Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
J4CKO
Starting Member
7 Posts |
 Posted - 2012-02-24 : 10:48:36
|
| Hi, just setting up some servers and trying to do the network side so it is as secure as possible with named instances, static ports, browser turned off and whatever else. This is for a Microsoft Dynamics deployment.Was looking in config manager and there is obviously the Native Client and the 32 bit version, my thinking is that I can disable all the protocols as techincally this server should not be contacting anything through the native client, it being client software and this being a server ?I may be being spectacularly dumb here but I can connect as normal from my remote laptop to this server and interact with the databases via TCP/IP, what would the client be needed for locally other than making connections to other databases ? |
|
|
J4CKO
Starting Member
7 Posts |
Posted - 2012-02-27 : 05:12:55
|
| Anyone got a view on this ? |
 |
|
|
russell
Pyro-ma-ni-yak
5072 Posts |
Posted - 2012-02-27 : 14:36:10
|
| If you're only connecting via TCP/IP then you can safely disable Shared Memory, Named Pipes and VIA (which is disabled by default). |
|
|
|
J4CKO
Starting Member
7 Posts |
Posted - 2012-02-28 : 06:50:02
|
| Cheers but was thinking more whether I need the Native client protocols enabled rather than those for the instance. |
|
|
|
russell
Pyro-ma-ni-yak
5072 Posts |
Posted - 2012-02-28 : 13:15:46
|
| I wouldn't do that. I don't actually know for sure, but I think you're going to need it enabled for some things like sqlcmd, ssis, mirroring etc. Of course you can disable and test.By the way, you aren't really securing it any by disabling protocols this way. Don't give anyone more priveleges than they need and don't give anyone physical access to the servers that don't need it. |
|
|
|
J4CKO
Starting Member
7 Posts |
Posted - 2012-02-29 : 05:08:04
|
| Cheers Russell, this part of the design is kind of passive security, making things difficult for the nosey, the environment will be firewalled, access tied down and the like. My thinking is that running a named instance, on a static port with no browser running, with only tc/pip available limits the routes in, someone would need to know the server name, instance and port to even make a connection, assuming they had an account. Switching Shared Memory off will mean that these details need to be supplied even on the box to connect to the db. Will test everythign and make sure nothign we need has stopped working. |
|
|
|
|
|
|
|
|
SQL Server Native client - on a server ?