Hi,
I need to publish my computer on the internet which is on a company network.
in the network we have a server that connects to the internet and gives
internet access to all the company computers.
I'm running a sql server on my compuer and I need to access it through the
internet.
Also, I need to know how do I secure the connection to my
server/computer/company.
Any info on this would be great!!Tomer,
I had a bit of trouble understanding what you are asking, I will recap.
You have a corporate network connected to the internet via a proxy
server (let's call this PROXY1). You want to "publish" your computer on
the internet, which resides behind PROXY1. What do you mean by
"publish"? Is it a web site, an FTP site, a database, remote desktop
connection, what?
You are running SQL Server on "my computer". Is this in the corporate
network or on the internet at home? Please clarify these points very
carefully (take a bit of time) as they will have a significant bearing
on the accuracy of the responses you will get.
--
Mark Allison, SQL Server MVP
http://www.markallison.co.uk
Looking for a SQL Server replication book?
http://www.nwsu.com/0974973602.html
Tomer wrote:
> Hi,
> I need to publish my computer on the internet which is on a company network.
> in the network we have a server that connects to the internet and gives
> internet access to all the company computers.
> I'm running a sql server on my compuer and I need to access it through the
> internet.
> Also, I need to know how do I secure the connection to my
> server/computer/company.
> Any info on this would be great!!
>|||Hi,
My computer is part of the company computer network and connects to the
internet through the company server which connects to the internet with an
adsl modem installed on it.
I have a sql server 2000 installed on my computer and I wish to access it
from 'outside' through the internet and access its databases.
"Mark Allison" <marka@.no.tinned.meat.mvps.org> wrote in message
news:eaZoMCsfEHA.140@.TK2MSFTNGP12.phx.gbl...
> Tomer,
> I had a bit of trouble understanding what you are asking, I will recap.
> You have a corporate network connected to the internet via a proxy
> server (let's call this PROXY1). You want to "publish" your computer on
> the internet, which resides behind PROXY1. What do you mean by
> "publish"? Is it a web site, an FTP site, a database, remote desktop
> connection, what?
> You are running SQL Server on "my computer". Is this in the corporate
> network or on the internet at home? Please clarify these points very
> carefully (take a bit of time) as they will have a significant bearing
> on the accuracy of the responses you will get.
> --
> Mark Allison, SQL Server MVP
> http://www.markallison.co.uk
> Looking for a SQL Server replication book?
> http://www.nwsu.com/0974973602.html
>
> Tomer wrote:
> > Hi,
> > I need to publish my computer on the internet which is on a company
network.
> > in the network we have a server that connects to the internet and gives
> > internet access to all the company computers.
> > I'm running a sql server on my compuer and I need to access it through
the
> > internet.
> > Also, I need to know how do I secure the connection to my
> > server/computer/company.
> >
> > Any info on this would be great!!
> >
> >|||Tomer,
You will need to use NAT to allow your computer to act as a server. I
would only do this sort of thing at home and never on a corporate network.
On a corporate network you should have a demilitarised zone (DMZ) that
allows incoming connections from the internet. I really do not recommend
allow people from the public internet to connect directly to your LAN,
you are asking for trouble. The DMZ should not be able to initiate
connections to your LAN.
I would go further and not even allow any form of direct access to a
database server from the internet. Use a web server in a DMZ to connect
to your db server (also in a separate DMZ) to serve information. If you
need to manage a SQL Server from the internet you could use the web
administrator (http://tinyurl.com/3cuzt) or even MyLittleTools
(http://www.mylittletools.net).
--
Mark Allison, SQL Server MVP
http://www.markallison.co.uk
Looking for a SQL Server replication book?
http://www.nwsu.com/0974973602.html
Tomer wrote:
> Hi,
> My computer is part of the company computer network and connects to the
> internet through the company server which connects to the internet with an
> adsl modem installed on it.
> I have a sql server 2000 installed on my computer and I wish to access it
> from 'outside' through the internet and access its databases.
>
> "Mark Allison" <marka@.no.tinned.meat.mvps.org> wrote in message
> news:eaZoMCsfEHA.140@.TK2MSFTNGP12.phx.gbl...
>>Tomer,
>>I had a bit of trouble understanding what you are asking, I will recap.
>>You have a corporate network connected to the internet via a proxy
>>server (let's call this PROXY1). You want to "publish" your computer on
>>the internet, which resides behind PROXY1. What do you mean by
>>"publish"? Is it a web site, an FTP site, a database, remote desktop
>>connection, what?
>>You are running SQL Server on "my computer". Is this in the corporate
>>network or on the internet at home? Please clarify these points very
>>carefully (take a bit of time) as they will have a significant bearing
>>on the accuracy of the responses you will get.
>>--
>>Mark Allison, SQL Server MVP
>>http://www.markallison.co.uk
>>Looking for a SQL Server replication book?
>>http://www.nwsu.com/0974973602.html
>>
>>Tomer wrote:
>>Hi,
>>I need to publish my computer on the internet which is on a company
> network.
>>in the network we have a server that connects to the internet and gives
>>internet access to all the company computers.
>>I'm running a sql server on my compuer and I need to access it through
> the
>>internet.
>>Also, I need to know how do I secure the connection to my
>>server/computer/company.
>>Any info on this would be great!!
>>
>
>|||Hi,
First thing, thanks alot for the info! I know that this is a problematic
issue in security, but I need to connect a pocket pc device with a gprs
modem directly to the sql server, and I'd rather not use a web service
application.
"Mark Allison" <marka@.no.tinned.meat.mvps.org> wrote in message
news:OOIKLZsfEHA.1424@.tk2msftngp13.phx.gbl...
> Tomer,
> You will need to use NAT to allow your computer to act as a server. I
> would only do this sort of thing at home and never on a corporate network.
