[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 574
  • Last Modified:

MySQL/MyODBC Remote Access Security

Hi,

I am looking at sharing a small (2Mb) DB across several sites over the internet using an MS Access front end and MySQL back end.  I have tried this by setting up a remote DSN using MyODBC and it seems to work well.  The only thing I am concerned about is security.     I am aware that you can set passwords and limit IP addresses.  I am aware that the data is not encrypted.     Are there real security issues with this?      How can I resolve these?    Can I use a VPN and/or firewall to improve security?  One limiting factor is that it has to work over a 56K connection.
0
lnwright
Asked:
lnwright
  • 2
2 Solutions
 
andydisCommented:
yes please use a VPN....
there are alot of my sql vulnerbilities but i cant post them here (fink they are banned)

do a google search for mysql and exploit and see what happens

ref:
Mysql 3.23.x/4.0.x Remote mysql privileges Exploit
 



/* Mysql 3.23.x/4.0.x remote exploit
* proof of concept
* using jmp *eax
* bkbll (bkbll cnhonker.net,bkbll tom.com) 2003/09/12
* compile:gcc -o mysql mysql.c -L/usr/lib/mysql -lmysqlclient
* DO NOT DISTRUBITED IT

 
0
 
lnwrightAuthor Commented:
Thanks for the comment.    I am thinking of using SSH tunnel.   Would that be better?
0
 
andydisCommented:
ssh Vs VPN>



SSH=
SSH is an advanced protocol providing secure encrypted remote communications over an unsecured channel, such as the Internet. A hostile user that has control over the network can only force SSH session to disconnect, but cannot decrypt or play back the traffic, or hijack the connection. SSH replaces telnet, r services and other third-party applications. SSH protocol version1 and 2 are available on the market today. Protocol version 2 is considered to be more secure than protocol version 1 because it uses the Diffie-Helmann algorithm for host authentication. This algorithm prevents passwords from being stolen during the login process.

Using the SSH port forwarding feature, systems administrators can select only the applications they want to encrypt, based on their corporate security policy. This reduces creating unnecessary potential network overhead that is associated with encryption. Any application that has a static port assignment, such as POP, SMTP, and Oracle database connections can be encrypted.


VPN=
An IP-based Virtual Private Network (VPN) provides a secure tunnel for transmitting data through an unsecured network such as the Internet. There are several protocols that can be used to achieve this including PPTP, L2TP, L2F, and IPSEC. IPSEC is the only protocol that is an IETF standard. A VPN is "virtual" because it does not require dedicated lines. It is "private" because encryption is used to achieve security. It also uses an IP "network" for communication.

Conclusion,

vpn would be easier to manage and implement, all hardware/software companies now are heading in or have taken up VPn technology, the next stagew to this would be SSL VPn's where SSH would become obsolete

0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now