Community
Showing results for 
Search instead for 
Do you mean 
Reply

security threat 1433 34

Accepted Solution Solved
New Member
Posts: 3
Country: USA
Accepted Solution

security threat 1433 34

I am hosting an  instance of Act2012 premium for web on a 2008 r2 server with SQL 2008.

Upon a review of the event manager I am seeing constant logon failures multiple times / sec from sites around the world including china. They are trying to acces my sa account.

 

I need to harden this and, as far as I know the only reason the sa port is open is for SAGE ACT for web.

 

How can I harden this instance to close this access, can I assign act to access sql through different ports?

 

Is the sa login necessary to be open?

 

Thank you

 

E Hansen


Accepted Solutions
Solution
Accepted by topic author eliahoo
‎09-25-2015 03:20 AM
Nickel Contributor
Posts: 173
Country: Australia

Re: security threat 1433 34

Your understanding is wrong, you should NEVER open port 1433 or 1434 to the pulblic internet, this is a major security risk.

If you have your Web Server in your DMZ open 1433 and 1434 ONLY from your Web Server IP to your database server IP.

If you have a single server, you only need to allow port 80 or port 443 (SSL) to your Web Server from your public IP.

Note: SSL is highly recommended.
Travis Rosevear ACC for
Act Today Australia and New Zealand

View solution in original post


All Replies
Nickel Contributor
Posts: 173
Country: Australia

Re: security threat 1433 34

Put a firewall in place, and don't put your Database server in your DMZ, put it on another server inside your firewall and leave the web server in your DMZ
Travis Rosevear ACC for
Act Today Australia and New Zealand
New Member
Posts: 3
Country: USA

Re: security threat 1433 34

Sorry for the delay in responding.

 

This is a web server and it has a firewall, it is my understanding  Sage recommends that ports 1433 -34 be opened in the web server.

 

I am asking if it is necessary to leave these ports open for web access and or network synchronization  as this server does also serve as a parent to several rdbs.

 

Again, i am being hit many times /min with sa logon requests, an obvious effort to hack my system.

 

What should I do?

Solution
Accepted by topic author eliahoo
‎09-25-2015 03:20 AM
Nickel Contributor
Posts: 173
Country: Australia

Re: security threat 1433 34

Your understanding is wrong, you should NEVER open port 1433 or 1434 to the pulblic internet, this is a major security risk.

If you have your Web Server in your DMZ open 1433 and 1434 ONLY from your Web Server IP to your database server IP.

If you have a single server, you only need to allow port 80 or port 443 (SSL) to your Web Server from your public IP.

Note: SSL is highly recommended.
Travis Rosevear ACC for
Act Today Australia and New Zealand
New Member
Posts: 3
Country: USA

Re: security threat 1433 34

Thank you.

I was refering to knolegebase article: http://kb.sagesoftwareonline.com/app/answers/detail/a_id/19420/kw/firewall%20settings/session/L3RpbW...

which specifies opening these ports.

I have blocked them and do very much appreciate your feedback and reply.

Nickel Contributor
Posts: 173
Country: Australia

Re: security threat 1433 34

The article you refer to relates to how to set-up access to the database server on a LAN, you should have refered to this: http://kb.sagesoftwareonline.com/app/answers/detail/a_id/28128/kw/administration%20guide/session/L3R...
Travis Rosevear ACC for
Act Today Australia and New Zealand