Firewall Wizards mailing list archives

Re: ODBC in DMZ

From: "Stefan Norberg" <stnor () sweden hp com>
Date: Thu, 15 Jul 1999 11:16:46 +0200

C.K.,
ODBC is not a communications protocol. It relies on an underlying
communications mechanism.
For example:
A client can access a MS SQL-server (using ODBC), via Named Pipes (yuck :P),
MS RPC or TCP/IP Sockets (default port is 1433).

In a DMZ I would recommend sockets, although this communication is in clear
text, because it's only one port to open up.

MS RPC is all high ports in all directions plus tcp/135. Named Pipes is
NetBIOS-ssn (tcp/137).

Use strong passwords. If possible - make the DB-replica read-only.

/stefan

-------------------------------------------------------------------
Stefan Norberg (stnor () sweden hp com)
HP Consulting
PGP-key: http://people.hp.se/stnor/stnor.asc
KeyID: 2048-1024/0x06795314
Fingerprint: FB30 E334 8F04 F7D6 1FE7  2DFA 31D9 9052 0679 5314


----- Original Message -----
From: C. K. Lung <clung () hotmail com>
To: Firewall-Wizards <firewall-wizards () nfr net>
Sent: Wednesday, July 14, 1999 02:34
Subject: ODBC in DMZ

A user needs to use ODBC access a program in DMZ.  Do I need to open ports
or/and socket to allow the access?  What kind of security risk it would
post?  Any comments/suggestions are greatly appreciated.

Sincerely,

C.K.

Current thread:

ODBC in DMZ C. K. Lung (Jul 14)
- Re: ODBC in DMZ Stefan Norberg (Jul 15)
- Re: ODBC in DMZ Matt McClung (Jul 19)
- <Possible follow-ups>
- RE: ODBC in DMZ sean . kelly (Jul 15)
- Re: ODBC in DMZ Todd Johnson (Jul 15)
- RE: ODBC in DMZ C. K. Lung (Jul 15)
  - Re: ODBC in DMZ Stefan Norberg (Jul 16)
- RE: ODBC in DMZ John McDonald (Jul 15)
- Re: ODBC in DMZ Sean Costello (Jul 16)
- RE: ODBC in DMZ sean . kelly (Jul 16)
- RE: ODBC in DMZ sean . kelly (Jul 16)