SQL Server and ISA Server on the web
From: Julia Lerman (jlerman@thedatafarm.com)
Date: 07/22/02
- Next message: Sue Hoegemeier: "Re: Remove -E login option from OSQL"
- Previous message: Jason Tai: "Sue: Store Procedure in Master to create TempDB Users"
- Next in thread: linda deng[MS]: "RE: SQL Server and ISA Server on the web"
- Reply: linda deng[MS]: "RE: SQL Server and ISA Server on the web"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Julia Lerman" <jlerman@thedatafarm.com> Date: Mon, 22 Jul 2002 11:43:28 -0400
We are about to open up our own network onto the web via ISA Server.
Currently we are using Win2K Server, SQL Server 7, IIS 5.0 and the latest sp
of ISA Server.
Let me preface this by saying: "I'm just the programmer!!" and, by default,
the SQL Server admin, but that's just because nobody else knows anything
about it and I want to make sure that all of my inhouse apps functino
properly!
The network guy who has decided he feels safe opening up this stuff so that
we don't have to deal with ftp replication to another webhost etc, has asked
me (who ain't no internet security expert) to make sure that the SQL Server
data will be safe.
I'm very nervous about this responsibility and may just end up passing it on
to someone with more expertise!
Currently, we have two databases in the SQL Server. One is the main in-house
database used by our in-house desktop apps. The other is a replicated
database (based on queries from the main) that is used by our internal
website. So the database connections in the asp pages go to the replicated
database. They don't touch the first one. The internal website is what we
are going to expose so that employees can get at it remotely.
There is a hardware firewall and ISA Server on top of all of this (which I
know very little about). And access to the website is password protected
using a login table in the database (including pages that check for that
valid login before access those specific pages), what should I be looking at
in terms of potentially exposing the databases? The network guy (mentioned
above) says he wants to "lock down" the server as much as possible. We
already have a handful of computers that are having trouble with the website
internally since he put in the ISA server.
So, since this is a complicated issue, and obviously affected by a lot of
variables, WHERE should I be looking for information on this?
Thanks much.
Julia Lerman
- Next message: Sue Hoegemeier: "Re: Remove -E login option from OSQL"
- Previous message: Jason Tai: "Sue: Store Procedure in Master to create TempDB Users"
- Next in thread: linda deng[MS]: "RE: SQL Server and ISA Server on the web"
- Reply: linda deng[MS]: "RE: SQL Server and ISA Server on the web"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
