Is it still best practice to avoid using the default ports for SQL Server?
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;
up vote
2
down vote
favorite
Historically, it has been recommended not to use the default ports for connections to SQL Server, as part of security best practice. On a server with a single, default instance, the following ports would be used by default:
- SQL Server service - Port 1433 (TCP)
- SQL Server Browser service - Port 1434 (UDP)
- Dedicated Admin Connection - Port 1434 (TCP)
QUESTIONS:
- Is this advice still relevant?
- Should ALL of the above ports be changed?
sql-server security best-practices dynamic-ports
add a comment |Â
up vote
2
down vote
favorite
Historically, it has been recommended not to use the default ports for connections to SQL Server, as part of security best practice. On a server with a single, default instance, the following ports would be used by default:
- SQL Server service - Port 1433 (TCP)
- SQL Server Browser service - Port 1434 (UDP)
- Dedicated Admin Connection - Port 1434 (TCP)
QUESTIONS:
- Is this advice still relevant?
- Should ALL of the above ports be changed?
sql-server security best-practices dynamic-ports
Maybe this post can help you dba.stackexchange.com/questions/213810/â¦
â Eleonora Grigoryan
19 mins ago
1
I think it is still recognised as a good idea, but the reality is this just slows down an attack more than prevents it. A port scanner is quickly going to find the ones it needs. Changing the port simply disassociates the application with that default port number, which means any hacker needs to do a little more work to figure out which application is listening on any port.
â DimUser
19 mins ago
add a comment |Â
up vote
2
down vote
favorite
up vote
2
down vote
favorite
Historically, it has been recommended not to use the default ports for connections to SQL Server, as part of security best practice. On a server with a single, default instance, the following ports would be used by default:
- SQL Server service - Port 1433 (TCP)
- SQL Server Browser service - Port 1434 (UDP)
- Dedicated Admin Connection - Port 1434 (TCP)
QUESTIONS:
- Is this advice still relevant?
- Should ALL of the above ports be changed?
sql-server security best-practices dynamic-ports
Historically, it has been recommended not to use the default ports for connections to SQL Server, as part of security best practice. On a server with a single, default instance, the following ports would be used by default:
- SQL Server service - Port 1433 (TCP)
- SQL Server Browser service - Port 1434 (UDP)
- Dedicated Admin Connection - Port 1434 (TCP)
QUESTIONS:
- Is this advice still relevant?
- Should ALL of the above ports be changed?
sql-server security best-practices dynamic-ports
sql-server security best-practices dynamic-ports
edited 24 mins ago
MDCCL
6,36731740
6,36731740
asked 26 mins ago
James D
404
404
Maybe this post can help you dba.stackexchange.com/questions/213810/â¦
â Eleonora Grigoryan
19 mins ago
1
I think it is still recognised as a good idea, but the reality is this just slows down an attack more than prevents it. A port scanner is quickly going to find the ones it needs. Changing the port simply disassociates the application with that default port number, which means any hacker needs to do a little more work to figure out which application is listening on any port.
â DimUser
19 mins ago
add a comment |Â
Maybe this post can help you dba.stackexchange.com/questions/213810/â¦
â Eleonora Grigoryan
19 mins ago
1
I think it is still recognised as a good idea, but the reality is this just slows down an attack more than prevents it. A port scanner is quickly going to find the ones it needs. Changing the port simply disassociates the application with that default port number, which means any hacker needs to do a little more work to figure out which application is listening on any port.
â DimUser
19 mins ago
Maybe this post can help you dba.stackexchange.com/questions/213810/â¦
â Eleonora Grigoryan
19 mins ago
Maybe this post can help you dba.stackexchange.com/questions/213810/â¦
â Eleonora Grigoryan
19 mins ago
1
1
I think it is still recognised as a good idea, but the reality is this just slows down an attack more than prevents it. A port scanner is quickly going to find the ones it needs. Changing the port simply disassociates the application with that default port number, which means any hacker needs to do a little more work to figure out which application is listening on any port.
â DimUser
19 mins ago
I think it is still recognised as a good idea, but the reality is this just slows down an attack more than prevents it. A port scanner is quickly going to find the ones it needs. Changing the port simply disassociates the application with that default port number, which means any hacker needs to do a little more work to figure out which application is listening on any port.
â DimUser
19 mins ago
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
6
down vote
Historically, it has been recommended not to use the default ports for connections to SQL Server, as part of security best practice.
Which was asinine then and still asinine now. Security through arguably obscurity isn't security at all.
Is this advice still relevant
IMHO it was never relevant. It was required for some compliance purposes because the people drafting up those compliances did not understand what they were doing, again, IMHO.
Should ALL of the above ports be changed?
I wouldn't change any.
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
6
down vote
Historically, it has been recommended not to use the default ports for connections to SQL Server, as part of security best practice.
Which was asinine then and still asinine now. Security through arguably obscurity isn't security at all.
Is this advice still relevant
IMHO it was never relevant. It was required for some compliance purposes because the people drafting up those compliances did not understand what they were doing, again, IMHO.
Should ALL of the above ports be changed?
I wouldn't change any.
add a comment |Â
up vote
6
down vote
Historically, it has been recommended not to use the default ports for connections to SQL Server, as part of security best practice.
Which was asinine then and still asinine now. Security through arguably obscurity isn't security at all.
Is this advice still relevant
IMHO it was never relevant. It was required for some compliance purposes because the people drafting up those compliances did not understand what they were doing, again, IMHO.
Should ALL of the above ports be changed?
I wouldn't change any.
add a comment |Â
up vote
6
down vote
up vote
6
down vote
Historically, it has been recommended not to use the default ports for connections to SQL Server, as part of security best practice.
Which was asinine then and still asinine now. Security through arguably obscurity isn't security at all.
Is this advice still relevant
IMHO it was never relevant. It was required for some compliance purposes because the people drafting up those compliances did not understand what they were doing, again, IMHO.
Should ALL of the above ports be changed?
I wouldn't change any.
Historically, it has been recommended not to use the default ports for connections to SQL Server, as part of security best practice.
Which was asinine then and still asinine now. Security through arguably obscurity isn't security at all.
Is this advice still relevant
IMHO it was never relevant. It was required for some compliance purposes because the people drafting up those compliances did not understand what they were doing, again, IMHO.
Should ALL of the above ports be changed?
I wouldn't change any.
answered 19 mins ago
Sean Gallardy
13.7k11944
13.7k11944
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fdba.stackexchange.com%2fquestions%2f220270%2fis-it-still-best-practice-to-avoid-using-the-default-ports-for-sql-server%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Maybe this post can help you dba.stackexchange.com/questions/213810/â¦
â Eleonora Grigoryan
19 mins ago
1
I think it is still recognised as a good idea, but the reality is this just slows down an attack more than prevents it. A port scanner is quickly going to find the ones it needs. Changing the port simply disassociates the application with that default port number, which means any hacker needs to do a little more work to figure out which application is listening on any port.
â DimUser
19 mins ago