Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase ««12

Port Blocking, SQL Server, and the Internet Expand / Collapse
Author
Message
Posted Sunday, June 18, 2006 3:42 AM
Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Thursday, January 30, 2014 10:08 PM
Points: 1,038, Visits: 444

I tend to err on the side of caution - I'd never expose SQL directly to the net.  A VPN using the standard MS PPTP connections is very easily configured at both the server and client ends...  This is by far more secure and helps ensure that any future exploits for SQL don't find their way into your network.

You could, if desired, make use of the features of your NAPT firewall to have SQL use 1433 internally and appear on a different port externally - security through obscurity   I do this for Terminal Services - rather than exposing 3389 for a single server to the net I'll map something like 4001, 4002, 4003 etc each being pointed at a different internal IP address for port 3389.  The less of your network that is exposed, the more secure you are (generally).




Post #288370
Posted Sunday, June 18, 2006 7:28 AM
Grasshopper

GrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopper

Group: General Forum Members
Last Login: Tuesday, February 24, 2009 8:49 AM
Points: 14, Visits: 3

Wow this is still looked at... been a while since my bit on sql.

 

for an outside client to get at the data my general plan is to use another server to manage the request.

examples include web services / xml or an app server remoting the data

any client on the "outside" of the corp. data center should never see the IP of the SQL db server.

should never have direct access to it via SQL connection.

and in many cases a middle server can cache some data thus reducing the work load and # of connections on the sql server.

less vulnerable, more scalable, more managed.

seems good to me.

Post #288383
« Prev Topic | Next Topic »

Add to briefcase ««12

Permissions Expand / Collapse