Re: High security Needs, Cheep Clients, Need Help


"Phil" <prounds@xxxxxxxxxxxxxxxxxx> wrote in message
news:eFeo0WchGHA.4080@xxxxxxxxxxxxxxxxxxxxxxx
I have an existing server hosting several sites with associated back end
databases.
I have a new client who needs secure hosting solutions, including a secure
database, without the expense of a new server. I was thinking of the
following architecture. I know some ( most ) of this is not SQL related,
but bear with me please.

I am hosting web services on the server to provide the interface with the
external world. End-Use clients will have applications with certificates
to access these web services. I have two instances of SQL Server 2005
running, MYSERVER\PUBLIC & MYSERVER\PRIVATE.

MYSERVER\PUBLIC contains all my existing, non-secure, databases plus some
info relevant to the new service which need not be secure.
MYSERVER\PRIVATE will contain all the new, to be secured, data.
MYSERVER\PRIVATE listens only on TCPIP Address 127.0.0.1, so should be
available only as 'localhost' from within the server, i.e. not be public
to the outside world. My web services should be able to access this data,
and the web services will only be accessible to these signed applications.
Of course, any relevant info would be encrypted.

Is this sufficient ?


Can't tell if it's sufficient, but it should work.

Also don't even need to enable TCP/IP for the PRIVATE instance. Programs
running on the same box can use the shared memory provider, which only works
locally. Also make sure to put the private web apps in their own
application pool (or web site), and use a seperate set of Windows accounts
to run the secure web apps, connect to SQL and as the SQL Service account.
Segegate the data and use NTFS permissions to restrict read/write to the
database files, logs and backups.

David


.

Relevant Pages

  • Re: High security Needs, Cheep Clients, Need Help
    ... The IIS server needs to be locked down to ensure that you don't ... handle backups of the databases such that the data in your secure instance ... I am hosting web services on the server to provide the interface with the ...
    (microsoft.public.sqlserver.security)
  • High security Needs, Cheep Clients, Need Help
    ... I have an existing server hosting several sites with associated back end ... I have a new client who needs secure hosting solutions, ... I am hosting web services on the server to provide the interface with the ... MYSERVER\PUBLIC contains all my existing, non-secure, databases plus some ...
    (microsoft.public.sqlserver.security)
  • Re: write with cURL
    ... It takes time to set up an account for you, process the billing, etc. ... Sorry, my servers are secure. ... Nothing you have told me shows me you know how to lock down a server so that it is secure - other than to use the server's file security. ...
    (alt.php)
  • Re: NT4 -> Win2K3 question
    ... disable SMB signing for the Workstation or Server service on a domain ... Get Secure! ... The File Replication Service Event log test ... controller to the following destination domain ...
    (microsoft.public.windows.server.migration)
  • [OT] Re: RSA implementation, please comment.
    ... on a separate server is actually a very good idea, ... This web front uses a well defined and secure ... Don't store the private key on the server. ... Every client gets a smartcard for the decryption (or a HSM, ...
    (comp.lang.perl.misc)