Advice Needed: SQL Server in a DMZ

  • Hi

    I know very little about what a DMZ does but one has been set up by the Network Administrators and the SQL Server has been set up inside it. I have just started at this post and part of the role requires that I need to be able to replicate to remote locations.

    The problem I have is convincing the Network Administrator that the SQL server/DMZ can be set up such that we can allow secure outside access to the server for Replication. As far as I know that is the whole point of having the server inside the DMZ.

    At the moment I have been given restricted access into the SQL server itself such that I can't even maintain my own databases, but also it's been resticted by IP address too.

    The Network Administrator seems to think that allowing external access to the server and setting up SQL server logins into the server is insecure because "... SQL server passwords are very easily hacked...". I am sure this must have been done before and that there is a standard approach to doing this. Can somebody please help?

    Thanks

    Aoun

  • You will have to convince your Network Administrator that you are following a security policy and that your SQL Server logins are secure. SQL Server has a bad reputation due to the System Administrator account being set up with a blank password, etc.

  • One might ask what point there is in having a SQL Server that does not allow access ???? Well I guess it would be secure.

    To be blunt it sounds like both of you need to do a little reading up on the matter. To be honest the how to is too vast for a forum. I can give you some pointers ( although I didn't set up replication - it was an online mortgage application ) off forum by direct mail if you like?

    [font="Comic Sans MS"]The GrumpyOldDBA[/font]
    www.grumpyolddba.co.uk
    http://sqlblogcasts.com/blogs/grumpyolddba/

  • It depends on how your DMZ/firewalls are set up.  I work on an Air Force base and our web and SQL servers are in the DMZ.  Inside the base firewall, developers can get to the SQL server using NT authentication.  The web servers talk to the SQL Server using a SQL login/pw.  No one outside the DMZ/firewall (i.e. off-base hosts) can touch the SQL Server.  The SSL port 443 is open on the firewall so off-base hosts can hit the web server, which in-turn gets the data it needs from the SQL server as previously mentioned.  Works pretty well...

  • I understand your Network Admin's concern about the passwords. I agree with one of the other posters that I think both of you have a lot of reading to do on the subject. But here are a few things to consider:

    1) In order to hack the password, one has to be capable of capturing the particular login frame containing the user login if you're using SQL Server authentication. However, should you be able to accomplish this, decrypting the password is trivial.

    2) If you can't capture the password, you'd have to brute force the SQL Server and the one problem with SQL Server is it won't disable the user account if too many failures occur. However, a properly configured IDS should be able to alert you should someone attempt to brute force in.

    3) Replication without anything else will send the data across the wire unencrypted. Depending on the sensitivity of the data, this may be a bigger concern than the possibility of the password being compromised as someone could potentially read the data using a sniffer without getting the password and attempting an intrusion. Now, granted, across the Internet this is known to be difficult nigh impossible unless the attacker can know for sure a path along the Internet you are going to use. Hence the reason this doesn't usually get brought up.

    4) The use of SSL or IPSec (if possible) can go a long way to mitigating the admins concerns. I assume the replication outside of your network should be clearly defined and you should be able to restrict and encrypt the traffic accordingly using IPSec policies, at best, or encryption, at worst.

    5) As you've seen with the IP restriction already performed, the admin can similarly put into the access list on the firewall (and external router, if that's included in your setup) where only particular IPs can talk to the SQL Server. Reason being access to replication also means someone has access to log on. So you want to keep the IPs restricted.

     

    K. Brian Kelley
    @kbriankelley

  • Thanks for your help, I have a slight follow up/confirmation for what I should be doing.

    If I am understanding the situation correctly if I have to do external connections to SQL server from other SQL servers I should really be using SSL/other encryption for the connection.

    Can somebody please point me in the right direction for resources on how to set this up and how to connect using SSL/encryption?

    Thanks

    Aoun

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply