Secure Webserver with Database

Posted on 2011-10-13
Last Modified: 2012-05-12
We are looking to deploy a 2008 R2 WebServer that will be public facing. It requires a SQL Database and I was wondering what is best practices for securing that Database. Do we install SQL on the webserver itself?
I am afraid if we install the web database instance on our main database, that it could be compromised. What are the best practices on this? I cant seem to find a concrete answer anywhere.
Question by:vschill
    LVL 5

    Accepted Solution

    I would say avoid putting the DB on the webserver at all costs. We generally run a hardened webserver fully patched with minimum amount of services, a redirect for http traffic so everything is over ssl. A port open from the webserver to the DB with filtering and av/intrusion detection on the firewall and ip's locked down from the webserver to the db through the firewall.

    Author Closing Comment

    Good overview, not very detailed.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    Healthcare providers, insurance companies and other covered entities trust eFax Corporate to transmit their most sensitive documents. eFax Corporate can help your organization implement a HIPAA compliant cloud faxing solution.
    Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    25 Experts available now in Live!

    Get 1:1 Help Now