I have recently made a SQL server from Microsoft and I was wondering if it is safe port forwarding it. This database isn't gonna be out there and I'm just using it as kind of as a test sql server. I want to access when I'm not on my local network and from anywhere / any device. Meaning that I wouldn't use a vpn and portforward it on that.
I want to keep it portforwarded but I'm not sure if the risk is high for port forwarding it. I won't be keeping any important data.
I have already tried looking onto online one's and I don't really want to spend money.
2 Answers
I would not recommend opening up any port inbound to everything on the internet. Especially if it's a port that will actually be listening for traffic. While your SQL database might not have relevant information it can open you to vulnerabilities that may otherwise not exist.
An example is the old SQL Snake:
Having it open would mean opening yourself to any future vulnerability that may work on that port and that may extend beyond the scope of the application of that port. Such as SQLSnake allowing malicious actors to gain access to the window server the SQL database sat on.
You stated that you do not want to use VPNs but you also mentioned that you do not want to spend money. If the reason you're avoiding VPNs is monetary factor there are free options available such as tightVNC .
From the moment you expose a service publicly on the Internet you will start seeing brute force attacks against your server. DBMSes are hot targets. I think you need some sort of defense in addition to a strong sa password. Using a VPN makes sense. There are free and open-source solutions available.
Even if you have a sound setup your server will still be exposed and attacked and will constantly have to fend off attacks and your Internet connection will be flooded with malicious traffic, that shouldn't be there in the first place.
