Firewall Wizards mailing list archives
RE: ODBC in DMZ
From: John McDonald <Johnm () Networkguys com>
Date: Thu, 15 Jul 1999 15:52:27 -0700
Would It not be more secure to place the database on the inside network instead of letting it hang out in the wind to be pinged by the world. Then set up a rule on the rules base of your security enforcement point stating that the only objects allowed to access this database are objects behind your security enforcement point(the inside net) and the server I'm guessing http since it's in your DMZ for the planet to access)which requires that data in you data store? Please tell me if I'm way off base here. John D. McDonald Phone: 510.713.8880 ext. 306 Fax: 510.713.3456 E-mail: JohnM () NetworkGuys com Web: www.NetworkGuys.com Elite Security Consulting & Auditing Services -----Original Message----- From: sean.kelly () lanston com [mailto:sean.kelly () lanston com] Sent: Thursday, July 15, 1999 8:34 AM To: clung () hotmail com; firewall-wizards () nfr net Subject: RE: ODBC in DMZ eSafe Protect Gateway (tm) has scanned this mail for viruses, vandals and suspicious attachments and has found it to be CLEAN. > From: C. K. Lung [mailto:clung () hotmail com] > > > A user needs to use ODBC access a program in DMZ. Do I need > to open ports > or/and socket to allow the access? What kind of security > risk it would > post? Any comments/suggestions are greatly appreciated. I'm fairly sure it depends on the means of access. If it's a MSSQL server providing tcp/ip access, it will default to port 1433 on the server. You can specify that you want to make a tcp/ip connection in the odbc config. If it's some other situation... I'm not sure offhand but I'll bet there are a ton of articles in the microsoft knowledge base. The security risk would depend on what you had to open up, but assuming it is access to a port on an sql server then you are potentially making access to that server available to the world (though they'd still have to figure out a username/password to do anything). Sean
Current thread:
- ODBC in DMZ C. K. Lung (Jul 14)
- Re: ODBC in DMZ Stefan Norberg (Jul 15)
- Re: ODBC in DMZ Matt McClung (Jul 19)
- <Possible follow-ups>
- RE: ODBC in DMZ sean . kelly (Jul 15)
- Re: ODBC in DMZ Todd Johnson (Jul 15)
- RE: ODBC in DMZ C. K. Lung (Jul 15)
- Re: ODBC in DMZ Stefan Norberg (Jul 16)
- RE: ODBC in DMZ John McDonald (Jul 15)
- Re: ODBC in DMZ Sean Costello (Jul 16)
- RE: ODBC in DMZ sean . kelly (Jul 16)
- RE: ODBC in DMZ sean . kelly (Jul 16)