I realize that you can change the default instance from the default port of 1433, and equally you can make named instances use static ports as opposed to dynamic ports, but in general are named instances more secure than the default instance against external intruders?
Here's why I would think that's the case:
- Named instances are (again, by default I realize) utilizing dynamic ports. If you move the SQL Browser service to listen on a different port than 1434 then that would be even better, I imagine.
- A default instance is pretty easy to figure out as the data source. It's just the server's name. But the named instance is an extra step to retrieving the data source with the serverName\instanceName schema.
What are some thoughts on this? Am I way out in left field and it makes no difference?
-
I can't imagine the default instance is "more secure" altho, it may be more readily accessible. But most installs I've seen personally assume a friendly intranet, so are easily browsable with the default SSMS tooling.jcolebrand– jcolebrand ♦2011年11月17日 05:06:14 +00:00Commented Nov 17, 2011 at 5:06
1 Answer 1
Not really.
The SQL Browser service is always port 1434: can't be changed. So you need to know the port first before you disable (can't resolve it). Clients then have to know the port which can be packet sniffed.
You can make any SQL Server more secure my enforcing SSL encryption, reducing Surface area, network zoning, proper Group Policy and SQL Server security etc. But not by using Named Instances