Improving Web Application Security: Threats and - CGISecurity

Chapter 18: Securing Your Database Server 523Configure the Firewall to Support DTC Traffic (if necessary)If your applications use Enterprise Services (COM+) transactions and require theservices of the DTC, you may have to specifically configure the firewall that separatesyour Web application and database server to allow DTC traffic between separate DTCinstances and between the DTC and SQL Server.For more information about opening ports for the DTC, see Microsoft KnowledgeBase article 250367, “INFO: Configuring Microsoft Distributed TransactionCoordinator (DTC) to Work Through a Firewall.”Additional ConsiderationsConsider using the Hide Server option from the Server Network Utility as shown inFigure 18.4. If you select this option in the TCP/IP properties dialog box in the SQLNetwork Utility, SQL Server is reconfigured to listen on port 2433. It also disablesresponses to broadcast requests from clients that try to enumerate SQL Serverinstances.This measure cannot be relied upon to completely hide the SQL Server port. This isnot possible because there are a variety of ways to enumerate ports to discover itslocation.Note This option can be used only if you have a single instance of SQL Server. For moreinformation, see Microsoft Knowledge Base article 308091, “BUG: Hide Server Option Cannot BeUsed on Multiple Instances of SQL Server 2000.”Figure 18.4Setting the Hide Server option from the Server Network UtilityStep 8. RegistryWhen you install SQL Server, it creates a number of registry entries and subentriesthat maintain vital system configuration settings. It is important to secure thesesettings to prevent an attacker from changing them to compromise the security ofyour SQL Server installation.