Firewall Wizards mailing list archives
Re: ODBC in DMZ
From: "Todd Johnson"<tejohnson () bpd treas gov>
Date: Thu, 15 Jul 1999 16:03:33 -0400
Hello, If it is MS Sql Server, you might want to take a look at the MS Knowledge Base article #: Q164667 (We had this article generated) You can essentially hack the NT registry to MAKE MS Multi-Protocol listen on what ever port you want. The knowledge base explains how to to it. This give you (at least) MS trusted connections (& what MS calls encryption) through a firewall/router (if you really want it). The only other Hypothetical way is to make MS re-code their IP Stack ;)... Todd Disclamer: I speak for my self, Not for the U.S. Treasury Department From: "Stefan Norberg" <stnor () sweden hp com> AT INTERNET on 07/15/99 11:16 AM To: "Firewall-Wizards" <firewall-wizards () nfr net> AT INTERNET@ccMail cc: (bcc: Todd Johnson/OIT/BPD) Subject: Re: ODBC in DMZ
C.K., ODBC is not a communications protocol. It relies on an underlying communications mechanism. For example: A client can access a MS SQL-server (using ODBC), via Named Pipes (yuck :P), MS RPC or TCP/IP Sockets (default port is 1433). In a DMZ I would recommend sockets, although this communication is in clear text, because it's only one port to open up. MS RPC is all high ports in all directions plus tcp/135. Named Pipes is NetBIOS-ssn (tcp/137). Use strong passwords. If possible - make the DB-replica read-only. /stefan --------------------------------------------------------------- ---- Stefan Norberg (stnor () sweden hp com) HP Consulting PGP-key: http://people.hp.se/stnor/stnor.asc KeyID: 2048-1024/0x06795314 Fingerprint: FB30 E334 8F04 F7D6 1FE7 2DFA 31D9 9052 0679 5314 ----- Original Message ----- From: C. K. Lung <clung () hotmail com> To: Firewall-Wizards <firewall-wizards () nfr net> Sent: Wednesday, July 14, 1999 02:34 Subject: ODBC in DMZ > A user needs to use ODBC access a program in DMZ. Do I need to open ports > or/and socket to allow the access? What kind of security risk it would > post? Any comments/suggestions are greatly appreciated. > > Sincerely, > > C.K. >
Attachment:
RFC822.TXT
Description:
Current thread:
- ODBC in DMZ C. K. Lung (Jul 14)
- Re: ODBC in DMZ Stefan Norberg (Jul 15)
- Re: ODBC in DMZ Matt McClung (Jul 19)
- <Possible follow-ups>
- RE: ODBC in DMZ sean . kelly (Jul 15)
- Re: ODBC in DMZ Todd Johnson (Jul 15)
- RE: ODBC in DMZ C. K. Lung (Jul 15)
- Re: ODBC in DMZ Stefan Norberg (Jul 16)
- RE: ODBC in DMZ John McDonald (Jul 15)
- Re: ODBC in DMZ Sean Costello (Jul 16)
- RE: ODBC in DMZ sean . kelly (Jul 16)
- RE: ODBC in DMZ sean . kelly (Jul 16)