Help Center/ Relational Database Service_RDS for SQL Server/ FAQs/ Network Security/ How Can I Prevent Untrusted Source IP Addresses from Accessing RDS for SQL Server?
Updated on 2025-06-30 GMT+08:00

How Can I Prevent Untrusted Source IP Addresses from Accessing RDS for SQL Server?

  • If you enable public accessibility, your EIP DNS and database port may be vulnerable to hacking. To protect information such as your EIP, DNS, database port, database account, and password, you are advised to set the range of source IP addresses in the RDS for SQL Server security group to ensure that only trusted source IP addresses can access your DB instance.
  • To prevent your database password from being cracked, set a strong password according to the password policies of your RDS for SQL Server instance and periodically change it.
  • RDS for SQL Server includes defense against brute force cracking. If malicious individuals have obtained your EIP DNS, database port, or database login information and attempt a brute force attack, your service connections may be deleted. In this case, you can restrict the source connections and change the database username and password to prevent further damage.

    For RDS for SQL Server, defense against brute force attacks is enabled by default and cannot be disabled.