Re: Access via internet?

Personally I would NEVER expose to the Internet, a SQL Server/MSDE that I
wanted to keep secure. Don't do it, simple as that. There are better ways
to do this kind of thing - Remote Desktop over a VPN is one of them.

However, I recognise that people like breaking the rules so here's how you
do it:

1. Set your SQL Server/MSDE to use Mixed Mode Authentication (see
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q325022 for details)
2. Open port 1433 on your firewall and tell your router's NAT to forward all
requests on port 1433 from the Internet to your SQL Server.
3. Sit around for a few hours while somebody brute force attacks your server
and destroys all your valuable corporate data
4. Er...that's it

I really cannot emphasis how dumb this is - IMHO the only reason that
Microsoft stuff gets hacked so often is not that it is fundamentally
insecure, it is that people do insecure things with it. Any of the recent
Microsoft Server products properly configured are as tough as the
competition.

The most secure way to expose data over the Intenet is through XML Web
Services. The great thing is that you can use the same technique to
securely manage your data internally too - definitely worth looking into.

hth

~Ben


"mikeb" <mike@xxxxxxxxxxxxxxxxxx> wrote in message
news:Oc39DfsZFHA.3340@xxxxxxxxxxxxxxxxxxxxxxx
> My way?? ack. No, really, I'm ignorant to this - I was just throwing out
> my initial ideas.
>
> So VPN is the best way to go then? Now I need to go find out some more
> info on VPN.
>
> Always open to further suggestion. or things to watch for.
>
> I am curious, what are some of the fallbacks to using VPN for
> SQLserver(msde) access? will the factory lose any other features of their
> network use? I'll go check out a server or vpn group now too.
>
> Thanks,
>
> -m
>


.

Relevant Pages

  • Re: Indecent pics of children and possession
    ... I think you have this arse about face; setting up secure and ... That's easy compared with VPN etc. ... Can you connect to the internet via Windows ... The police who trace ...
    (uk.legal)
  • Re: Internet Printing
    ... Does your short reply mean that VPN is the only secure way to do this? ... my Home computer network. ... printer from the internet when I'm on the road. ...
    (microsoft.public.win2000.networking)
  • Re: secure terminal services
    ... VPN is much more secure than publishing specific services. ... internet, the attacker, can discover your services with portscanner ...
    (microsoft.public.win2000.security)
  • Re: Acessing Internet Through LAN (How Secure)
    ... >> accessing to a LAN. ... How secure is this method of ... You could just VPN in to another LAN that has Internet Access. ...
    (uk.telecom.broadband)