Re: Query Analyzer vulnerable thru Firewall?

From: Denny (mrdenny@gamespy.com)
Date: 02/05/03 

From: "Denny" <mrdenny@gamespy.com>
Date: Wed, 5 Feb 2003 11:00:22 -0800

PC Anywhere isn't bad. It does support 128 bit encyrption, and domain
authentication. If the VPN isn't an option, PC Anywhere should work ok.
Just make sure that the Encryption is setup as high as possible. 

--
Denny Cherry
Database Administrator
GameSpy Industries
"Joe Reiss" <medidata@ix.netcom.com> wrote in message
news:O8nF0$SzCHA.1936@TK2MSFTNGP10...
> Would you recommend PC Anywhere as opposed to setting up a VPN?
>
> Thanks,
> Joe
>
>
> "Denny" <mrdenny@gamespy.com> wrote in message
> news:#r1A$jKzCHA.680@TK2MSFTNGP11...
> > Joe,
> > This could cause some problems as this would allow anyone access to port
> > 1433 on your SQL Server.  All a hacker would need is time before he'd
find
> > your sa password.  And SQL Traffic isn't the most encrypted traffic on
the
> > net.  So someone could sniff your connection and get the token that you
> are
> > passing (if using windows authintication) or local username and password
> (if
> > SQL auth) and log in with your permissions and do all sorts of nasty
> things.
> >
> > I'd recommend a VPN or dial up session to the domain.  With some sort of
> > smart card (those cards with the numbers that change once per minute
> > randomly).  This would be the best way.
> >
> > --
> > Denny Cherry
> > Database Administrator
> > GameSpy Industries
> >
> > "Joe Reiss" <medidata@ix.netcom.com> wrote in message
> > news:#8rHJgKzCHA.2696@TK2MSFTNGP09...
> > > Regarding SQL Server 2000.
> > >
> > > I've asked my network admin to configure the firewall to enable me to
do
> > > remote administration of  SQL Server from my house via the internet.
He
> > > started to give warnings that hackers would also be able to get in
> because
> > > of security flaws within query analyzer if he opens up the SQL server
> port
> > > on the firewall side.   The server is behind the firewall.
> > >
> > > I've not heard of any issues pertaining to this.
> > >
> > > Can anyone please give me info on this issue if in fact it is an
issue.
> > >
> > > Thanks,
> > > Joe
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: Web-based software update
    ... > firewall and therefore cannot be accessed directly from a Delphi ... Open the firewall to allow SQL Server traffic to pass through. ... Without using a VPN, ... you still have open data flowing over the internet, ...
    (borland.public.delphi.thirdpartytools.general)
  • Re: ISA Configuration for SQL over VPN
    ... TCP Ports Needed for Communication to SQL Server Through a Firewall ... >I am able to browse the network when I VPN, and can use IIS6 to manage the ...
    (microsoft.public.isa)
  • Connecting through VPN fails
    ... I've no problems connecting to our testserver. ... I use VPN to get inside our firewall, ... The servers is set up to use both Sql server and Windows authentication. ...
    (microsoft.public.sqlserver.server)
  • Connecting through VPN fails
    ... I've no problems connecting to our testserver. ... I use VPN to get inside our firewall, ... The servers is set up to use both Sql server and Windows authentication. ...
    (microsoft.public.sqlserver.connect)
  • Re: TS vs VPN
    ... Using TS, w/o VPN ... The remote client connects to your local TS via Remote Desktop. ... "Foo" accesses the SQL server, which is nearby in a protected part of the network. ...
    (microsoft.public.windows.terminal_services)