Adding remote security, to SQL 2000 Server

[IndyGill]

Hi

I have a SQL 2000 Server database that I need to share with another organisation that is not on our LAN. I have a rich client application that will sit on the remote network and will log into my database. So I have created a policy on my firewall to allow incoming traffic from a certain IP and have it redirected to my SQL Server on port 1433, and then allow packets back out to this certain IP. The application works fine, however im just a bit worried about the security of it.

As the database contains sensitive information and none of the packets are encrypted. So im wondering:

1) Am I OK to use this port or is there another port that comes with MS SQL Server that will offer me greater security.

2) Is there anyway I can encrypted the information that is being sent over the Internet.

3) Or can anybody else suggest a better way of doing this?

4) Also by having this port open would they be able to remotely connect via enterprise manager to my SQL Server. As I dont want them to have access to the raw tables etc...

Many thanks in advance

 

[VogonHitchhiker]

One way to improve this overall is to set up a VPN connection between your customer and you. Use it for the SQL connection and close 1433. This encrypts the data while also making it harder to spoof the IP of your partner.