This short tutorial will show you how to use tools already with Windows to better secure your SQL 2000 server.
(( PROCEED CAREFULLY ON YOUR OWN RISK, I'M NOT RESPONSIBLE FOR ANYTHING AS RESULT OF FOLLOWING THESE INSTRUCTIONS ))
Please note, it is generally recommended that you use Windows Authentication for SQL server, and not using the system account.
This tutorial is based on Windows 2003 Server, but should work with Windows 2000 as well:
1) Once you have successfully setup the SQL server and all is going good. You'll need now to prevent unauthorized outside access to the SQL login on port 1433. Unfortunately, if you change the port SQL runs on, you'll have to make changes to your DSNs and as well ColdFusion JDBC DSNs. So the best option if you do not have a firewall is to block unauthorized IP addresses from accessing these specific ports.
2) First step, click on START -> PROGRAMS -> ADMINISTRATIVE TOOLS -> LOCAL SECURITY POLICY
3) On the left side, click on IP security policy
4) list of items show on the right side ( Client , Secure Server, Server)
5) Click on 'ACTION' -> Create IP Security Policy
6) Go through the wizard, describe it : 'SQL Policies'
7) One page of the wizard will say 'Activate default response rule' make sure you UNCHECK that box
8) Once done, it will show you a box named 'SQL Policies Properties' with DEFAULT unchecked
9) Click on 'ADD' , and go through the wizard.
- Check No for tunneling
- Check All Network Connections
- Go to next until you reach the screen 'IP Filter List'
10) Click on 'ADD' in the IP FILTER LIST
11) For name type: BLOCKED SQL PORT
12) Click on 'ADD' again inside that box which will come up with the IP wizard
13) Continue next, the screen will show 'Source Address':
select ANY IP ADDRESS and hit next
14) Destination address: 'MY IP ADDRESS' and hit next
15) Select a protocol type: TCP , source port: ANY , destination port: 1433 (or whatever port you want to block)
16) Hit on OK, and OK until you get back to the screen that has:
'All ICMP Traffic' , 'All IP Traffic' , 'SQL FILTER LIST'
17) Hit on NEXT , it will now ask you what you want to do with this ruleset. There is PERMIT and other options.
If you have BLOCK in there, select it. If not, hit on ADD , name it BLOCK and go next , select BLOCK from the filter action menu and go next
18) Put a dot next to block instead of PERMIT and hit on OK
19) Hit OK, OK, OK.
20) Activate that rule set, by right click on it and choose 'ASSIGN'
NOTICE: If you are logged in remotely to Windows please be careful, as this may block you out if things were not setup correctly.
21) This will block all remote access to your machine, while keeping any internal IPs and localhost able to connect
22) The instructions are a bit hard to follow due to the many menus open, but once you try it couple of times, you'll get the hang of it. Proceed on your own risk and use common sense when doing the wizard.
23) If you want to enable specific remote IPs to connect to SQL, need to follow the steps above but select PERMIT instead of block.
This should stop SQL login attacks completely. You can also use this to block or permit any type of traffic from any IP , subnet, gateway
Advanced readings into IP Security Policy and command line interface:
Courtesy of mediumcube.com