I am using an MS-SQL Server 2008 instance as back-end DB server for a project. I did some security tests on the machine hosting my project and SQL Server and got the following report on SQL Server:
On port 1853/TCP a database server is running (specifically MSSQL and a version number) and that the response was available in the pre-login response.
How can I hide this information and SQL Server altogether?
I can't find a way to create a trigger and allow access to specific IPs but I am not sure if this addresses my problem here properly.
If the attacker has access to the TCP port they can find this information out. You'll need to use some sort of firewall to block access to the SQL Server from people that shouldn't have access to it.
Putting the SQL Server on a non-standard port is not a good way to prevent people from attempting to break into your SQL Server.
Why port 1853? SQL Server's standard port is 1433, did you customize it? Otherwise this means that port is owned by something else running on the machine.
Anyway, a firewall (even Windows' built-in one) would be your best solution here. If the machine is sitting on a public IP address, you should really have one in place anyway, regardless of SQL Server.