October 11, 2007 at 3:54 am
Good day all,
I am trying to find out if its possible and if so how to do this. The basic idea is that we want to enable Windows Authentication for all our users through the frontend applications. However we do not want them to be able to connect to the database if they manage to get hold of SQL tools.
We were thining along the lines of restricting IP address to the SQL box as well as changing the default SQL port.
All the people that need to admin SQL are on a different set of IP addresses (fixed IPs) while all the users use DHCP.
Can we restrict the IP address that are able to connect to the Server? We use 2/3 application servers.
Thanks in advance 🙂
October 11, 2007 at 6:36 am
This is mostly easily done on the network side with an Access Control List (ACL) on the switch. However, on the server itself you could put an IPSEC Policy restricting traffic to the port SQL Server listens on. However, the network solution won't cause a potential performance hit on your server. From an infrastructure perspective, most organizations that can, attack this at the switch.
K. Brian Kelley
@kbriankelley
October 11, 2007 at 7:11 am
K. Brian Kelley (10/11/2007)
This is mostly easily done on the network side with an Access Control List (ACL) on the switch. However, on the server itself you could put an IPSEC Policy restricting traffic to the port SQL Server listens on. However, the network solution won't cause a potential performance hit on your server. From an infrastructure perspective, most organizations that can, attack this at the switch.
So far we had come up with:
Windows firewall
ISA server
Proxy server
Will look into the ACL on the switches, thanks.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply