Tom.Thomson (8/22/2010)
Ninja's_RGR'us (8/22/2010)
Is there a way on a firewall to accept traffic from only a single IP and redirect to another secured machine on a secured port far beyond the firewall even if it's not in DMZ? Im not network expert but that seems like a pretty safe way to go.
So that way only someone who's successfully hacked our server would be able to get in...
Depends on the firewall - it's certainly possible to allow some particular ports only to certain remote IPs and allow those remote IPs only to see those ports for certain local (ie on the inside side of the firewall) IPs on any firewall I've ever used for business (as opposed to home use). That still allows someone to get in if they can achieve the required IP spoofing, of course, which is why you should also require the thing trying to connect to know a key (and then they have to either both discover the key and spoof the IP or break into your server) - but now you've effectively got an unencrypted (except that connection set-up dialogue is encrypted) VPN; every firewall I've used for business has provide that capability.
Thanks again Tom.
Since you seem like the local expert on the subject I'll ask you this :
If a nut job like me were to send you a request to expose your precious sql server... and Main ERP DB to the internet, what would be your preffered setup to ensure maximum security and super fast connection (assuming you can't kill me and make this go away) :-D?