Solved

ODBC across the internet: firewall, security, encryption?

Posted on 2004-09-16
4
822 Views
Last Modified: 2008-03-10
Hi. I'm looking to build an application where a number of remote win2k systems on the internet connect to a central office server running XP and some recent version of SQL Server to transfer daily data.

Here's my concerns:
1) I don't have access to the firewalls on the remote systems -- they run NAT and allow outgoing connections, but there's no way to open ports. I'd think this would not be a problem because they will initiate the connection to the office computer where I do have access. On the central (office) server I just need port 1433 open?

2) It looks to me like the standard MS ODBC driver supports TCP/IP connections and can accept ip addresses as well as fqdn for server names. I don't want to try to get remote computers to have to join the office domain. I believe I can use "mixed" SQL authentication so SQL server authenticates remote users.

3) I guess my main question has to do with security -- does the standard ODBC driver encrypt the transmission? If not I'll need to set up STUNNEL or Zebedee to protect the stream.

So in summary:
1) ODBC -> SQL server can be happy with only port 1433?
2) SQL Server authentication will be fine with remote internet ODBC clients?
3) ODBC -> SQL Server isn't an ecrypted stream?

Thanks,
John
0
Comment
Question by:jhanna777
  • 3
4 Comments
 
LVL 34

Expert Comment

by:arbert
ID: 12078062
Do you have protocol encryption enabled on your SQL Server?  If not, you won't have protocol encryption from your clients.

I would recommend using a tunnel (like you suggested)--SSH or PPTP....
0
 
LVL 34

Expert Comment

by:arbert
ID: 12078065
(you could always user terminal services too--if you have the license)
0
 

Author Comment

by:jhanna777
ID: 12078139
Terminal Services isn't an option.

SQL Server has a "protocol encryption"? Where would I find the settigns for it?

SSH might work, but I've had trouble with openssh on NT/XP. I'm leaning toward Zebedee -- compression might also help data exchange -- I expect these data dumps to be somewhat lengthy (probably > 1mb) and highly repetitive.

j
0
 
LVL 34

Accepted Solution

by:
arbert earned 100 total points
ID: 12078381
I've had really good luck with WAC server from http://www.foxitsoftware.com and putty as the client--performance (when compressed) is awesome....

Here are two microsoft whitepapers on configuring prot encryption:

http://support.microsoft.com/default.aspx?scid=kb;en-us;276553&Product=sql2k

http://support.microsoft.com/default.aspx?scid=kb;en-us;318605&Product=sql2k

 


Brett
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
This videos aims to give the viewer a basic demonstration of how a user can query current session information by using the SYS_CONTEXT function
Via a live example, show how to shrink a transaction log file down to a reasonable size.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now