By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,825 Members | 1,685 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,825 IT Pros & Developers. It's quick & easy.

Reference for Security Nazi's

P: n/a
Does anyone know of a quick reference I could provide to the it security
folks at my work that outlines what file extensions, ports, and dll's sql
server uses? They've gone hog wild with 'security' software here to the
point that they invariably end up shutting down one behavior or another
within SQL each time they do a 'security upgrade'. Grrrr.

TW
Jul 23 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
Since no one replied, and for the sake of the group, I'll post what I've
come up *so far* as far as necessary ports, file extensions, etc that SQL
needs ....

PORTS:
1433

PROTOCOLS:
smtp

FILE EXTENSIONS:
..mdf
..ldf
..bak
..sql
..csv
..rpt

....I'll update as I come up with more

--TW

"Tech Witch" <te********@gmail.NOSPAM.com> wrote in message
news:Q_*****************@newssvr30.news.prodigy.co m...
Does anyone know of a quick reference I could provide to the it security
folks at my work that outlines what file extensions, ports, and dll's sql
server uses? They've gone hog wild with 'security' software here to the
point that they invariably end up shutting down one behavior or another
within SQL each time they do a 'security upgrade'. Grrrr.

TW

Jul 23 '05 #2

P: n/a
Hi

In some ways your security guys should be telling you what they want to do
and what effect it should have. You should change from the standard ports,
SMTP is not needed as a default. Not sure why file extensions are needed,
you should avoid virus checking the database files, None of the extension
you mention contain executable code, restricted access to programs and
directories should be implemented, and non-essential ones removed.

The is alot of information on http://www.sqlsecurity.com
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=22
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=24

http://www.microsoft.com/security/gu...SQLServer.mspx
http://www.microsoft.com/technet/pro.../sp3sec04.mspx
http://www.microsoft.com/technet/sec.../mbsahome.mspx
http://www.microsoft.com/downloads/d...displaylang=en

You should be working with the security guys, they may have already saved
your skin.

John

"Tech Witch" <te********@gmail.NOSPAM.com> wrote in message
news:Sk****************@newssvr12.news.prodigy.com ...
Since no one replied, and for the sake of the group, I'll post what I've
come up *so far* as far as necessary ports, file extensions, etc that SQL
needs ....

PORTS:
1433

PROTOCOLS:
smtp

FILE EXTENSIONS:
.mdf
.ldf
.bak
.sql
.csv
.rpt

...I'll update as I come up with more

--TW

"Tech Witch" <te********@gmail.NOSPAM.com> wrote in message
news:Q_*****************@newssvr30.news.prodigy.co m...
Does anyone know of a quick reference I could provide to the it security
folks at my work that outlines what file extensions, ports, and dll's sql
server uses? They've gone hog wild with 'security' software here to the
point that they invariably end up shutting down one behavior or another
within SQL each time they do a 'security upgrade'. Grrrr.

TW


Jul 23 '05 #3

P: n/a
Thanks, John. I will check these links out. To give you a better idea of
what I'm up against, we had several incidents where our security folks
applied a series of patches that caused some undesirable effects like using
a resource-intensive application to perform virus scanning on files with
..BAK, .MDF, and .LDF extensions each time the files were written (some were
in the GIGs), then they disabled our SMTP ports on the servers with some
firewall software, causing our SQL alerts to stop being sent to DBA's (we
don't use SQL mail here). I'm getting tired of them not telling us what
they are changing and not testing the results of said actions, so I want to
come up with a list of necessary SQL functions & files for them to refer to
next time. Thanks again for your suggestions. I'll post an updated list
when I'm done.

TW

"John Bell" <jb************@hotmail.com> wrote in message
news:41**********************@news.easynet.co.uk.. .
In some ways your security guys should be telling you what they want to do
and what effect it should have. You should change from the standard ports,
SMTP is not needed as a default. Not sure why file extensions are needed,
you should avoid virus checking the database files, None of the extension
you mention contain executable code, restricted access to programs and
directories should be implemented, and non-essential ones removed.
<snip>
You should be working with the security guys, they may have already saved
your skin.

Jul 23 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.