How to block all traffic but SQL Server

Archived from groups: microsoft.public.win2000.security (More info?)

We are installing a new server, and it is suppose to be used ONLY for SQL
SERVER 2000, how can I block all traffic and all ports and allow only the
ports used by SQL Server?
Norton Security is not working right, some time it blocks legit queries and
access to SQL Server.
Thanks, I have to choose our next firewall program and I dont know the best
for this job.

Archived from groups: microsoft.public.win2000.security (More info?)

On Sat, 04 Jun 2005 03:02:36 GMT, hug gozz <hhugg@hotmil.com> wrote:

>We are installing a new server, and it is suppose to be used ONLY for SQL
>SERVER 2000, how can I block all traffic and all ports and allow only the
>ports used by SQL Server?

Depends on whether or not this is behhind a firewall.

>Norton Security is not working right, some time it blocks legit queries and
>access to SQL Server.

You shouldn't use a wokstation or home security product on a server
anyway.

>Thanks, I have to choose our next firewall program and I dont know the best
>for this job.

Hardware firewall is best. If you use Server 2003 you have one built
in that does fine. Kerio seems to work okay on servers from what I've
tried. There is also a server version of Symantec's products, though
it isn't free.

Jeff

Archived from groups: microsoft.public.win2000.security (More info?)

As Roger said you can block everything except SQL
trivially with the built-in IPSec -- and it's built-into
every OS workstation or server since Win2000.

But the origianal question may not be precisely what
is desired if this is to be a domain machine and/or
use integrated security for accessing the data, allow
management tool access, or other resource management.

There are more ports to open but they can be open to
specific addresses.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

"humberto gonzalez" <hhugg@hotmil.com> wrote in message
news:1117940318.402bd878cf32f3c958a3dde75c47ed43@teranews...
> jeff.nospam@zina.com (Jeff Cochran) wrote in
> news:42a8ca08.925048812@msnews.microsoft.com:
>
> You are right, seems like I have to ask for Server 2003 upgrade, we have
> Windows Advanced Server 2000 with SP4 and SQL Server 2000 with SP3.
>
> Using Tiny Firewall, GFI Network Monitor and GFI LANGuard Security
Scanner.
> Doing pretty good, but still want to safer. I will be rewieing Keri to see
> what it has. Norton Security used at the beginning as we have no budget,
> but discarded almost the same day.
> Panda´s Server was to complicated, I spent too much time trying to figure
> everything up.
>
> Thanks for the answers.