locked
what range TCP/IP Port should be give to default or named instance of sql server for security purpose to sql server ? RRS feed

  • Question

  • Hi

    i am following technet article for Configure SQL Server security for SharePoint 2013 environments

    https://technet.microsoft.com/en-us/library/ff607733?f=255&MSPPError=-2147217396

    i want to change default TCPIP port from 1433 to which ports to change is securable for sql server

    i mean in what range 

    for example can i change to 1500 or 2000 or 1450 etc .

    if i assign like these portnos it will not affect to other ports in windows server 2012?


    adil


    • Edited by adilahmed Thursday, April 23, 2015 8:31 PM
    Thursday, April 23, 2015 8:25 PM

Answers

  • I agree with Erland. (Always a good idea.) Changing the port doesn't help much to prevent attacks. If you decide to do that see Configure a Server to Listen on a Specific TCP Port (SQL Server Configuration Manager) http://msdn.microsoft.com/library/ms177440.aspx. Note "When selecting a port number, consult http://www.iana.org/assignments/port-numbers for a list of port numbers that are assigned to specific applications." It's important that you pick a number that isn't used by some other application. 

    Rick Byham, Microsoft, SQL Server Books Online, Implies no warranty

    • Marked as answer by adilahmed Friday, April 24, 2015 4:35 PM
    Friday, April 24, 2015 2:51 PM
  • You can use "netstat -a" from a command-line window to see what ports that currency are in use on the server.

    If you would happen to change to a port that is in use, that will not prevent SQL Server as in your other post. You will still be able to access SQL Server locally, but remote connections will not be possible.

    The enhancement in security of changing the port from 1433 to something else is miniscule. A port scanner will find the SQL Server instance with the wink of an eye.


    Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se
    • Proposed as answer by disssss Thursday, April 23, 2015 11:16 PM
    • Marked as answer by adilahmed Friday, April 24, 2015 4:35 PM
    Thursday, April 23, 2015 9:14 PM

All replies

  • You can use "netstat -a" from a command-line window to see what ports that currency are in use on the server.

    If you would happen to change to a port that is in use, that will not prevent SQL Server as in your other post. You will still be able to access SQL Server locally, but remote connections will not be possible.

    The enhancement in security of changing the port from 1433 to something else is miniscule. A port scanner will find the SQL Server instance with the wink of an eye.


    Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se
    • Proposed as answer by disssss Thursday, April 23, 2015 11:16 PM
    • Marked as answer by adilahmed Friday, April 24, 2015 4:35 PM
    Thursday, April 23, 2015 9:14 PM
  • so 

    this means its not necessary to change the default port?

    because we are deploying an internet sharepoint site using sql server backend


    adil

    Friday, April 24, 2015 11:42 AM
  • I agree with Erland. (Always a good idea.) Changing the port doesn't help much to prevent attacks. If you decide to do that see Configure a Server to Listen on a Specific TCP Port (SQL Server Configuration Manager) http://msdn.microsoft.com/library/ms177440.aspx. Note "When selecting a port number, consult http://www.iana.org/assignments/port-numbers for a list of port numbers that are assigned to specific applications." It's important that you pick a number that isn't used by some other application. 

    Rick Byham, Microsoft, SQL Server Books Online, Implies no warranty

    • Marked as answer by adilahmed Friday, April 24, 2015 4:35 PM
    Friday, April 24, 2015 2:51 PM