How to protect SQL Server from Hackers
Solution 1:
Sounds like your firewall isn't configured correctly. This is the first step.
Normally I wouldn't pimp a book that I wrote, but in this case I'll make an exception. It's called Securing SQL Server and it'll give you a good start.
Solution 2:
SImply said - you do not. I would not use afirewall etc. - a SQL server has no right to be on the internet. VERY VERY few exceptions.
For replication, set up a proper VPN.
Solution 3:
Besides configuring the firewall properly, here are some general recommendations to keep SQL Server safe from brute force attacks:
-
Disable the 'sa' account. Knowing the exact login name will make attacks easier
ALTER LOGIN sa DISABLE
Another option is to rename the 'sa' account to a less obvious name
ALTER LOGIN sa WITH NAME = SimonXZY
- Use Windows authentication instead of mixed mode authentication. The Windows authentication enforces the Windows password policy and it locks the login in case of successive failed logon attempts
- Audit failed logons. The easiest way to do this is to set the Login auditing option in the Server properties, Security tab to Failed logins only or Both failed and successful logins. This will not help you protect against brute force attacks, but will help you be aware of the attacks
More useful recommendations here: Preventing a Brute Force or Dictionary Attack: How to Keep the Brutes Away from Your Loot