Video: Firewalls and TLS in SQL Server on Linux

THE VIDEO

THE SYNOPSIS

In this video, we harden our SQL Server instance in two ways: by using a firewall to limit inbound traffic, and by using a certificate to force encrypted connections to SQL Server.

THE COMMANDS

Following are the command line operations I used throughout the video.

sudo ufw enable


sudo ufw allow 1433
sudo ufw allow 1434


sudo ufw allow proto tcp from 172.20.149.78/29 to any port 1433
sudo ufw status


hostname -f

# NOTE: make the subject here your hostname!
openssl req -x509 -nodes -newkey rsa:2048 -subj '/CN=SQLVM0' -keyout mssql.key -out mssql.pem -days 365
sudo chown mssql:mssql mssql.pem mssql.key
sudo chmod 400 mssql.pem mssql.key
sudo mkdir /var/opt/mssql/security
sudo chown mssql:mssql /var/opt/mssql/security
sudo mv mssql.pem /var/opt/mssql/security/
sudo mv mssql.key /var/opt/mssql/security/


sudo cat /var/opt/mssql/mssql.conf


sudo systemctl stop mssql-server
sudo /opt/mssql/bin/mssql-conf set network.tlscert /var/opt/mssql/security/mssql.pem
sudo /opt/mssql/bin/mssql-conf set network.tlskey /var/opt/mssql/security/mssql.key
sudo /opt/mssql/bin/mssql-conf set network.tlsprotocols 1.2
sudo /opt/mssql/bin/mssql-conf set network.forceencryption 1
sudo systemctl restart mssql-server
systemctl status mssql-server


sudo cat /var/opt/mssql/mssql.conf

LINKS AND ADDITIONAL INFORMATION

All of these videos are on behalf of Catallaxy Services, LLC, my consulting company where I help customers on problems all across the data platform space.

• Encrypt connections to SQL Server on Linux
• Uncomplicated Firewall (ufw)
• Allow Port 1433 Ubuntu Linux for SQL Server
• netfilter
• In-depth understanding of netfilter and iptables
• [MS-TDS]: Tabular Data Stream Protocol
• TDS 8.0