The IBM Security Secret Server Hardening.
One of the Hardening steps is to change the MS SQL Server default port 1433 for IBM Security Secret Server.
For those ports listening, and probably one of hardening to change the default port of the SQL server 1433.
Reference Guide for the ports usage of the IBM Security Secret Server.
https://www.ibm.com/support/pages/ports-used-secret-server
The Other IBM Security Secret Server Harding course
The Thycotic guidance "How to secure"
This Guide will help how to change the port in the Microsoft SQL server for IBM Secret Server in detail steps.
Environment
IBM Security Secret Server 10.6 and 10.7
Before taking the actions, keep in mind that two steps.
- Go to the SQL Server Configuration Manager, and change the port.
Tips Make sure which layer of the TCP is the one for your network is changed the port.
Tips The site is a bit slow to initiate the page completely opened, and might take sometimes to open or timeout. So try a couple of times, and the site will open eventually.
The the
SQL DB name and the
SQL host server name is required, so
MS SQL server management in the Windows, and you can check the connection and verify the SQL DB name and the SQL host server name.
Here is the steps
1. Change the port in the SQL Server Configuration Manager, and under the TCP/IP which has the layer of the IP v4 , v6 etc, and change the port accordingly.
2. Go to the Microsoft Services on the control panel then, look for the Microsoft SQL related services, and restart them first to take an affect.
After restarting the service, open the cmd, and verify the port, netstat -an | findstr 1433 ( is no longer listening or listed.) you can check netstat -an | findstr <new port> ( this cmd will show the new port that you changed to.)
Below the screenshot
- TCP/IP Properties, make sure to understand IP addresses are changed to all the port, or one that enabled the IP address should be changed, probably I recommend to check which layer is use in your network. The network IP addresses layer, you will enable the v4, v6, or both or other. Important to check those layer is enabled and used for this particular port.
3. Then, the port number is only changed on the TCP port level at the SQL configuration
Change the page name, login.aspx to dbconnectionreset.aspx.
Enter the server db name and db name ( can be verified by the MS SQL server management
The database connection reset will require below.
either Application Identity or Another Windows account.
The new database connection settings have been reset page.
The page will warn you to restart the IIS automatically, so all users will not be access to the IBM Security Secret Server.
I've tested below the setting, and confirmed/verified all the port changed in our Lab successfully.
If it is not successful, please check the warning in audit link where the top page or the button for audit report. Please open the IBM support ticket to further investigate.