It is possible to make MSSQL not listen on TCP, and have everything work. There are at least 2 tools that come with MSSQL MSDE that help you do this.
In "c:\program files\microsoft sqlserver\80\tools\binn" 1) svrnetcn.exe 2) sqlmangr.exe svrnetcn.exe will let you enable and disable protocols for mssql. If you disable TCP/IP, and leave named pipes, IS 7.0 works great. You can then use sqlmangr.exe to turn on and off sql when you are not using it, or to restart sql after you make a change like the listed above. Hope this helps, David Sayre Los Alamos National Labs On Wednesday 15 October 2003 02:04 pm, Evans, Mark (Contractor) wrote: > We use IS in much the same way. We have delayed deploying IS 7.0 to several > hundred places and countless users because of the issues you mention. > Everyone doesn't need the robustness of SQL and MSDE has the same space > limitation as Access did. I was thinking of using the personal firewall to > block access to the SQL ports (1434/U and 1433/T) and leaving everything > else open. This way, I could track if anyone DID try connect attempts. > > Mark P. Evans > Northrop Grumman IT > Chambersburg, PA 17201 > > ** The opinions expressed here are my own and do not reflect upon my > company or the US Government ** > > -----Original Message----- > From: Bj�rn Fr�be [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 14, 2003 12:15 PM > To: [EMAIL PROTECTED] > Subject: [ISSForum] Securing Internet Scanner Host > > > Dear List, > > we use our Internet Scanner mainly for external Scans while directly > connected to the big bad internet. For me it would be interesting to hear > how other internet scanner users try to secure the scanning host. One bad > thing in IS 7.0 is the dependance on MSDE which I think must not be > directly connected to the net. It is possible to stop MSDE from listening > on 1433/tcp via disablenetworkprotocols=1 during installation but 1434/udp > is > nevertheless active. I thought about using ipsecpol for blacklisting > incoming connections to some services, 1434/udp should be no problem but > what about RPC (135/tcp) and the SMB/NetBIOS Ports? Does this interfere > with IS? Any hint would be welcome. > > Regards > Bjoern > > _______________________________________________ > ISSForum mailing list > [EMAIL PROTECTED] > > TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to > https://atla-mm1.iss.net/mailman/listinfo > > > > _______________________________________________ > ISSForum mailing list > [EMAIL PROTECTED] > > TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to > https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
