PaulDotCom mailing list archives
Re: MS-SQL in the DMZ
From: Juan Cortes <juanccortester () gmail com>
Date: Wed, 18 May 2011 08:15:12 -0500
Thanks Michael. So let me get this straight. there shouldnt be any comms from my sql server in the dmz to my internal network.. correct? which i agree. But comms to the sqlserver in the dmz from my internal network is ok? i am pushing to change the default port just for some comfort. thanks in advance On Tue, May 17, 2011 at 3:34 PM, Michael Dickey <lonervamp () gmail com> wrote:
One point of having a DMZ network is to isolate systems that accept untrusted connections from those that do not. A front-end web server accepts untrusted connections, but the SQL DB server does not; at least not directly. So if you have some other way to isolate the communication between those boxes so that one only talks to the other via something like a SQL port, then I guess feel free. Otherwise, the easiest best practice is to just say SQL DBs in the DMZ is a bad idea. If your web server gets popped, maybe even marginally, it could open up easy attacks into your SQL box. Of course, this is a whole new discussion if: - you're a small shop and/or might consider internal users as untrusted, but can't afford so many separate networks - you consider SQL owned if your front end web server is owned, which is a certain non-layered way to look at it On Tue, May 17, 2011 at 3:08 PM, Juan Cortes <juanccortester () gmail com>wrote:Hope all is well, Can anyone point or recommend a some resources for best practices for SQL DBs in the DMZ thanks -- Juan C. _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- Juan C. Cortes 773-531-0637 Chicago, Il 60632
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- MS-SQL in the DMZ Juan Cortes (May 17)
- Re: MS-SQL in the DMZ Michael Dickey (May 17)
- Re: MS-SQL in the DMZ Juan Cortes (May 18)
- Re: MS-SQL in the DMZ Dan McGinn-Combs (May 18)
- Re: MS-SQL in the DMZ Hembrow, Chris (May 19)
- Re: MS-SQL in the DMZ Chesmore, Michael [DAS] (May 20)
- Re: MS-SQL in the DMZ Dave (May 20)
- Re: MS-SQL in the DMZ Juan Cortes (May 18)
- Re: MS-SQL in the DMZ Michael Dickey (May 17)