Secure SQL Server and other traffic with end to end security

All,

I am wondering if there are any best practices or ways that I can open up secure access to a service such as (for example) SQL Server, or any other program normally requiring a port to be opened and whitelisted?

I have a non-production development server in AWS and I want to allow port 1433 open to my lab at home, but I want to lock down the data, keeping it secure.

Currently I have bi-directional whitelisting set up to my router from and to the AWS server hosting my database.

I don't want to manage a site to site (, or even a client to site) VPN, and I don't feel that securing down port 1433 by whitelisting it is enough, what are my other options? I would love to be able to use some sort of a service bus, or alt related service.

I would say that any port opened to the Internet presents a potential threat, but if you have to open something - then at least solutions designed to be opened to the Internet should be a better pick. In my mind (which may vary from the official documentation), SQL Server is not designed to be opened to the Internet.

So, the safer solution requires ensuring that a secure tunnel is in place between your server and your home office, even before you connect to SQL Server. VPN would probably be the easiest possible option. There are some other ways like IPSec, but they usually require professional equipment, not a usual home router.

Having said that, if your non-production server does not contain too sensitive information (e.g. it's just some pet project you are ready to lose in the unfortunate case you get hacked), then the measure you took by restricting access from any IP instead of your home one should be quite adequate. The chances of your neighbor next door running a scan of the entire AWS and discovering your port are very slim :)