WebServer  USing SQL Server

k186149101400 used Ask the Experts™
I am developing an e-commerce site.  This site sits on our webserver in the DMZ.  What is the best way to set the webserver up for security when it needs to access SQL Server tables inside the network.

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Les MooreSr. Systems Engineer
Top Expert 2008

Just set up a similar config last week. Web server in DMZ with SSL enabled to encrypt all data to web users. Setup IPSEC tunnel to the firewall with rules to only allow traffic to/from the SQL server through this tunnel. This way, if any server on the DMZ gets compromized with a trojan sniffer, only encrypted data can be intercepted on the wire.

I agree with Lmoore, but you could also go the SSL route.  MS SQL supports forcing protocol encryption for client connections.  Depending on the type of firewall you are using, it may be easier to pass SSL traffic than to terminate IPSEC.


How would I go about setting up this



If you don't think the answer is clear, you should ask for more information.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial