Results 1 to 4 of 4
  1. #1
    Join Date
    Nov 2002
    Location
    Washington, D.C.
    Posts
    2

    Unanswered: linked server security

    Hello the forum

    We've got a collection of db servers here, all SQL Server 7. One's outside our firewall & is used with our Internet site's ASP pages. The rest are inside the firewall & one of them is used with our Intranet site's ASP pages. I'd like to link the one outside the firewall to the one inside the firewall so that outside visitors can use an online application to enter information that can be viewed through an admin page on our Intranet.

    What security implications does that have for our Intranet? How exactly do two linked servers communicate? Via TCP/IP or what?

    Any advice/recommendations greatly appreciated.

    Mark Krawec

  2. #2
    Join Date
    Oct 2002
    Posts
    369

    Arrow Re: linked server security

    Q1 [Any advice/recommendations greatly appreciated.]

    It is possible to configure a Sql Server outside a firewall (exposed to the world, as it were) and make it available [internally] in various ways as well.

    For example, I've sometimes seen this "sort of thing" done via a particular open TCP/IP port on the firewall which allows access (from the inside) via one port only. It seems to me that in these kinds of persistent open TCP/IP port scenarios, there is a tendency for security implications (that are never really fully addressed) to "breed" as a result of all sorts of "unforseen" requirements that are added to over time; which results in an increasingly compromised and porous "security barrier" between external and internal sql servers. {In the kind of situation you've described, I tend to lean towards approaches involving on demand unidirectional VPNs set up to the external server; though such approaches may be more difficult to implement.}

  3. #3
    Join Date
    Nov 2002
    Location
    Washington, D.C.
    Posts
    2

    Re: linked server security

    DBA

    Thanks for the suggestions.

    It is possible to configure a Sql Server outside a firewall (exposed to the world, as it were) and make it available [internally] in various ways as well.
    Good point. However, there's a lot of concern about leaving sensitive information on the exposed server. At the moment, the idea is to replicate data from the "inside" server to the "outside" server to be manipulated on demand by the user of the Web app, then replicate it back when the user's done & erase it from the "outside" server.

    I've sometimes seen this "sort of thing" done via a particular open TCP/IP port on the firewall which allows access (from the inside) via one port only. It seems to me that in these kinds of persistent open TCP/IP port scenarios, there is a tendency for security implications ... to "breed"....
    That's what has our network/db guys so worried about the linked server idea (I'm not really a dba, just an ASP developer).

    {In the kind of situation you've described, I tend to lean towards approaches involving on demand unidirectional VPNs set up to the external server; though such approaches may be more difficult to implement.}
    They've already got a VPN set up for replication from "outside" to "inside". I think it's bidirectional though, or if unidirectional then unidirectional from "outside" to "inside", not the other way around. Would data travelling between linked servers be sent down the same tunnel?

    thanks again
    Mark

  4. #4
    Join Date
    Oct 2002
    Posts
    369
    RE:
    [Size =1]Q1 Would data travelling between linked servers be sent down the same tunnel?
    [/Size]
    A1 Maybe, it all depends upon how things are configured.

    RE:
    [Size =1]
    That's what has our network/db guys so worried about the linked server idea (I'm not really a dba, just an ASP developer).
    They've already got a VPN set up for replication from "outside" to "inside". thanks again
    Mark
    [/Size]

    You are welcome.

    It is a "good thing" that your network/db guys are "so worried". If there is any sensitive data on the external server, they should be.

    Some ideas that help secure special purpose VPNs:
    Create special VPN user logins and / or network accounts with as limited capabilities as possible for the purpose (and deny access to all other accounts):
    i limit the VPN itself (only user A and B; from IP xxx.xxx.xxx.xxx to IP yyy.yyy.yyy.yyy; between scheduled time intervals)
    ii Allow reading data on the designated source tables ONLY.
    iii Allow writeing data to the designated target tables ONLY.
    iv schedule data transfers to very specific time windows and deny transfer account use (at other time intervals).
    v set up alerts for any unexpected IP traffic, traffic to or from unallowed or unexpected sources, and / or (failed) attempts to use the VPNs or the accounts set up for the purpose.
    It may further help to use two different sets of unidirectional VPNs (with different logins and accounts required for each directional transfer).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •