SQL security: Disable Internet access to port 1433

If not. We strongly recommend that you disable port 1433. Therefore, 90% of hackers use the database to escalate permissions to the administrator account and password.

1. Create IP filters and filters

1. "Start"-> "program"-> "Management Tools"-> "Local Security Policy ". Microsoft recommends that you use a local security policy to set IPsec, because the local security policy is only applied to the local computer, and ipsec is usually customized for a computer.

2. Right-click "Ip Security Policy, on the local machine", and select "manage IP Filter table and filter operation" to start the "manage IP Filter table and filter operation" dialog box. We must first create an IP Filter and related operations to establish a corresponding IPsec Security Policy.

3. In "manage IP Filter table", click "add" to create a new IP Filter:
1) Fill in the appropriate name in the displayed IP Filter List dialog box. Here we will use "tcp1433", enter the description casually. Click "add" on the right to start the IP Filter wizard.
2) skip the welcome dialog box and click Next.
3) on the IP Address Source Page, select "any IP Address" as the source address, because we want to block incoming access. Next step.
4) on the IP communication target page, select "my IP Address" as the target address ". Next step.
5) on the IP protocol type page, select "TCP ". Next step.
6) on the IP protocol port page, select "to this port" and set it to "1433. Next step.
7) complete. Close the IP Filter List dialog box. The tcp1433IP filter is displayed in the IP Filter list.

4. Select the "manage Filter Operations" tab to create a denial operation:
1) Click "add" to start the "filter operation wizard", skip the welcome page, and next step.
2) on the filter operation name page, enter a name and enter "reject" here ". Next step.
3) on the general options page of the filter operation, set the action to "Block ". Next step.
4) complete.

5. Close the "manage IP Filter tables and Filter Operations" dialog box.

2. Create an IP Security Policy

1. Right-click "Ip Security Policy, on the local machine", and select "create IP Security Policy" to start the IP Security Policy wizard. Skip the welcome page and next step.

2. on the IP Security Policy Name page, enter the appropriate IP Security Policy Name. Here we can enter "deny access to port tcp1433". The description can be left blank. Next step.

3. On the secure communication requirements page, do not select "Activate default response rules ". Next step.

4. On the completion page, select "Edit attributes ". Complete.

5. In the "deny access to port tcp1433" dialog box

. First, set the rule:
1) Click the Add button below to start the security rule wizard. Skip the welcome page and next step.
2) on the tunnel endpoint page, select the default "this rule does not specify a tunnel ". Next step.
3) on the network type page, select "all network connections" by default ". Next step.
4) on the authentication method page, select the default "windows 2000 default (Kerberos V5 protocol )". Next step.
5) on the IP Filter list page, select the "tcp1433" filter we just created. Next step.
6) on the filter operation page, select the "reject" operation we just created. Next step.
7) on the completion page, do not select "Edit attribute". OK.

6. Close the "deny access to port tcp1433" dialog box.

Iii. Assigning and applying IPsec security policies

1. By default, no IPsec Security Policy is assigned. First, we need to assign the new security policy. In the Local Security Policy MMC, right-click the created security policy "deny access to port tcp1433" security policy, and select "Assign ".