Re: Exposing data

From: Adam Machanic (amachanic_at_air-worldwide.nospamallowed.com)
Date: 03/10/04 

Date: Wed, 10 Mar 2004 11:16:42 -0500

Generally for web apps, the exposure works like this:

One port (or maybe two) on the firewall is open for HTTP (80, and perhaps
443 for SSL).

The web server, BEHIND THE FIREWALL, can talk to the database server. Some
admins even go so far as to put a second firewall between the web and
database servers (which I think is generally overkill). No SQL Server ports
should ever be open on the firewall. And no SQL Server should ever be in a
DMZ! That's just asking for trouble...

Anyway, here's a link with some good information about how to secure a web
app using SQL Server:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/ht
ml/openhack.asp

"Jay" <Jay@wdc.com> wrote in message
news:5D4E06B3-1BC0-4A9B-9215-2C20BC72379D@microsoft.com...
> Hi,
> I'm about to enter some new ground. I have a background of web development
(ASP) and SQL Server (network environment only). We have a new ASP.NET
application running a SQL DB. This application is to be put out on the net.
> Our network admin wants to buy another SQL licence and have the SQL server
sit outside of our network firewall. I'm more inclined to have the SQL
server inside some sort of DMZ (a topic new to me) and open a port for data
access.
> Before I take this argument to the network admin I want to arm myself with
the necessary knowledge. I guess I'm looking for articles/URLs/tutorials
which will teach me how to expose a SQL DB on our network to the internet
without risking the secuirty of our network or the SQL box itself.
> many thanks
> Jay

Relevant Pages

  • Re: Turning on Media Sharing in WMP11
    ... I believe it forms quite a reasonable network media device. ... Turning on SSDP (it was disabled as was uPnP) to Manual and then UPnP ... If there is a firewall, or NAT, built into your ... You need to open port s: ...
    (microsoft.public.windowsmedia.player)
  • Re: May need to move from SBS because of connection issues
    ... Just to make sure you are clear regarding port 4125, ... access remote systems and you are behind a firewall on a non-SBS network, ... established that RWW worked TO your SBS network from outside. ... have been proof that the required ports were forwarded to the SBS server. ...
    (microsoft.public.windows.server.sbs)
  • Re: Identifying Internet Attacks
    ... contain the hacker to a particular machine, leave the machine on the network ... Some firewall software such as ... open ports; however, this will not identify which program is using the port. ... firewall logs, the IIS web and ftp server logs and Windows security event ...
    (microsoft.public.inetserver.iis.security)
  • Re: Leopard Firewall Warning
    ... machines on a particular network can access a port. ... The new scheme is an XP-style application based firewall; ... This, as an example, allows an attacker, once ...
    (uk.comp.sys.mac)
  • Re: firewall ports
    ... > I am wondering how safe my network is with the firewall i have set up.. ... how does this compromise the security to my network if at all? ... non-standard ports, anyone can run nmap or any type of port scanner to see ...
    (comp.security.firewalls)