> On a corporate network you should have a demilitarised zone (DMZ) that
> allows incoming connections from the internet. I really do not recommend
> allow people from the public internet to connect directly to your LAN,
> you are asking for trouble. The DMZ should not be able to initiate
> connections to your LAN.
> I would go further and not even allow any form of direct access to a
> database server from the internet. Use a web server in a DMZ to connect
> to your db server (also in a separate DMZ) to serve information. If you
> need to manage a SQL Server from the internet you could use the web
> administrator (http://tinyurl.com/3cuzt) or even MyLittleTools
> (http://www.mylittletools.net).
> --
> Mark Allison, SQL Server MVP
> http://www.markallison.co.uk
> Looking for a SQL Server replication book?
> http://www.nwsu.com/0974973602.html
>
> Tomer wrote:
> > Hi,
> >
> > My computer is part of the company computer network and connects to the
> > internet through the company server which connects to the internet with
an
> > adsl modem installed on it.
> > I have a sql server 2000 installed on my computer and I wish to access
it
> > from 'outside' through the internet and access its databases.
> >
> >
> > "Mark Allison" <marka@.no.tinned.meat.mvps.org> wrote in message
> > news:eaZoMCsfEHA.140@.TK2MSFTNGP12.phx.gbl...
> >
> >>Tomer,
> >>
> >>I had a bit of trouble understanding what you are asking, I will recap.
> >>You have a corporate network connected to the internet via a proxy
> >>server (let's call this PROXY1). You want to "publish" your computer on
> >>the internet, which resides behind PROXY1. What do you mean by
> >>"publish"? Is it a web site, an FTP site, a database, remote desktop
> >>connection, what?
> >>
> >>You are running SQL Server on "my computer". Is this in the corporate
> >>network or on the internet at home? Please clarify these points very
> >>carefully (take a bit of time) as they will have a significant bearing
> >>on the accuracy of the responses you will get.
> >>--
> >>Mark Allison, SQL Server MVP
> >>http://www.markallison.co.uk
> >>
> >>Looking for a SQL Server replication book?
> >>http://www.nwsu.com/0974973602.html
> >>
> >>
> >>
> >>Tomer wrote:
> >>
> >>Hi,
> >>I need to publish my computer on the internet which is on a company
> >
> > network.
> >
> >>in the network we have a server that connects to the internet and gives
> >>internet access to all the company computers.
> >>I'm running a sql server on my compuer and I need to access it through
> >
> > the
> >
> >>internet.
> >>Also, I need to know how do I secure the connection to my
> >>server/computer/company.
> >>
> >>Any info on this would be great!!
> >>
> >>
> >
> >
> >|||OK,
What you need to do is NOT allow connections into your LAN. Create a DMZ
and place the SQL Server there. Do not allow the DMZ to initiate
connections into the LAN. Only allow connections from the LAN TO the DMZ.
Do not allow SQL Server to connect to anything else on your network.
Remember, if this machine is compromised, you could be in trouble. On
the firewall, only open one port to the SQL Server, and make sure this
is not 1433. Make it a high port number such as 56378 (or whatever).
Ensure SQL Server is listening on this port.
This will put you out of range of port scanners that are only looking
for common ports such as 139, 1433, etc, however will not protect you
from someone scanning every port on your machine, but then there are
intrusion detection tools available to protect you from this.
Another way to do this is to use a VPN tunnel from the client on the
internet, through a VPN server in a DMZ on your corporate network, and
then you can use the entire LAN. This might be easier to set up and
configure, then again it might not.
Whatever you do, do not allow direct connections from the public
internet, unencrypted into your LAN.
--
Mark Allison, SQL Server MVP
http://www.markallison.co.uk
Looking for a SQL Server replication book?
http://www.nwsu.com/0974973602.html
Tomer wrote:
> Hi,
> First thing, thanks alot for the info! I know that this is a problematic
> issue in security, but I need to connect a pocket pc device with a gprs
> modem directly to the sql server, and I'd rather not use a web service
> application.
>|||Thanks a bunch!! this helps alot
Tomer.
"Mark Allison" <marka@.no.tinned.meat.mvps.org> wrote in message
news:u$IWGX4fEHA.632@.TK2MSFTNGP12.phx.gbl...
> OK,
> What you need to do is NOT allow connections into your LAN. Create a DMZ
> and place the SQL Server there. Do not allow the DMZ to initiate
> connections into the LAN. Only allow connections from the LAN TO the DMZ.
> Do not allow SQL Server to connect to anything else on your network.
> Remember, if this machine is compromised, you could be in trouble. On
> the firewall, only open one port to the SQL Server, and make sure this
> is not 1433. Make it a high port number such as 56378 (or whatever).
> Ensure SQL Server is listening on this port.
> This will put you out of range of port scanners that are only looking
> for common ports such as 139, 1433, etc, however will not protect you
> from someone scanning every port on your machine, but then there are
> intrusion detection tools available to protect you from this.
> Another way to do this is to use a VPN tunnel from the client on the
> internet, through a VPN server in a DMZ on your corporate network, and
> then you can use the entire LAN. This might be easier to set up and
> configure, then again it might not.
> Whatever you do, do not allow direct connections from the public
> internet, unencrypted into your LAN.
> --
> Mark Allison, SQL Server MVP
> http://www.markallison.co.uk
> Looking for a SQL Server replication book?
> http://www.nwsu.com/0974973602.html
>
> Tomer wrote:
> > Hi,
> >
> > First thing, thanks alot for the info! I know that this is a problematic
> > issue in security, but I need to connect a pocket pc device with a gprs
> > modem directly to the sql server, and I'd rather not use a web service
> > application.
> >
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment