Max Vernon explains why it’s a bad idea to let your SQL Server be Internet-accessible:
First, it might be helpful to understand why someone might want to connect to their SQL Server via the Internet. Consider any of the following likely scenarios:
- There is a client application or website hosted in a different data-center that needs access to the data stored in the SQL Server.
- You need to provide geographical redundancy between several SQL Servers located in different countries that are only connected via the Internet.
- You’re doing development on a hosted SQL Server and don’t understand the implications of having SQL Server exposed.
The typical way you might expose your SQ Server to the Internet when the server is behind a router or firewall is to open an incoming TCP port at the router or firewall directed at the SQL Server on port 1433. If you do this, you will very quickly start seeing incoming connection attempts from computers on the Internet. These attempts will try to login, typically via the “sa” account, continuously trying passwords.
It’s best to avoid this mess altogether, though if you do need to expose your SQL Server to the Internet, Max has tips on how to mitigate some of that risk.