Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 244
  • Last Modified:

Firewall and SQL Server DTS

Hello all.  I have a question we are trying to setup a new Web Server In-House and we just increased our bandwith to a full T1.  We are in the process of purchasing a new Web Server box and setup a firewall with it.  I have a SQL Server internal production system in which I need to setup a DTS package only going out through the firewall somehow to push data out to the Web side of things.  I dont need to replicate data coming in just re-push things out every hour or so.   Is there a way to accomplish this without compomising the internal network and production database?  I am trying to setup some tests to handle all this.  There is another network admin who will work with me on setting the box up etc.  Thanks all
0
sbornstein2
Asked:
sbornstein2
  • 4
  • 2
1 Solution
 
nodiscoCommented:
I would recommend putting in a hardware based firewall with DMZ for your Webserver/SQL Server.  A Cisco PIX515e for example - you can control specific port access to and from the webserver and keep your internal network protected completely from outside attacks.

                  Internet router
                      |
                 PIX 515e---DMZ       Webserver/SQL Server
                      |
                Inside network

Please post further queries re same
0
 
sbornstein2Author Commented:
ok thats good.  Is there a way to open up a port for only allowing incoming data from our internal SQL Server but not allowing nothing to come in?  Is there a certain port for this for SQL Server etc.  Thanks
0
 
nodiscoCommented:
With the pix, you can specify what traffic on what port can or cannot go out what interface - its very secure and straight forward.  Port 1521 for SQL
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
nodiscoCommented:
Sorry - port 1433!  1521 if you are using Oracle!
0
 
sbornstein2Author Commented:
So in SQL Server do you know lets say the firewall is setup which I am still learning a good deal about firewalls.  I have a SQL Production database on a SQL Server in the internal network.  I need to setup a DTS Package to run on the production server to push data out through the firewall and into a database on the Web Server on the DMZ.  Can I allow incoming data from that specific box and only allow it coming through and nothing to come in at the production system?  Then can I setup a DTS Package where it will recognize that Server name when creating a DTS Package or IP or whatever so I can setup the DTS Push?  I just want to make sure there is no way anything can compromise that production database or internal network in anyway.
0
 
nodiscoCommented:
Ok - I am no expert in SQL but what you want to do is entirely possible with what i suggested.  I'll explain how this works:
There are 3 interfaces on the firewall - inside, outside and in your case, DMZ.  Each has its own security level - Lowest is outside, DMZ in the middle and inside is highest.  By default, before you allow or disallow anything, traffic will not pass from a lower secuirty level to a higher one.  You MUST stipulate if this is to happen.  So incoming traffic from the internet will not get in from the outside to the DMZ nor will traffic from the DMZ get to the internal network.

Your SQL production database on the SQL server is on the internal network - highest security.  Nothing can get to this unless you allow it to, and even then, you can stipulate exactly what ip address, ip address range or port that can access it.

The Web Server is on the DMZ network - nothing can reach it from the internet unless you say so - again you can stipulate exactly what ip address, ip address range or port that can access it.

You can allow external servers to access the web server from the internet - for just browsing as a web server - open up port 80 and nothing else.
You can allow the SQL box to send updates to the Web Server on the DMZ - and nothing else.
And all the time, nothing can get in to the internal network from the internet - you are protecting it by allowing no traffic through from outside to inside.

Hope this answers your query



0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now