|
Firewall Wizards
mailing list archives
A few sql 2000 related questions
From: "Mike LeBlanc" <mlinfosec () comcast net>
Date: Sat, 12 Feb 2005 08:40:25 -0500
Folks,
I'm new to the list, so forgive me if the questions have been asked before.
1/ First, are there "best practices" relating to security MONITORING of
sql servers? And tools to do so? We have a copy of bindview for SQL. I
haven't had a chance yet to look over it.
2/ We currently are running a web server that has SQLServer 2000 on it.
Again,
I haven't had time for an exhautive review, but I don't think the SQL
connection
is "protected" using ssl (which I have been led to believe is best
practice).
So for "back office" connections, is ssl best practice? What about taking
SQL
OFF that machine? The cuurent protection goes as follows:
inet -> fw->(ssl) dmz (reverse proxy)->fw->web server running IIS/SQL-->back
office fw-->SQL "feeders"
The current solution is completely outsourced, but we are planing to change
that this year to just web hosting where we have more control.
One proposal I have is the following
inet-->IPS-->fw->dmz (ssl) web server->fw->(ssl)sql server->vpn(with
acls)->back office fw dmz->(ssl)back office feeder servers
comments?
other proposal is
inet-->IPS-->fw->(ssl) inverse proxy->fw->(ssl) web server ->(ssl)sql
server->vpn(with acls)->back office fw dmz->(ssl)back office feeder servers
comments?
Thanks for your feedback,
-ML
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
|
Intro
