Hiding SQL Server

Windows servers "announce" their presence on local networks via NetBIOS by default, so any other computer configured with a domain browser (essentially the Computer Browser service) can see a server without knowing its IP address. If you're running SQL Server in an environment where you don't want people stumbling across the server and trying to access it, you should hide SQL Server as a precaution.

You have basically two options for hiding an instance of SQL Server from network discovery:

The NET CONFIG SERVER command removes the entire computer from the network browser list, not just an instance of SQL Server on that computer. If you type NET CONFIG SERVER /HIDDEN:YES at the command line for the server in question, the server will stop broadcasting announcements into the domain and it will eventually disappear from the Network Neighborhood of other computers in the domain. This is a good preventative measure if a SQL Server machine lives in a hosting center where it shares a network segment with other computers and you don't want it to advertise its presence to others. [Note: It will still be directly accessible if you know its TCP/IP address or its NetBIOS machine name.]

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT SQL Server Management A first look at Microsoft SQL Server 2008 R2 Maintaining high availability of SQL Server virtual machines Creating fault-tolerant SQL Server installations Using Microsoft Hyper-V for SQL Server consolidation Scaling up vs. scaling out with SQL Server 2008 Migrating to SQL Server 2008 and leveraging new features Testing a SQL Server environment before an upgrade Does upgrading to SQL Server 2008 fit your business? Meeting business needs with SQL Server full-text search Using dynamic management views to improve SQL Server index effectiveness SQL Server Security The keys to database backup protection for SQL Server Understanding transparent data encryption in SQL Server 2008 The fine line between not encrypting your databases and breach notification Securing SQL Server with access control, login monitoring and DDL triggers SQL Server security: Controlling access via database roles Implementing security audit in SQL Server 2008 New security features in SQL Server 2008 leave some work for you Can I encrypt and restore a database backup in SQL Server 2005? FAQ: How to troubleshoot and grant SQL Server permissions Secure SQL Server from SQL injection attacks

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary data corruption  (SearchSQLServer.com) data hiding  (SearchSQLServer.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

The second approach works only if SQL Server is accessed via TCP/IP (it will not work for named pipes). If you run the SQL Server Network Utility, place TCP/IP in the "Enabled Protocols" list and click Properties. The pane that comes up will feature a checkbox labeled "Hide server." When that option is enabled, SQL Server will no longer respond to attempts to enumerate its presence via TCP/IP. This means, for instance, that if you run the Query Analyzer, the server name will not appear in the drop-down list of available servers.

One drawback to hiding SQL Server in TCP/IP involves running multiple instances of SQL Server on the same computer. The first instance to be brought online will bind to port 2433 (SQL Server's default listening port); the others will not be able to bind a port and will log an error.

About the author: Serdar Yegulalp is the editor of the Windows 2000 Power Users Newsletter. Check out his Windows 2000 blog for his latest advice and musings on the world of Windows network administrators – please share your thoughts as well!

More information from SearchSQLServer.com