How to setup a secure ODBC connection to SQL Server over the internet
Hi All:
I have an SQL Server at my office and a virtual server in amazon. I managed to connect an ODBC client in the VPS to the SQL server, so I already came across open ports and the basic tasks.
My concern now is to prevent anyone from hacking my database or my network, but I know nothing about how to do it.
Can anyone help me out?
Thank you.
I have an SQL Server at my office and a virtual server in amazon. I managed to connect an ODBC client in the VPS to the SQL server, so I already came across open ports and the basic tasks.
My concern now is to prevent anyone from hacking my database or my network, but I know nothing about how to do it.
Can anyone help me out?
Thank you.
Zberteoc
You will have ask Amazon to setup firewall rules to only allow remote connections to your SQL server from certain IP address, your company's.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
the key concern is sql by default should not be directly accessible through internet and do understand the business needs to be secure since exposing your crown jewels. there would be proxy fronting the sql ideally to filter and shield the sql, to extend not trusting any client connection unless authorised. the secure need to be protected minimally pt to pt from client to sql or to proxy if it exist.
nonetheless, do catch some MSDN article on configuring the FW and secure connection to the sql as below
connect sql over internet -
http://technet.microsoft.com/en-us/library/ms175483(v=sql.105).aspx
encrypt connection to sql-
http://technet.microsoft.com/en-us/library/ms191192(v=sql.105).aspx
configure FW to guard sql-
http://technet.microsoft.com/en-us/library/ms175043(v=sql.105).aspx
nonetheless, do catch some MSDN article on configuring the FW and secure connection to the sql as below
connect sql over internet -
http://technet.microsoft.com/en-us/library/ms175483(v=sql.105).aspx
encrypt connection to sql-
http://technet.microsoft.com/en-us/library/ms191192(v=sql.105).aspx
configure FW to guard sql-
http://technet.microsoft.com/en-us/library/ms175043(v=sql.105).aspx
set your firewall rules for port 1433 to only allow from the local network AND the ip address of your amazon web service.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for all the comments. I'll work on it and feedback.
ASKER
Hi again:
I finally created a VPC using the "VPC with a Private Subnet Only and Hardware VPN Access", like Mark Wills suggested.
I managed to create a VPN between the VPC and my LAN, so now the connection from the software running in my EC2 instances and my SQL Server in my LAN will be made through the VPN.
Should I bother now about SQL connection encryption or is it already encrypted by the VPN?
Thank you.
I finally created a VPC using the "VPC with a Private Subnet Only and Hardware VPN Access", like Mark Wills suggested.
I managed to create a VPN between the VPC and my LAN, so now the connection from the software running in my EC2 instances and my SQL Server in my LAN will be made through the VPN.
Should I bother now about SQL connection encryption or is it already encrypted by the VPN?
Thank you.
ASKER
Hi again:
I finally created a VPC using the "VPC with a Private Subnet Only and Hardware VPN Access", like Mark Wills suggested.
I managed to create a VPN between the VPC and my LAN, so now the connection from the software running in my EC2 instances and my SQL Server in my LAN will be made through the VPN.
Should I bother now about SQL connection encryption or is it already encrypted by the VPN?
Thank you.
I finally created a VPC using the "VPC with a Private Subnet Only and Hardware VPN Access", like Mark Wills suggested.
I managed to create a VPN between the VPC and my LAN, so now the connection from the software running in my EC2 instances and my SQL Server in my LAN will be made through the VPN.
Should I bother now about SQL connection encryption or is it already encrypted by the VPN?
Thank you.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Besides the VPN, you can encrypt connections between your application and your DB Instance using SSL.
also from faq https://aws.amazon.com/rds/faqs/
also from faq https://aws.amazon.com/rds/faqs/
Q: Can I encrypt connections between my application and my DB Instance using SSL?
Yes, however, this option is currently only supported for the MySQL, SQL Server, and PostgreSQL engines.
Amazon RDS generates an SSL certificate for each DB Instance. Once an encrypted connection is established, data transferred between the DB Instance and your application will be encrypted during transfer. If you require your data to be encrypted while “at rest” in the database, your application must manage the encryption and decryption of data. Also note that SSL support within Amazon RDS is for encrypting the connection between your application and your DB Instance; it should not be relied on for authenticating the DB Instance itself.
While SSL offers security benefits, be aware that SSL encryption is a compute-intensive operation and will increase the latency of your database connection.
Q: How do I secure Amazon RDS DB Instances running within my VPC?
VPC Security Groups can be used to help secure DB Instances within an Amazon VPC. In addition, network traffic entering and exiting each subnet can be allowed or denied via network Access Control Lists (ACLs). All network traffic entering or exiting your VPC via your IPsec VPN connection can be inspected by your on-premise security infrastructure, including network firewalls, intrusion detection and prevention systems.
ASKER
Thanks for you comment, breadtan, but I'm not using Amazon RDS instances at all. My SQL Server is running in my LAN.
I configured a VPN between my LAN and my virtual private cloud (VPC) in Amazon. Now my EC2 instances connect to my SQL Server through the VPN with no special configuration in SQL Server.
Thank you all.
I configured a VPN between my LAN and my virtual private cloud (VPC) in Amazon. Now my EC2 instances connect to my SQL Server through the VPN with no special configuration in SQL Server.
Thank you all.