April 19, 2016 at 2:23 pm
Is mixing the DMZ and internal databases on a single cluster a bad idea?
I just built a big, new cluster 2014 cluster. I am moving the DMZ databases out of the DMZ and onto this internal server. The question is: Since this Instance is servicing public facing applications in the DMZ, is it safe to also put databases on it that are facing internal applications? It is big, and much faster than the aging current internal cluster, but am I exposing my data unnecessarily? Is there an outstanding security risk?
-f:cool:
April 19, 2016 at 9:13 pm
morleyf (4/19/2016)
Is mixing the DMZ and internal databases on a single cluster a bad idea?... Since this Instance is servicing public facing applications in the DMZ, is it safe to also put databases on it that are facing internal applications?
The goal of rooting a SQL Server is not just the data in a database, it's the SQL instance and physical server, through which further attacks can be launched.
A single SQL Server endpoint in a cluster exposes the entire cluster.
-Eddie
Eddie Wuerch
MCM: SQL
April 20, 2016 at 9:07 am
Yes. Thought the same, but needed a second opinion. Thank you.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply