Home » Posts tagged 'Security'

Tag Archives: Security

Skype for Business: Hardening The Backend Databases

We all know that Lync uses SQL server to store it’s backend databases such as the Central Management Store. However, do we pay much attention as to how the Lync Front End servers connect to the database? Let’s look at a scenario.

You have 3 front end enterprise edition servers in a single pool. You are using SQL server 2012 as a backend database server for the Lync databases. This SQL server has multiple instances running other LoB applications. The installation of SQL was completed only accepting the default settings from the SQL installer.

So what security implications does this have on your SQL estate? To begin with SQL will use the static TCP port of 1433 to allow external connections access to the default instance (usually MSSQL) and TCP port 1434 for the SQL Browser service. The SQL browser service is used to allow connections to databases from external clients to other instances on the same SQL server that use dynamic ports. This means the client does not need to know which port the SQL server has assigned to the backend database and therefore only requires the SQL server name or IP address and the name of the SQL instance to target. Using dynamic ports also means that your machine firewall is perhaps not as effective as it should be as you have to allow the high end ports between 49152 and 65535 through the firewall to cater for your SQL instances using dynamic ports.


%d bloggers like this: