Identity and Access Management (IAM)

How to harden Microsoft SQL Server procedure for IBM Security Secret Server

By Masa Imokawa posted Mon February 10, 2020 08:04 PM

  
IAM.jpg


Hardening
of the IBM Security Server infrastructure is very essential, and customers in-demand environments require the hardening environment properly.  Without the hardening, hackers can gain the valuable assets.  

 

IBM Security Secret server runs on the Microsoft database “MS SQL Server to store sensitive data. It is good approach to change the default port securely blocked by the firewall.  

 

For those ports listening, one of the hardenings to change is the default port of the SQL server 1433. Before taking the actions, keep in mind two steps: 

 

  1. Change the port in the SQL Server Configuration Manager, and under the TCP/IP which has the layer of the IP v4, v6 etc, and change the port accordingly.

 

Tips 
Make sure which layer of the TCP is the one for your network is changed the port. 

 

  1. Go to the Microsoft Services on the control panel then, look for the Microsoft SQL related services, and restart them first to take an affect.

 
After restarting the service, open the cmd, and verify the port, netstat -an | findstr 1433 (is no longer listening or listed). You can check netstat -an | findstr <new port> (this cmd will show the new port that you changed to). See below screenshot 

TCP/IP Properties, make sure to understand IP addresses are changed to all the port, or one that enabled the IP address should be changed. I recommend to check which layer is in use in your network. The network IP addresses layer, you will enable the v4, v6, or both. It is important to check that those layers are enabled and used for this particular port. 

 

 

  1. The port number is only changed on the TCP port level at the SQL configuration.

 

Go to the URL https://myserver/SecretServer/dbconnectionreset.aspx 
 

Change the page name, login.aspx to dbconnectionreset.aspx.  

 
Enter the server db name and db name (can be verified by the MS SQL server management). 

 
The database connection reset will require below – either Application Identity or Another Windows account. 

 

 
 
The new database connection settings have a reset page. The page will warn you to restart the IIS automatically, so all users will not have access to the IBM Security Secret Server. 

 

 

Tips  
The site is a bit slow to initiate the page completely opened and might take sometimes to open or timeout. So try a couple of times, and the site will open eventually. 

 
The SQL DB name and the SQL host server name is required. MS SQL server management is in Windows, and you can check the connection and verify the SQL DB name and the SQL host server name. 

 

Permalink