In looking around the usergroup I found this reference to various setups of firewalls and SQL server access.
Is there a way of tightening up security if you only have one DMZ with a web server that is talking to an internal SQL server?(b)
With SQL there are a few schools of thought... there is no perfect solution...
a) Stick it in the DMZ - if you get hacked your SQL data could be compromised. Issues with viewing/updating the data internally.
b) Stick it in the LAN and create pinholes in the firewall. This allows easy internal access to the SQL server, network is under threat if server is compromised.
c) Two DMZs, one with webserver, the other with SQL server. Hacking into the SQL server is much harder as communication has to go through the firewall, hacker won't be able to penetrate into the network. Again problems with updating SQL server internally - and a little more complex to setup.
d) Two SQL servers, one in DMZ, one in LAN. The DMZ SQL server has a minimal data set,the LAN server has the full data set. Complex replication issues - securing the network and making replication is tough. Can a SQL server have a minimal data set that is safe to be comprised?
Is there a way of tightening up security if you only have one DMZ with a web server that is talking to an internal SQL server?(b)
With SQL there are a few schools of thought... there is no perfect solution...
a) Stick it in the DMZ - if you get hacked your SQL data could be compromised. Issues with viewing/updating the data internally.
b) Stick it in the LAN and create pinholes in the firewall. This allows easy internal access to the SQL server, network is under threat if server is compromised.
c) Two DMZs, one with webserver, the other with SQL server. Hacking into the SQL server is much harder as communication has to go through the firewall, hacker won't be able to penetrate into the network. Again problems with updating SQL server internally - and a little more complex to setup.
d) Two SQL servers, one in DMZ, one in LAN. The DMZ SQL server has a minimal data set,the LAN server has the full data set. Complex replication issues - securing the network and making replication is tough. Can a SQL server have a minimal data set that is safe to be comprised?