Firewall Wizards mailing list archives

RE: ODBC in DMZ

From: John McDonald <Johnm () Networkguys com>
Date: Thu, 15 Jul 1999 15:52:27 -0700

Would It not be more secure to place the database on the inside network
instead of letting it hang out in the wind to be pinged by the world.
Then set up a rule on the rules base of your security enforcement point
stating that the only objects allowed to access this database are
objects behind your security enforcement point(the inside net) and the
server I'm guessing http since it's in your DMZ for the planet to
access)which requires that data in you data store?

Please tell me if I'm way off base here.

John D. McDonald 

Phone: 510.713.8880 ext. 306 
Fax:      510.713.3456 
E-mail: JohnM () NetworkGuys com
Web:    www.NetworkGuys.com

Elite Security Consulting 
              &
 Auditing Services

                -----Original Message-----
                From:   sean.kelly () lanston com
[mailto:sean.kelly () lanston com]
                Sent:   Thursday, July 15, 1999 8:34 AM
                To:     clung () hotmail com; firewall-wizards () nfr net
                Subject:        RE: ODBC in DMZ

                eSafe Protect Gateway (tm) has scanned this mail for 
                viruses, vandals and suspicious attachments and has
found it 
                to be CLEAN.


                > From: C. K. Lung [mailto:clung () hotmail com]
                > 
                > 
                > A user needs to use ODBC access a program in DMZ.  Do
I need 
                > to open ports
                > or/and socket to allow the access?  What kind of
security 
                > risk it would
                > post?  Any comments/suggestions are greatly
appreciated.

                I'm fairly sure it depends on the means of access.  If
it's a MSSQL server
                providing tcp/ip access, it will default to port 1433 on
the server.  You
                can specify that you want to make a tcp/ip connection in
the odbc config.
                If it's some other situation... I'm not sure offhand but
I'll bet there are
                a ton of articles in the microsoft knowledge base.  The
security risk would
                depend on what you had to open up, but assuming it is
access to a port on an
                sql server then you are potentially making access to
that server available
                to the world (though they'd still have to figure out a
username/password to
                do anything).

                Sean

Current thread:

ODBC in DMZ C. K. Lung (Jul 14)
- Re: ODBC in DMZ Stefan Norberg (Jul 15)
- Re: ODBC in DMZ Matt McClung (Jul 19)
- <Possible follow-ups>
- RE: ODBC in DMZ sean . kelly (Jul 15)
- Re: ODBC in DMZ Todd Johnson (Jul 15)
- RE: ODBC in DMZ C. K. Lung (Jul 15)
  - Re: ODBC in DMZ Stefan Norberg (Jul 16)
- RE: ODBC in DMZ John McDonald (Jul 15)
- Re: ODBC in DMZ Sean Costello (Jul 16)
- RE: ODBC in DMZ sean . kelly (Jul 16)
- RE: ODBC in DMZ sean . kelly (Jul 16)