Firewall Wizards mailing list archives

Re: ODBC in DMZ

From: "Todd Johnson"<tejohnson () bpd treas gov>
Date: Thu, 15 Jul 1999 16:03:33 -0400




       Hello,

       If it is MS Sql Server, you might want to take a look at the MS
       Knowledge Base article #: Q164667

       (We had this article generated)

       You can essentially hack the NT registry to MAKE MS
       Multi-Protocol listen on what ever port you want.
       The knowledge base explains how to to it.  This give you (at
       least) MS trusted connections (& what MS
       calls encryption) through a firewall/router (if you really want
       it).  The only other Hypothetical way is to
       make MS re-code their IP Stack ;)...


       Todd

       Disclamer:  I speak for my self, Not for the U.S. Treasury
       Department






       From: "Stefan Norberg" <stnor () sweden hp com> AT INTERNET on
             07/15/99 11:16 AM

       To:   "Firewall-Wizards" <firewall-wizards () nfr net> AT
             INTERNET@ccMail
       cc:    (bcc: Todd Johnson/OIT/BPD)

       Subject:  Re: ODBC in DMZ


       C.K.,
       ODBC is not a communications protocol. It relies on an
       underlying communications mechanism.
       For example:
       A client can access a MS SQL-server (using ODBC), via Named
       Pipes (yuck :P), MS RPC or TCP/IP Sockets (default port is
       1433).

       In a DMZ I would recommend sockets, although this communication
       is in clear text, because it's only one port to open up.

       MS RPC is all high ports in all directions plus tcp/135. Named
       Pipes is NetBIOS-ssn (tcp/137).

       Use strong passwords. If possible - make the DB-replica
       read-only.

       /stefan

       ---------------------------------------------------------------
       ----
       Stefan Norberg (stnor () sweden hp com)
       HP Consulting
       PGP-key: http://people.hp.se/stnor/stnor.asc
       KeyID: 2048-1024/0x06795314
       Fingerprint: FB30 E334 8F04 F7D6 1FE7  2DFA 31D9 9052 0679 5314


       ----- Original Message -----
       From: C. K. Lung <clung () hotmail com>
       To: Firewall-Wizards <firewall-wizards () nfr net>
       Sent: Wednesday, July 14, 1999 02:34
       Subject: ODBC in DMZ


       > A user needs to use ODBC access a program in DMZ.  Do I need
       to open ports > or/and socket to allow the access?  What kind
       of security risk it would
       > post?  Any comments/suggestions are greatly appreciated.
       >
       > Sincerely,
       >
       > C.K.
       >

Attachment: RFC822.TXT
Description:

Current thread:

ODBC in DMZ C. K. Lung (Jul 14)
- Re: ODBC in DMZ Stefan Norberg (Jul 15)
- Re: ODBC in DMZ Matt McClung (Jul 19)
- <Possible follow-ups>
- RE: ODBC in DMZ sean . kelly (Jul 15)
- Re: ODBC in DMZ Todd Johnson (Jul 15)
- RE: ODBC in DMZ C. K. Lung (Jul 15)
  - Re: ODBC in DMZ Stefan Norberg (Jul 16)
- RE: ODBC in DMZ John McDonald (Jul 15)
- Re: ODBC in DMZ Sean Costello (Jul 16)
- RE: ODBC in DMZ sean . kelly (Jul 16)
- RE: ODBC in DMZ sean . kelly (Jul 16)