Solved

Security help: SQL Server, cable modem and a linksys router

Posted on 2004-10-03
5
452 Views
Last Modified: 2010-04-09
Hello everyone,

I'm a self starter and I have been working with building some .NET applications for my business.  I have also have been using SQL Server 2000 for a number of years with these applications.  

Last week I wrote a great little app for remote access to my SQL Server. My office is connected to the internet by a cable modem through a Linksys BRFSR41v3 router. I changed the SQL Server receiving port from 1433 to well...something else and routed incoming traffic on that port to the SQL Server box.  I'm also using some pretty complex passwords. My application is connecting to the SQL Server and running just fine. In fact, by letting some employees work from home, this new app could save me hundreds of hours of work in the next year, not to mention dollars. OK, let’s mention dollars. If my SQL Server gets hacked, I loose many of them.

Now that I've opened that port to the outside world, I'm starting to get a bit nervous. I know I can filter out all incoming IP's except the one's I allow to connect but all users won't always have a static IP address. What would you do next?  Thanks!
0
Comment
Question by:Justin_Case_77
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 12216285
I would setup a secure VPN server and let users VPN in from home and use the private IP's.
There are plenty of people out there with time on their hands to scan your IP subnet and discover SQL running on a non-standard port and start poking around.
0
 
LVL 3

Author Comment

by:Justin_Case_77
ID: 12230467
After some reading, I discovered that I can write a web service that will return datasets to my apps. I am using IIS (W2K) with port 80 already exposed. Do you think a web service would be more secure than exposing the SQL Server port?  If so, what kind of performance hit might I encur?
0
 
LVL 3

Accepted Solution

by:
Felix2000 earned 250 total points
ID: 12235377
You must determine your level of security. Running SQL on a non standard port or via a web interface is still a bad idea if you have something to lose.
You also have to remember now that your data being returned and sent is being sent in clear text (unless your app encrypts it) so the possiblities of somebody also seeing data in transit also exists.
As lrmoore suggested a VPN is a great idea and probably the best.
Another option is to run an SSH server on a machine (preferable the mysql box). And setup SSH port forwarding.  Essentially poor mans VPN.

So the client runs an SSH client and connect to your box, the port forward will forward say 3306 from their local machine through an encrypted ssh tunnel to say the localhost(127.0.0.1) 3306 of you mysql box.
With this you get encrypts plus someone must break another level of security (ssh passwords) to begin getting at your mysql server.

-= Felix2000 =-
0
 
LVL 3

Author Comment

by:Justin_Case_77
ID: 12245179
Thanks Guys,

What do you think of the Smart Client Idea as a remedy? Be patient. I'll award the points soon.
0
 
LVL 3

Expert Comment

by:Felix2000
ID: 12245206
What is the Smart Client? Is that the web service?

-= Felix =-
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question