• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 196
  • Last Modified:

Secure Webserver with Database

We are looking to deploy a 2008 R2 WebServer that will be public facing. It requires a SQL Database and I was wondering what is best practices for securing that Database. Do we install SQL on the webserver itself?
I am afraid if we install the web database instance on our main database, that it could be compromised. What are the best practices on this? I cant seem to find a concrete answer anywhere.
1 Solution
I would say avoid putting the DB on the webserver at all costs. We generally run a hardened webserver fully patched with minimum amount of services, a redirect for http traffic so everything is over ssl. A port open from the webserver to the DB with filtering and av/intrusion detection on the firewall and ip's locked down from the webserver to the db through the firewall.
vschillAuthor Commented:
Good overview, not very detailed.

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now