Hi,
I'm about to enter some new ground. I have a background of web development (
ASP) and SQL Server (network environment only). We have a new ASP.NET applic
ation running a SQL DB. This application is to be put out on the net.
Our network admin wants to buy another SQL licence and have the SQL server s
it outside of our network firewall. I'm more inclined to have the SQL server
inside some sort of DMZ (a topic new to me) and open a port for data access
.
Before I take this argument to the network admin I want to arm myself with t
he necessary knowledge. I guess I'm looking for articles/URLs/tutorials whic
h will teach me how to expose a SQL DB on our network to the internet withou
t risking the secuirty of o
ur network or the SQL box itself.
many thanks
JayGenerally for web apps, the exposure works like this:
One port (or maybe two) on the firewall is open for HTTP (80, and perhaps
443 for SSL).
The web server, BEHIND THE FIREWALL, can talk to the database server. Some
admins even go so far as to put a second firewall between the web and
database servers (which I think is generally overkill). No SQL Server ports
should ever be open on the firewall. And no SQL Server should ever be in a
DMZ! That's just asking for trouble...
Anyway, here's a link with some good information about how to secure a web
app using SQL Server:
http://msdn.microsoft.com/library/d...-us/dnnetsec/ht
ml/openhack.asp
"Jay" <Jay@.wdc.com> wrote in message
news:5D4E06B3-1BC0-4A9B-9215-2C20BC72379D@.microsoft.com...
> Hi,
> I'm about to enter some new ground. I have a background of web development
(ASP) and SQL Server (network environment only). We have a new ASP.NET
application running a SQL DB. This application is to be put out on the net.
> Our network admin wants to buy another SQL licence and have the SQL server
sit outside of our network firewall. I'm more inclined to have the SQL
server inside some sort of DMZ (a topic new to me) and open a port for data
access.
> Before I take this argument to the network admin I want to arm myself with
the necessary knowledge. I guess I'm looking for articles/URLs/tutorials
which will teach me how to expose a SQL DB on our network to the internet
without risking the secuirty of our network or the SQL box itself.
> many thanks
> Jay|||This would not be recommended. SQL should be protected by a firewall.
Consider using ISA server 2000 and publishing SQL to the internet.
1433 is one of the highest scanned ports by hackers.
http://www.microsoft.com/technet/pr...n/sp3sec02.mspx
#XSLTsection126121120120
287932 INF: TCP Ports Needed for Communication to SQL Server Through a
Firewall
http://support.microsoft.com/?id=287932
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.|||Thanks Adam,
Priniting it now... will digest it after my first coffee of the morning.
Jay
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment