Firewall Wizards mailing list archives
A few sql 2000 related questions
From: "Mike LeBlanc" <mlinfosec () comcast net>
Date: Sat, 12 Feb 2005 08:40:25 -0500
Folks, I'm new to the list, so forgive me if the questions have been asked before. 1/ First, are there "best practices" relating to security MONITORING of sql servers? And tools to do so? We have a copy of bindview for SQL. I haven't had a chance yet to look over it. 2/ We currently are running a web server that has SQLServer 2000 on it. Again, I haven't had time for an exhautive review, but I don't think the SQL connection is "protected" using ssl (which I have been led to believe is best practice). So for "back office" connections, is ssl best practice? What about taking SQL OFF that machine? The cuurent protection goes as follows: inet -> fw->(ssl) dmz (reverse proxy)->fw->web server running IIS/SQL-->back office fw-->SQL "feeders" The current solution is completely outsourced, but we are planing to change that this year to just web hosting where we have more control. One proposal I have is the following inet-->IPS-->fw->dmz (ssl) web server->fw->(ssl)sql server->vpn(with acls)->back office fw dmz->(ssl)back office feeder servers comments? other proposal is inet-->IPS-->fw->(ssl) inverse proxy->fw->(ssl) web server ->(ssl)sql server->vpn(with acls)->back office fw dmz->(ssl)back office feeder servers comments? Thanks for your feedback, -ML _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- VPNmadness gets more support; R. DuFresne (Feb 03)
- Re: VPNmadness gets more support; Kevin Sheldrake (Feb 05)
- Re: VPNmadness gets more support; R. DuFresne (Feb 05)
- Re: VPNmadness gets more support; Dave Piscitello (Feb 11)
- Re: VPNmadness gets more support; R. DuFresne (Feb 11)
- RE: VPNmadness gets more support; Tina Bird (Feb 12)
- A few sql 2000 related questions Mike LeBlanc (Feb 12)
- RE: A few sql 2000 related questions Paul Melson (Feb 14)
- Re: VPNmadness gets more support; R. DuFresne (Feb 11)
- Re: VPNmadness gets more support; Kevin Sheldrake (Feb 05)
- Re: VPNmadness gets more support; Paul D. Robertson (Feb 11)
- Re: VPNmadness gets more support; Frederick M Avolio (Feb 12)
- Re: VPNmadness gets more support; Steven M. Bellovin (Feb 14)
- Re: VPNmadness gets more support; ArkanoiD (Feb 14)
- Re: VPNmadness gets more support; Marcus J. Ranum (Feb 14)
- Re: VPNmadness gets more support; George Capehart (Feb 12)
- Re: VPNmadness gets more support; Paul D. Robertson (Feb 19)