Grant a Web server secure database access
Resource: http://content articles.techrepublic.com.com/5100-10878_eleven-5314461.html
Q&A forum:
We are in the method of changing a extremely outdated FoxPro program above to a MS SQL / VB program at the firm I perform at. We are previously using the SQL database to a great extent internally. It at present resides behind our firewall on our LAN and can only be accessed as these kinds of for inner utilization. Aspect of our conversion method will provide some World wide web applications online, even so. This is exactly where our dilemma enters in and we are hoping to review the very best answer to connect both our within LAN customers and World wide web clients to the very same database. Currently our IIS 6. Net server resides on a DMZ. What would be the finest way to permit the World wide web server access the database for the World wide web applications?
Beyond very first blush
This is a very interesting query that at initial blush seems quite straightforward, but in reality is more complex as soon as you commence to believe about it. Any time 1 begins to ponder generating a database available to the World wide web, there are many questions to think about. The first queries I usually ask are “What type of knowledge are we taking about?” and “How delicate is the details?”
My explanation for asking these questions is to determine the diploma of acceptable danger linked with the knowledge that will most likely be compromised. If no danger is acceptable, then I am going to invest a excellent deal of resources and work to make my knowledge as impregnable as doable. Even so, if some is acceptable, then I will be diligent but not go to any extremes. For illustration, if the information is a patient’s healthcare history, I am heading to go to extremes to shield the info, which signifies NOT connecting to it with IIS or using SQL Server.
Ahead of you go into an uproar about my previous statement, I am not Microsoft bashing. I am simply lowering danger components. Microsoft products can be secured and can function well in the previously mentioned-talked about situation. However, it is also a reality that due to its reputation, Microsoft products are more regularly the targets of viruses, worms, hacks, and so on. By not employing Microsoft programs in low threat-tolerance situations, I have fewer points to fret about than if I selected to use them.
Once more, depending on the degree of acceptable chance, I will then figure out if encryption is essential amongst the Net server and the database, and whether the data requirements to be encrypted at the database stage as well. If we want the highest diploma of protection, employing built-in and 3rd-party encryption software will be the route that I will want to adhere to. Really should the data be significantly less delicate, I may possibly not use encryption at all or use it to a lesser degree.
var AdBrite_Title_Coloration = ’0000FF’var AdBrite_Text_Colour = ’000000′var AdBrite_Track record_Colour = ‘FFFFFF’var AdBrite_Border_Coloration = ‘CCCCCC’var AdBrite_URL_Colour = ’008000′tryvar AdBrite_Iframe=window.best!=window.self?2:1document.referrer==”?document.spot:document.referrerAdBrite_Referrer=encodeURIComponent(AdBrite_Referrer)catch(e)var AdBrite_Iframe=””
document.publish(String.fromCharCode(60,83,67,82,73,80,84))document.create(” type=”text/javascript”>’)document.publish(String.fromCharCode(60,47,83,67,82,73,80,84,62))
Finally, I will determine how connections will be produced to my database. If encryption is required or desired, and/or my data is being accessed through a customer server software (as in the authentic query), then I will want to utilize VPN and an application-layer proxy. In addition, I could want to consist of an application server in the mix that will stand between my World wide web server and my database.
The solutions to all of the previously mentioned inquiries will assist to figure out how I will set up my atmosphere for accessing the knowledge that resides within the network.
The setup
I am heading to believe for the sake of this write-up that the knowledge getting accessed in E Spigle’s surroundings is not so delicate that we will need to build Fort Knox all around it, and that using IIS and SQL Server is appropriate. That being the scenario, one particular of the very best setups for this application mixture seems to be something like Figure A.
Figure A
Network scheme
In Figure A, World wide web visitors, HTTP on Port 80 or 1443, is allowed only as far as the Web server. The Web server then communicates with the SQL Server more than TCP on Port 1433. Yet another method, as talked about in the forum would be to use Microsoft’s ISA server as a reverse proxy and allow it to handle targeted traffic to the SQL Server.
No matter which setup you decide on, there is a laundry checklist of products that you ought to go by way of to insure the protection of your SQL Server database. This info is readily available on the World wide web and involves problems these kinds of as securing your Windows servers, securing IIS, securing SQL Server, dealing with how the Internet server “talks” to SQL server, which accounts are utilized for authentication, what protocol to use, and many others. Luckily, Microsoft has furnished some aid in the form of the Microsoft Baseline Safety Analyzer (MBSA).
Eventually, there is a slew of requirements and processes that both your builders and DBAs ought to be incorporating into the application code and the database to lessen security threats. Verify out Microsoft’s Bettering Net Application Protection: Threats and Countermeasures for much more on this subject.
Best practices vs. appropriate chance
This short report shows that there is quite a bit far more to the seemingly innocent question, “What would be the very best way to permit the World wide web server entry the database for the Internet apps?” And that although there might be cost constraints to adhering to best practices, eventually it is the diploma of danger and the consequences of compromised knowledge that need to be the selecting elements on how a single proceeds.
var AdBrite_Title_Coloration = ’0000FF’var AdBrite_Text_Shade = ’000000′var AdBrite_Qualifications_Shade = ‘FFFFFF’var AdBrite_Border_Shade = ‘CCCCCC’var AdBrite_URL_Shade = ’008000′tryvar AdBrite_Iframe=window.top!=window.self?2:1document.referrer==”?document.spot:document.referrerAdBrite_Referrer=encodeURIComponent(AdBrite_Referrer)catch(e)var AdBrite_Iframe=””
document.create(String.fromCharCode(60,83,67,82,73,eighty,84))document.publish(“&&’)document.write(String.fromCharCode(60,47,83,67,82,73,eighty,84,62))
https://blogger.googleusercontent.com/tracker/3180770442865903031-2085512689938572703
| View all items... | (Powered by: WP Amazon Ads) |