|
Posted by karl levinson, mvp on November 29, 2005, 8:37 pm
Please log in for more thread options
I think you mean 2nd SQL server? One DMZ is sufficient. Not all holes in
firewalls are equal in terms of security, some are worse than others. For
example, holes that let inbound traffic from the DMZ or Internet to your
internal network are generally worse than holes that let your internal
network to the DMZ, Windows networking holes are arguably worse than SQL
holes, IPSec tunneling is arguably worse than opening up holes for the
actual protocols, depending. One reason for this is to avoid someone who
compromises a DMZ server from gaining easy access to be able to hop via an
open inbound firewall port to your internal network.
If you only had one SQL server, I would probably put it in the DMZ, instead
of letting your web server connect to a internal SQL server. The reason is
that a hacker that hacked your web server could then theoretically enter
your internal network via this channel. However, if you did this, you would
want to engineer the authentication so that your SQL server in the DMZ does
not need to authenticate users via a domain controller on your internal
network. There are a bunch of different ways to ensure this is not needed.
This solution would probably be secure enough, especially if the only people
that need to directly connect to your SQL server is the DMZ web server [to
service your internal and external users data requests] and a handful of
developers. Having two servers might arguably be more secure because you
can then configure your setup so that the semi-trusted DMZ servers never
have need to open a connection to your internal LAN, and if desired, you can
permit your internal SQL server to do more such as open its own connections
to other internal servers, authenticate users using your internal domain
controllers, etc. Which way you decide to go is entirely up to you.
> Karl, thanks for the reply. How does having a 2nd dmz make it more secure
> besides isolation? YOu still have to punch holes in your firewall
> correct?
>>
>>>I would like to know what the suggestions are for designing a secure
>>>solution for Windows servers and SQL. I have a Windows 2000 server that
>>>is my web server - this server is in the dmz. This server has pages that
>>>access a SQL server. The SQL server hosts a database that is used both
>>>internally and externally and needs to be updated by someone internal.
>>>My question is where this SQL server should be placed - on the lan and do
>>>file replication or in the dmz and open up the firewall for sql traffic.
>>
>> I would suggest any solution that prevents the servers in the DMZ from
>> opening inbound connections into your internal LAN and requires that
>> connections be established from your LAN to the DMZ. Having two SQL
>> servers, one on the LAN, one in the DMZ, that are synchronized by the
>> server on the LAN sounds most secure, but then you want to make sure the
>> synchronization works for you and does not cause unacceptable data
>> discrepancies.
>>
>> A cheaper solution that is probably secure enough would be to have the
>> one SQL server in the DMZ -- preferably a second DMZ for example using an
>> additional network interface in your firewall or an additional
>> inexpensive firewall like the www.netscreen.com "5" series, so that the
>> SQL server is firewalled from both the LAN and the web server -- AND only
>> allow connections from the LAN to the SQL server.
>>
>> Note that using IPSec authentication and encryption does not make it safe
>> to permit connections from the DMZ web server to a server on your LAN,
>> because attackers may be able to use that connection.
>>
>>
>>
>
>
| 
XML Sitemap