Skype for Business: Hardening The Backend Databases

Great Blog Post from Mark on Skype4B / Lync Server Database hardening 🙂

three65.blog

We all know that Lync uses SQL server to store it’s backend databases such as the Central Management Store. However, do we pay much attention as to how the Lync Front End servers connect to the database? Let’s look at a scenario.

You have 3 front end enterprise edition servers in a single pool. You are using SQL server 2012 as a backend database server for the Lync databases. This SQL server has multiple instances running other LoB applications. The installation of SQL was completed only accepting the default settings from the SQL installer.

So what security implications does this have on your SQL estate? To begin with SQL will use the static TCP port of 1433 to allow external connections access to the default instance (usually MSSQL) and TCP port 1434 for the SQL Browser service. The SQL browser service is used to allow connections to databases from external…

View original post 685 more words