Improving Web Application Security: Threats and Countermeasures
| Check | Description |
|---|---|
|
| Restrict access to all ports on the server except the ports configured for SQL Server and database instances (TCP 1433 and UDP 1434 by default). |
|
| Named instances are configured to listen on the same port. |
|
| Port 3389 is secured using IPSec if it is left open for remote Terminal Services administration |
|
| The firewall is configured to support DTC traffic (if required by the application). |
|
| The Hide server option is selected in the Server Network Utility (optional). |
Категории