How to restrict access to IP tutorials

Restrict IP access by configuring the local IP Security policy.

1. Run gpedit.msc, and then enter the local computer policy--windows settings-security Settings--ip Security Policy on the local computer.

2. Right-click IP Security Policy on local computer, select Manage IP filter table and filter actions, and go to the Manage IP filter table and Filter Actions dialog box.

3. Select the current tab for the Manage IP filter list, and click the "Add" button to enter the IP Filter List dialog box.

4. In the IP Filter List dialog box, the Name column can be filled in as "Any IP to local traffic", click "Add Button" to enter the IP Filter Properties dialog box.

5. In the IP Filter Properties dialog box, change the source address to "Any IP address", the destination address to "My IP address", and the protocol type to ' arbitrary '. Click the OK button to return to the ' IP Filter List ' dialog box.

6. Click the OK button again to return to the Manage IP filter table and Filter Actions dialog box.

In summary, we've created an IP filter called "Any IP to local traffic," which we can use to describe the operation of those communications to the operating system.

7. In accordance with the above 3--6 steps, to create an IP filter called client to local communication, the IP Filter Properties dialog box is configured to change the source address to "a specific IP address", which is the actual work decision, such as "192.168.0.30", and the destination address is changed to " My IP address, change the protocol type to "arbitrary".

8. In the Manage IP filter table and Filter Actions dialog box, select the Manage Filter Actions tab and click the Add button to enter the new Filter Action Properties dialog box

9. In the New Filter Action Properties dialog box, the Label page security method is configured to block, and in the label page General, the name one column is changed to full block.

10. Click the OK button and go back to the Manage IP filter table and Filter Actions dialog box.

11. Click Close and go back to Group Policy Editor

Summary, in the previous steps, we have created an IP filter action called full block, which we can use to describe to the operating system what we want to do with the selected traffic. In addition, the system has three IP filter actions, namely "Request Security", "Need Security", "license".

Below, is the specific procedure

10. Go back to Group Policy Editor (if all windows are turned off, you can run Gpedit.msc), and then go to the local computer policy--windows setting--Security Settings--ip Security Policy on the local computer

11. Right-click "IP Security Policy on local computer", select "Create IP Security Policy", and go to the "Create IP Security Policy Wizard" dialog box,

12. Click Next to change the IP Security policy name to ' service specific object policy ', all the way to the default click Next, encounter the point of "yes", and finally into the service-specific Object Policy Properties dialog box,

13. In the service-specific Object Policy Properties dialog box, click the Add button, go to the Security Rules Wizard dialog box, select "This rule does not specify a tunnel"--"all network Connections" and then click Next.

14. In the IP filter list, select the IP filter named "Any IP to local traffic," click Next,

15. Select the IP filter action named "Full block" in the list of filter actions.

Summary, the above we explicitly told the operating system, we want to comply with "Any IP to local communication" IP filter all communications, take the name of "full block" IP filter action.

16. Repeat the 13--15 step, select the IP filter named "Client to local traffic" in the IP filter list, and select the IP filter action named "License" in the list of filter actions.

In the final step, with all of the above, we have created an IP security policy called "Service-specific object policy",

Go back to Group Policy Editor (you can run gpedit.msc if the full window is turned off), and then go to the local computer policy--windows setting-security Settings--ip Security Policy on the local computer, right-click on the service-specific object policy and select Assign. So the strategy starts working.

For the security of your SQL Server servers, it is recommended that you replace your port 1433 with the following methods.

How to replace the 1433 port

(1) The SQL Server service uses two ports: TCP-1433, UDP-1434. 1433 is used for SQL Server services, and 1434 is used to return SQL Server to the requestor using that TCP/IP port.

You can use SQL Server's Enterprise Manager to change the default TCP port for SQL Server. The method is as follows:

1, open Enterprise Manager, then select the left side of the toolbar "microsoftsqlservers-sqlserver Group", Open the "SQL instance" (in the actual environment for the server name to be modified) of the Properties dialog box, click the "General" tab at the bottom of the Network configuration (N) button, you can open the SQL Server Network Use Tool dialog box.

2, in the "Enabled Protocols" list there is a TCP/IP protocol, in the properties of the default port options to be modified by entering the port number can be modified. There is also a hidden server that, if checked, indicates that the client is unable to see the server by enumerating the servers to protect it and does not affect the connection.

(2) The SQLAgent service uses the TCP-1625, TCP-1640 ports to provide services.

(3) SQL Query Analyzer, access 1433 via 1601 port, connecting to SQL Server