MSDE Desktop Security
I have heard that it's generally a bad idea to run MS-SQL on a machine that's either has a real IP or is not behind a firewall, so I'm wondering if it's a bad idea to run the free MSDE Desktop (or ASP) server. Microsoft's website says that you can run MSDE as the database server for ASP.NET websites. However, I'm worried if I run it, I'll be compromising my machine.
If you're running the database for a website, it doesn't need to be open to the 'net - it only needs to be open to the process running the site. Even if it's on the same machine, you can firewall it so 1433 calls are only allowed from the local host.
I think there's a setup switch for MSDE to disable all network protocols.
Philo: I'm ashamed to say this, but blocking that port from the outside hadn't even occured to me. Thank you!
Being a pedant... blocking 1433 wouldn't be enough as this only block calls via the TCP/IP Socket NetLib, Named pipes is also enabled by default so you'd need to block SMB/NetBIOS/NetBT too - which would also stop you being able to share out files (which might not be a huge problem).
...and Slammer was exploiting port *1434* which is where SQL announces/confirms its presence.
Attention all firewall users:
Fog Creek Home