1433 Outbound port to Azure SQL Database - PowerBI

2
votes

I was asked this question earlier today and i am not clear about how it all hangs together.

I've recently opened up 1433 outbound connection from my workplace firewall to connect to a Azure SQL database. I am using PowerBI Desktop as my client on my machine and using the standard PowerBI connector to Azure SQL Database.

I am able to connect to the Azure database and see the metadata and data and was able to author the report.

Now i have the following questions -

  1. Is the data transfer happening over the 1433 port ?
  2. Or, is there another driver like MSOLAP/OLEDB which does the transfer ? If so then is 1433 encapsulating the driver ?
  3. If so then is the data secure while in transit(from cloud to my machine in the network?), i mean is the connection SSL encrypted ? I just read this question and wasn't sure how is this working ? Azure SQL DB-Securing communication on Port 1433

Thanks in advance !

1
azuresslazure-sql-databasedata-transferpowerbi-desktop

1 Answers

3
votes

All data in transit coming from any Azure SQL Database or going to any Azure SQL Database is encrypted. Azure SQL Database does not allow non-encrypted connections. All this is happening on TCP port 1433. You cannot communicate to Azure SQL Database on a different port.

When a client first attempts a connection to SQL Server / SQL Azure, it sends an initial connection request. Consider this a "pre-pre-connection" request. At this point the client does not know if SSL/Encryption is required and waits an answer from SQL Server/SQL Azure to determine if SSL is indeed required throughout the session (not just the login sequence, the entire connection session). A bit is set on the response indicating so. Then the client library disconnects and reconnects armed with this information.

When you set Encrypt to true you avoid the "pre-pre-connection", and you are preventing any proxy from turning off the encryption bit on the client side of the proxy, this way attacks like man-in-the-middle attack are avoided.

When secure connections are needed, it is recommended to enable "Encrypt connection" setting.