1






active

oldest

votes

















up vote
6
down vote














Historically, it has been recommended not to use the default ports for connections to SQL Server, as part of security best practice.




Which was asinine then and still asinine now. Security through arguably obscurity isn't security at all.




Is this advice still relevant




IMHO it was never relevant. It was required for some compliance purposes because the people drafting up those compliances did not understand what they were doing, again, IMHO.




Should ALL of the above ports be changed?




I wouldn't change any.






share|improve this answer




















    Your Answer







    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "182"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fdba.stackexchange.com%2fquestions%2f220270%2fis-it-still-best-practice-to-avoid-using-the-default-ports-for-sql-server%23new-answer', 'question_page');

    );

    Post as a guest






























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    6
    down vote














    Historically, it has been recommended not to use the default ports for connections to SQL Server, as part of security best practice.




    Which was asinine then and still asinine now. Security through arguably obscurity isn't security at all.




    Is this advice still relevant




    IMHO it was never relevant. It was required for some compliance purposes because the people drafting up those compliances did not understand what they were doing, again, IMHO.




    Should ALL of the above ports be changed?




    I wouldn't change any.






    share|improve this answer
























      up vote
      6
      down vote














      Historically, it has been recommended not to use the default ports for connections to SQL Server, as part of security best practice.




      Which was asinine then and still asinine now. Security through arguably obscurity isn't security at all.




      Is this advice still relevant




      IMHO it was never relevant. It was required for some compliance purposes because the people drafting up those compliances did not understand what they were doing, again, IMHO.




      Should ALL of the above ports be changed?




      I wouldn't change any.






      share|improve this answer






















        up vote
        6
        down vote










        up vote
        6
        down vote










        Historically, it has been recommended not to use the default ports for connections to SQL Server, as part of security best practice.




        Which was asinine then and still asinine now. Security through arguably obscurity isn't security at all.




        Is this advice still relevant




        IMHO it was never relevant. It was required for some compliance purposes because the people drafting up those compliances did not understand what they were doing, again, IMHO.




        Should ALL of the above ports be changed?




        I wouldn't change any.






        share|improve this answer













        Historically, it has been recommended not to use the default ports for connections to SQL Server, as part of security best practice.




        Which was asinine then and still asinine now. Security through arguably obscurity isn't security at all.




        Is this advice still relevant




        IMHO it was never relevant. It was required for some compliance purposes because the people drafting up those compliances did not understand what they were doing, again, IMHO.




        Should ALL of the above ports be changed?




        I wouldn't change any.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered 19 mins ago









        Sean Gallardy

        13.7k11944




        13.7k11944



























             

            draft saved


            draft discarded















































             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fdba.stackexchange.com%2fquestions%2f220270%2fis-it-still-best-practice-to-avoid-using-the-default-ports-for-sql-server%23new-answer', 'question_page');

            );

            Post as a guest













































































            Comments

            Popular posts from this blog

            What does second last employer means? [closed]

            Installing NextGIS Connect into QGIS 3?

            One-line joke