?
Solved

Security help: SQL Server, cable modem and a linksys router

Posted on 2004-10-03
5
Medium Priority
?
453 Views
Last Modified: 2010-04-09
Hello everyone,

I'm a self starter and I have been working with building some .NET applications for my business.  I have also have been using SQL Server 2000 for a number of years with these applications.  

Last week I wrote a great little app for remote access to my SQL Server. My office is connected to the internet by a cable modem through a Linksys BRFSR41v3 router. I changed the SQL Server receiving port from 1433 to well...something else and routed incoming traffic on that port to the SQL Server box.  I'm also using some pretty complex passwords. My application is connecting to the SQL Server and running just fine. In fact, by letting some employees work from home, this new app could save me hundreds of hours of work in the next year, not to mention dollars. OK, let’s mention dollars. If my SQL Server gets hacked, I loose many of them.

Now that I've opened that port to the outside world, I'm starting to get a bit nervous. I know I can filter out all incoming IP's except the one's I allow to connect but all users won't always have a static IP address. What would you do next?  Thanks!
0
Comment
Question by:Justin_Case_77
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 12216285
I would setup a secure VPN server and let users VPN in from home and use the private IP's.
There are plenty of people out there with time on their hands to scan your IP subnet and discover SQL running on a non-standard port and start poking around.
0
 
LVL 3

Author Comment

by:Justin_Case_77
ID: 12230467
After some reading, I discovered that I can write a web service that will return datasets to my apps. I am using IIS (W2K) with port 80 already exposed. Do you think a web service would be more secure than exposing the SQL Server port?  If so, what kind of performance hit might I encur?
0
 
LVL 3

Accepted Solution

by:
Felix2000 earned 500 total points
ID: 12235377
You must determine your level of security. Running SQL on a non standard port or via a web interface is still a bad idea if you have something to lose.
You also have to remember now that your data being returned and sent is being sent in clear text (unless your app encrypts it) so the possiblities of somebody also seeing data in transit also exists.
As lrmoore suggested a VPN is a great idea and probably the best.
Another option is to run an SSH server on a machine (preferable the mysql box). And setup SSH port forwarding.  Essentially poor mans VPN.

So the client runs an SSH client and connect to your box, the port forward will forward say 3306 from their local machine through an encrypted ssh tunnel to say the localhost(127.0.0.1) 3306 of you mysql box.
With this you get encrypts plus someone must break another level of security (ssh passwords) to begin getting at your mysql server.

-= Felix2000 =-
0
 
LVL 3

Author Comment

by:Justin_Case_77
ID: 12245179
Thanks Guys,

What do you think of the Smart Client Idea as a remedy? Be patient. I'll award the points soon.
0
 
LVL 3

Expert Comment

by:Felix2000
ID: 12245206
What is the Smart Client? Is that the web service?

-= Felix =-
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question