Skip to content

Change Database Default Port


Configuring a database to run on a non-default port avoids quick network scans to identify databases. An attacker who probes that specific system can still find and identify the new port. This should be considered only defense in depth, not providing strong security.


Using non-default ports will prevent a system from being found with routine network sweeps.

Applies To

  • Databases


This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine sqlserver

Default Rule

const { getServerSetting } = module
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if the database uses non default port
function validate(databaseSettings) {
    const port = getServerSetting(databaseSettings, 'tcpport')
    const success = port && port !== "1433"

    return {