[fw-wiz] A few sql 2000 related questions

• Previous message: Robert Davila [c]: "Re: [fw-wiz] VPN Tunnel Stalling [s]"
• In reply to: Tina Bird: "RE: [fw-wiz] VPNmadness gets more support;"
• Next in thread: Paul Melson: "RE: [fw-wiz] A few sql 2000 related questions"
• Reply: Paul Melson: "RE: [fw-wiz] A few sql 2000 related questions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <firewall-wizards@honor.icsalabs.com>
Date: Sat, 12 Feb 2005 08:40:25 -0500

Folks,
I'm new to the list, so forgive me if the questions have been asked before.

1/ First, are there "best practices" relating to security MONITORING of
sql servers? And tools to do so? We have a copy of bindview for SQL. I
haven't had a chance yet to look over it.

2/ We currently are running a web server that has SQLServer 2000 on it.
Again,
I haven't had time for an exhautive review, but I don't think the SQL
connection
is "protected" using ssl (which I have been led to believe is best
practice).
So for "back office" connections, is ssl best practice? What about taking
SQL
OFF that machine? The cuurent protection goes as follows:

inet -> fw->(ssl) dmz (reverse proxy)->fw->web server running IIS/SQL-->back
office fw-->SQL "feeders"

The current solution is completely outsourced, but we are planing to change
that this year to just web hosting where we have more control.

One proposal I have is the following

inet-->IPS-->fw->dmz (ssl) web server->fw->(ssl)sql server->vpn(with
acls)->back office fw dmz->(ssl)back office feeder servers

comments?

other proposal is

inet-->IPS-->fw->(ssl) inverse proxy->fw->(ssl) web server ->(ssl)sql
server->vpn(with acls)->back office fw dmz->(ssl)back office feeder servers

comments?

Thanks for your feedback,
-ML

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Robert Davila [c]: "Re: [fw-wiz] VPN Tunnel Stalling [s]"
• In reply to: Tina Bird: "RE: [fw-wiz] VPNmadness gets more support;"
• Next in thread: Paul Melson: "RE: [fw-wiz] A few sql 2000 related questions"
• Reply: Paul Melson: "RE: [fw-wiz] A few sql 2000 related questions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: RM and definition of relations/tuples ... > I have a question to the Relational Model and the definition of ... In practice most of the self styled relational DBMS products have used SQL ... (comp.databases.theory) Re: Some basic session state questions ... The reason for storing info in SQL would be to set up ... practice" option would be to bulk insert the selections into another ... which could be done with a single stored procedure call. ... selection, or passing the selections as ... (microsoft.public.dotnet.languages.csharp) Re: why cant i do this?? any clues on how i should go about ... Oracle is not a variant on SQL ... practice for alter tables. ... (comp.databases.oracle.misc) Re: More about 70-228? ... This is my first ever microsoft certification, ... and a trial version on SQL. ... And file permissions. ... Read the book, and practice, practice, practice. ... (microsoft.public.cert.exam.mcse) Re: sql 2005 active/passive cluster options ... that is storing data on a seperate SQL 2005 Standard box. ... SQL server had an hardware fault causing application downtime for ... their product is an active/passive sql cluster. ... terms of active/passive failover I need two identical servers (since ... (microsoft.public.sqlserver.clustering)