PaulDotCom mailing list archives
Re: MS-SQL in the DMZ
From: Michael Dickey <lonervamp () gmail com>
Date: Tue, 17 May 2011 15:34:05 -0500
One point of having a DMZ network is to isolate systems that accept untrusted connections from those that do not. A front-end web server accepts untrusted connections, but the SQL DB server does not; at least not directly. So if you have some other way to isolate the communication between those boxes so that one only talks to the other via something like a SQL port, then I guess feel free. Otherwise, the easiest best practice is to just say SQL DBs in the DMZ is a bad idea. If your web server gets popped, maybe even marginally, it could open up easy attacks into your SQL box. Of course, this is a whole new discussion if: - you're a small shop and/or might consider internal users as untrusted, but can't afford so many separate networks - you consider SQL owned if your front end web server is owned, which is a certain non-layered way to look at it On Tue, May 17, 2011 at 3:08 PM, Juan Cortes <juanccortester () gmail com>wrote:
Hope all is well, Can anyone point or recommend a some resources for best practices for SQL DBs in the DMZ thanks -- Juan C. _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- MS-SQL in the DMZ Juan Cortes (May 17)
- Re: MS-SQL in the DMZ Michael Dickey (May 17)
- Re: MS-SQL in the DMZ Juan Cortes (May 18)
- Re: MS-SQL in the DMZ Dan McGinn-Combs (May 18)
- Re: MS-SQL in the DMZ Hembrow, Chris (May 19)
- Re: MS-SQL in the DMZ Chesmore, Michael [DAS] (May 20)
- Re: MS-SQL in the DMZ Dave (May 20)
- Re: MS-SQL in the DMZ Juan Cortes (May 18)
- Re: MS-SQL in the DMZ Michael Dickey (May 17)