RE: secure sql server 2000 over the internet

Hi Loane,

Thank you for posting in SBS newsgroup.

From the description, I understand the issue to be: you only want to allow
user to connect to SQL Server when they VPN to SBS. If I have misunderstood
your concerns, please do not hesitate to let me know.

To narrow down the problem, would you please help me collect the following
information?

1. Do you have ISA installed on SBS? Generally speaking, we can configure
the ISA server to publish the SQL services to the internet. We can define
the protocol definitions for the required port (TCP 1433) and then
configure the server publishing rules to open the ports to the internet. By
using the publishing, the SQL services will be exposed to the internet. The
remote SQL client will be able to establish the connection through normal
TCP/IP traffic. So please make sure ISA is not publishing the SQL services
or related rules are not open.
2. If you do not have ISA, please make sure your router is blocking the SQL
related ports.

More information for your reference:

Publishing a SQL Server Computer with ISA Server 2004
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/publishingsql.m
spx

837740 How to configure ISA Server 2004 and SQL Server Enterprise Manager
to connect Enterprise Manager through ISA to a Microsoft SQL server
http://support.microsoft.com/default.aspx?scid=kb;EN-US;837740

299673 How To Configure ISA Server 2000 and Enterprise Manager to Connect
Through ISA to a SQL Server
http://support.microsoft.com/default.aspx?scid=kb;EN-US;299673

Securing Your Windows Small Business Server 2003 Network
http://www.microsoft.com/downloads/details.aspx?familyid=f62b2722-267c-4642-
b287-c31115ef10a4&displaylang=en

I appreciate your time and look forward to hearing from you.

Best regards,

Crina Li (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Loane Sharp" <look_sharp_not@xxxxxxxxxxx>
| Subject: secure sql server 2000 over the internet
| Date: Mon, 17 Apr 2006 22:06:38 +0200

| Newsgroups: microsoft.public.windows.server.sbs

|
| Hi there
|
| We are running SQL Server 2000 on a machine running SBS 2003 which is
| directly attached to the Internet. We need to run queries from remote
| computers over the public internet, and we have always used VPN for this
| purpose. However, for some bizarre reason I have suddenly become able to
| connect to the SQL Server using the public internet FQDN of the server
| WITHOUT an active VPN connection. The SQL Server is set to use Windows
| authentication only, and the server as a whole passes all the Microsoft
| Baseline Security Analyser 2.0 tests, but I have lately seen a lot of
| attempts to connect to the server in the event logs ... "Login for user
'sa'
| failed. Not associated with a trusted SQL Server connection". I suspect
| there is something untoward going on.
|
| How can I retain our access to the SQL Server over the public internet but
| only using VPN?
|
| Best regards
| Loane
|
|
|
|

.

Relevant Pages

  • Re: .NET
    ... >> know a lot better than Thomas on the subject. ... > Microsoft changing the fact that the message from Microsoft a few years ... claim that "SQL Server was going to be a .Net app"? ... Microsoft Unveils Vision for Next Generation Internet ...
    (borland.public.delphi.non-technical)
  • Re: Web-based software update
    ... > firewall and therefore cannot be accessed directly from a Delphi ... Open the firewall to allow SQL Server traffic to pass through. ... Without using a VPN, ... you still have open data flowing over the internet, ...
    (borland.public.delphi.thirdpartytools.general)
  • Re: Best Pratice-Remore ADO Access
    ... > end app will be installed on clients and the SQL Server ... > use the Internet to move data back and forth. ... >> data over a WAN connection to a SQL Server. ... >> INSERT clause would be the most efficient method, ...
    (microsoft.public.vb.database.ado)
  • Re: remoting vs. direct sql connection
    ... I'd say that you should never expose your SQL Server directly to the ... Internet -- the security risks are simply far too great. ... Using either a web service or remoting will also somewhat help in relieving ... Remoting logically uses a connection per ...
    (microsoft.public.dotnet.framework.remoting)
  • Re: SQL CE Setup 101... C#
    ... the Internet Url. ... We have seen issues when we give IP address in internet ... Try using the sql server instance name. ... > // Create the Local SSCE Database subscription. ...
    (microsoft.public.sqlserver.ce)
Loading