Solved

ODBC across the internet: firewall, security, encryption?

Posted on 2004-09-16
4
824 Views
Last Modified: 2008-03-10
Hi. I'm looking to build an application where a number of remote win2k systems on the internet connect to a central office server running XP and some recent version of SQL Server to transfer daily data.

Here's my concerns:
1) I don't have access to the firewalls on the remote systems -- they run NAT and allow outgoing connections, but there's no way to open ports. I'd think this would not be a problem because they will initiate the connection to the office computer where I do have access. On the central (office) server I just need port 1433 open?

2) It looks to me like the standard MS ODBC driver supports TCP/IP connections and can accept ip addresses as well as fqdn for server names. I don't want to try to get remote computers to have to join the office domain. I believe I can use "mixed" SQL authentication so SQL server authenticates remote users.

3) I guess my main question has to do with security -- does the standard ODBC driver encrypt the transmission? If not I'll need to set up STUNNEL or Zebedee to protect the stream.

So in summary:
1) ODBC -> SQL server can be happy with only port 1433?
2) SQL Server authentication will be fine with remote internet ODBC clients?
3) ODBC -> SQL Server isn't an ecrypted stream?

Thanks,
John
0
Comment
Question by:jhanna777
  • 3
4 Comments
 
LVL 34

Expert Comment

by:arbert
ID: 12078062
Do you have protocol encryption enabled on your SQL Server?  If not, you won't have protocol encryption from your clients.

I would recommend using a tunnel (like you suggested)--SSH or PPTP....
0
 
LVL 34

Expert Comment

by:arbert
ID: 12078065
(you could always user terminal services too--if you have the license)
0
 

Author Comment

by:jhanna777
ID: 12078139
Terminal Services isn't an option.

SQL Server has a "protocol encryption"? Where would I find the settigns for it?

SSH might work, but I've had trouble with openssh on NT/XP. I'm leaning toward Zebedee -- compression might also help data exchange -- I expect these data dumps to be somewhat lengthy (probably > 1mb) and highly repetitive.

j
0
 
LVL 34

Accepted Solution

by:
arbert earned 100 total points
ID: 12078381
I've had really good luck with WAC server from http://www.foxitsoftware.com and putty as the client--performance (when compressed) is awesome....

Here are two microsoft whitepapers on configuring prot encryption:

http://support.microsoft.com/default.aspx?scid=kb;en-us;276553&Product=sql2k

http://support.microsoft.com/default.aspx?scid=kb;en-us;318605&Product=sql2k

 


Brett
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I wrote this interesting script that really help me find jobs or procedures when working in a huge environment. I could I have written it as a Procedure but then I would have to have it on each machine or have a link to a server-related search that …
When you hear the word proxy, you may become apprehensive. This article will help you to understand Proxy and when it is useful. Let's talk Proxy for SQL Server. (Not in terms of Internet access.) Typically, you'll run into this type of problem w…
Using examples as well as descriptions, and references to Books Online, show the different Recovery Models available in SQL Server and explain, as well as show how full, differential and transaction log backups are performed
Viewers will learn how the fundamental information of how to create a table.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now