Re: how to secure VPN to a SQL server?

From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 29 Jun 2006 17:03:04 -0500

While using virus protection is a great idea there are other things you
should also do. If at all possible the users on the remote computer should
never be in the local administrators or power users group and Software
Restriction Policies can be implemented on XP Pro to control what
applications users do use and minimize the threat of malware. The link below
explains SRP in detail. You should also take advantage of filtering
capabilities of your VPN server to restrict what IP addresses the VPN user
can access and then what ports/protocols they are allowed to access on those
IP addresses. In Windows 2000/2003 RRAS you can configure input/output
filters in Remote Access Policy via edit profile - tcp/ip. Of course the
SQL server must be hardened including that the users have only the needed
permissions to do their job. --- Steve

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx

"Rob R. Ainscough" <robains@xxxxxxxxxxx> wrote in message
news:uharm6vmGHA.4836@xxxxxxxxxxxxxxxxxxxxxxx

I have a deployment package that automatically sets up a VPN on a remote
client PC (public). What I'm concerned about is the client PC obtaining a
virus and that virus finding its way to our server via the VPN. The client
PC's do need Internet access & Email access while the VPN is enabled. The
VPN is used only for communication with the SQL server -- basically a split
tunnel VPN solution. (TCP/IP settings, Use default gateway on remote
network is NOT checked)

What are my options?

Thanks, Rob.

Follow-Ups:
- Re: how to secure VPN to a SQL server?
  - From: Rob R. Ainscough

References:
- how to secure VPN to a SQL server?
  - From: Rob R. Ainscough

Prev by Date: Re: Computer Hijack
Next by Date: Re: Renaming a Certificate Root authority
Previous by thread: Re: how to secure VPN to a SQL server?
Next by thread: Re: how to secure VPN to a SQL server?
Index(es):
- Date
- Thread

Relevant Pages

Re: TS vs VPN
... Using TS, w/o VPN ... The remote client connects to your local TS via Remote Desktop. ... "Foo" accesses the SQL server, which is nearby in a protected part of the network. ...
(microsoft.public.windows.terminal_services)
Re: Is there any way to prevent hacker trying to guess sa password?
... VPN can help but I found it caused more maintenance (in terms of network ... quirks, slow boot problems, incompatibilities with some remote PCs and very ... server level where the remote users communicate requests to the application ... the application server and keep the SQL server relatively safe behind the ...
(microsoft.public.sqlserver.security)
Re: how to secure VPN to a SQL server?
... | client PC. ... | virus and that virus finding its way to our server via the VPN. ... Use default gateway on remote ...
(microsoft.public.security)
Re: how to secure VPN to a SQL server?
... What I'm concerned about is the client PC obtaining ... | virus and that virus finding its way to our server via the VPN. ... Use default gateway on remote ...
(microsoft.public.security)
Re: Remote Access and ISA Server in SBS 2003?
... I am glad to hear the Remote Access Wizard is working fine now. ... there is no difference in VPN between SBS 4.5 and SBS ... Error Message: VPN Connection Error 800: Unable to Establish Connection ... the external NIC of the SBS Server. ...
(microsoft.public.windows.server.sbs)