MSSQL over the internet but we connect over RDP

Question

We connect throguh RDP to our ERP solution which uses MSSQL 2008, right now I can see on windows logs and SQL logs that we have a HUGE amount of connection attempts to sa user and results in slow connections to us, users.

Since we connect through RDP and both ERP and DB are on the same server, I think I can close SQL port to the internet, and that would stop direct attacks to the DB, but our IT consultant it's not sure about it. I think it's safe to say that the only ports needed to be open through internet are RDP ports, besides that all happens in a LAN enviroment.

Am I right or am I missing something?

Answer 1

Finally found the problem to those recurent connections and the issue had nothing to do with MSSQL being exposed to the inernet, because it was never opened to it in the first place. It turned out that there was another service in the VM that used the same port as our ERP license server hence launching a lot of failed connection attempts. Once this other service was stopped and changed the port, everything returned to normal.

In order to find this, netstat -abno command provided really useful, and it's the tool that gave us the solution to stop those 4 connections every second.

Thanks everyone for the help and insight.

Answer 2

I wrote a blog post about the perils of having your SQL Server exposed to the internet.

You should almost never allow internet access directly to SQL Server. From your description, it sounds like you have no requirement for that, since you RDP into the machine for access. I would immediately ensure the port used by the SQL Server is blocked at the firewall.