September 17, 2019 at 6:10 am
Hi All,
This is more of a security related question.
Usually, we connect to Prod SQL Servers via Jump Servers. while connecting to jump server we get the verification code on mobile, we verify and we get access to the prod servers.
We do a RDP or using SSMS we connect to prod env.
Now, my question is, if we are having SSMS installed on local machine/laptop , we are also able to connect to prod servers. This is a potential security risk. How can we restrict such local connections.
We want to allow connections only via jump servers and not from any local machine / laptop.
Is there a way to restrict local connections from SQL Server side or do we need involve network team on this ? if network team is involved, what would they typically do in order to implement such process.
Want to have some idea before reaching out to them.
Please suggest.
Thanks,
Sam
September 17, 2019 at 12:43 pm
In our case to access production servers, we must send an email to IT Sec telling them the reason why and which tool it is and explain the reason.
Since we are in different networks they just open ports the tools use to connect to production.
I.E: SSMS uses port 1433.
Here we usually have everything locked, ports between IPs, we don't use windows OS firewall, we use third party firewall hardware which handles that very well.
best regards
September 19, 2019 at 7:07 am
Thank you Alej.
September 19, 2019 at 3:51 pm
Network team needs to lock this down. Having access from local laptops to production is a bad idea, not the least of which is because of ransomware. Access to prod should be very locked down.
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply