SQL Server 2005 is the first SQL Server version developed under the Microsoft Trustworthy Computing initiative. One of the principles of the Trustworthy Computing initiative is the Secure by Default principle. In implementing this principle, SQL Server 2005 disables some network options in order to keep your SQL Server environment as secure as possible.
Granting Remote Access
SQL Server is a database management system designed to run on a server, accepting connections from remote users and applications. It is possible to connect locally to SQL Server from the same computer on which SQL Server is running, but production database systems typically don't use this feature. Therefore, it is important to configure SQL Server appropriately to accept secured connections from remote computers.
To access a SQL Server instance remotely, you need a network protocol to establish the connection. Activate only the protocols you want to use to avoid wasting system resources.
The default installation of SQL Server leaves many features disabled to reduce the attackable surface area of the database system. For example, SQL Server 2005 does not allow remote connections by default (except in the Enterprise version), so you should use the SQL Server Surface Area Configuration tool to enable remote connections, as shown in Figure 2-1.
Figure 2-1. SQL Server Surface Area Configuration tool for services and connections.
You can accomplish this task by following the procedure below.
Enabling Remote Connections
You can enable remote connections using the TCP/IP or Named Pipes network protocols. TCP/IP is the recommended protocol due to security and performance considerations.
Securing External Access
Database servers should be well protected from unauthorized external access due to the critical information they store. SQL Server should never be accessible directly from the Internet. If you need to provide SQL Server access to Internet users or applications, you should ensure that your network environment provides a protection mechanism, such as a firewall or IDS (Intrusion Detection System).
SQL Server allows connections using different endpoint types. You will learn about endpoints in Chapter 9, "Reading SQL Server Data from the Internet."