| Author |
 Topic  |
|
|
denis_the_thief
Constraint Violating Yak Guru
Canada
464 Posts |
 Posted - 08/02/2012 : 08:48:01
|
I am looking for any advice on wether the Firewall should be on and Anti-Virus installed on the Server where SQL Server is running?
Could the rationale for leaving these off be for performance or that people don't normally surf the web on the Server? |
|
|
tkizer
Almighty SQL Goddess
USA
35007 Posts |
|
|
jackv
Flowing Fount of Yak Knowledge
United Kingdom
1769 Posts |
Posted - 08/03/2012 : 01:52:45
|
I keep the SQL Servers configured on the ports either then 1433.
Speak to your administrators about whether they a firewall at a different level , such as DataPower
Jack Vamvas
--------------------
http://www.sqlserver-dba.com |
 |
|
|
sql-lover
Yak Posting Veteran
54 Posts |
Posted - 08/04/2012 : 00:06:37
|
I was a Windows Admin 1st and then that introduced me to the database world. I've never used built in firewall on my systems. It is better to use a dedicated router or hardware firewall and put that "in front" of the SQL server's network. Using a hardware router or firewall for that purpose is not only more flexible but also faster and better for the server itself. Your server won't be using additional services or resources for that.
Now, which port or ports, besides the one you use for SQL depends of what your company uses or needs; check your network department on that. But one piece of advice, try to change de default SQL port; it makes more difficult (not impossible) for a hacker or worn to break your systems.
It is useful to have Internet access on a SQL server though (patches, hotfixes, etc), but restrict browser's usage to a max. That way, you will reduce the chances to accidentally download or introduce viruses into your system ot network. A workaround, if you don't want to give Internet access is using one machine in that network as a "jump" server; allow access to that one only and from there you move stuff in and out of your SQL boxes. Be sure that machine is still behind the firewall, well patched and secure though or it will be your single point of failure in terms of security and network access from outside.
In terms of the AV program and like Tara and other said, they are a most. But it must be configured to skip data folders. Scanning the actual mdf and ldf files has no advantage but creating unnecessary disk IO and affecting performance.
|
Edited by - sql-lover on 08/04/2012 00:12:19 |
|
|
|
denis_the_thief
Constraint Violating Yak Guru
Canada
464 Posts |
Posted - 08/07/2012 : 13:17:40
|
| Thanks everyone. |
|
|
| |
Topic |
|
Security on SQL Server server - Firewall and Antiv
