cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1250
Views
3
Helpful
3
Replies
Highlighted
Beginner

How can we secure inside SQL Server from Public Network

Hi Experts,

This is Network Diagram only for reference  :

simple diagram.JPG

Actual Problem related to SQL SERVER security, I am searching solution

for same last 2 years but i did not find out. How can i secure through

Router or Switch End. Database is very important thing for any company

as you know and there are many problems which is happening with

Database like DB Hack, SQL Injection, unknown modification , etc.

Plz resolve given below Qustions->

1. is there any technique to Encrypt the ip address of SQL Server (172.25.170.50) ?

2. Outside Public ip can not hack and search inside SQL Server. how to configure ?

3. If any other method , plz suggest me

4. How to check which ip access to which ip address in Network

    Plz provide me commands to monitoring, for ex,

    a) Any inside SQL Client (172.25.170.44)  access

       SQL Server (172.25.170.50).

Everyone's tags (8)
1 ACCEPTED SOLUTION

Accepted Solutions
Advisor

Re: How can we secure inside SQL Server from Public Network

Kuldeep, 

1. is there any technique to Encrypt the ip address of SQL Server (172.25.170.50) ?

You cannot encrypt the address of the sql server, but instead you can encrypt the data that's flowing to it. There are such techniques such as encrypting the data from your frontend to the sql server, but I'm not 100% certain if that's what you're asking. As a side note, I would not be able to help you do the above, but I know that it can be done in a point-to-point fashion via Windows server if that's what you're running.

2. Outside Public ip can not hack and search inside SQL Server. how to configure ?

This is going to generally be an application issue. Most sql server hacks have been sql injections due to lax security, input validation, etc. You need to make sure that you have the proper input validations in place and this wouldn't have anything to do with routers/switches in your network. You need to keep in mind that once you put a service out on the internet that has to be publically accessible, it can become a target.

3. If any other method , plz suggest me

If you're in a Windows environment, the biggest things to remember are:

     1.) Patches, patches, patches

     2.) Maybe place an IDS between your firewall and sql server for any suspicious traffic to be dropped.

     3.) Double check your source code of the frontend application.

4. How to check which ip access to which ip address in Network

    Plz provide me commands to monitoring, for ex,

    a) Any inside SQL Client (172.25.170.44)  access

      SQL Server (172.25.170.50).

    b) Any user1 (172.25.170.2) send data

       through FTP to user2 (172.25.170.3)

    c) Suppose any user1(172.25.170.2) access other at own PC

        through "// 172.25.170.3"


You could, in theory, run netflow and keep track of internal hosts that are accessing the server, but they'd have to cross some boundary. If you have your hosts on the same subnet, you wouldn't be routing and it would be a direct connection between these hosts. That means it becomes an application logging issue. One thing that you could do is readdress your users/servers to not be on the same subnet (which from your address questions above it seems like they are). If you do this, your hosts would have to route to the server subnet and then you'd be able to use netflow and keep a database (Solarwinds Orion) of connections.

HTH,

John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
3 REPLIES 3
Advisor

Re: How can we secure inside SQL Server from Public Network

Kuldeep, 

1. is there any technique to Encrypt the ip address of SQL Server (172.25.170.50) ?

You cannot encrypt the address of the sql server, but instead you can encrypt the data that's flowing to it. There are such techniques such as encrypting the data from your frontend to the sql server, but I'm not 100% certain if that's what you're asking. As a side note, I would not be able to help you do the above, but I know that it can be done in a point-to-point fashion via Windows server if that's what you're running.

2. Outside Public ip can not hack and search inside SQL Server. how to configure ?

This is going to generally be an application issue. Most sql server hacks have been sql injections due to lax security, input validation, etc. You need to make sure that you have the proper input validations in place and this wouldn't have anything to do with routers/switches in your network. You need to keep in mind that once you put a service out on the internet that has to be publically accessible, it can become a target.

3. If any other method , plz suggest me

If you're in a Windows environment, the biggest things to remember are:

     1.) Patches, patches, patches

     2.) Maybe place an IDS between your firewall and sql server for any suspicious traffic to be dropped.

     3.) Double check your source code of the frontend application.

4. How to check which ip access to which ip address in Network

    Plz provide me commands to monitoring, for ex,

    a) Any inside SQL Client (172.25.170.44)  access

      SQL Server (172.25.170.50).

    b) Any user1 (172.25.170.2) send data

       through FTP to user2 (172.25.170.3)

    c) Suppose any user1(172.25.170.2) access other at own PC

        through "// 172.25.170.3"


You could, in theory, run netflow and keep track of internal hosts that are accessing the server, but they'd have to cross some boundary. If you have your hosts on the same subnet, you wouldn't be routing and it would be a direct connection between these hosts. That means it becomes an application logging issue. One thing that you could do is readdress your users/servers to not be on the same subnet (which from your address questions above it seems like they are). If you do this, your hosts would have to route to the server subnet and then you'd be able to use netflow and keep a database (Solarwinds Orion) of connections.

HTH,

John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
Beginner

How can we secure inside SQL Server from Public Network

anybody there.......................

Hall of Fame Master

How can we secure inside SQL Server from Public Network

You have been answered above already. If you are not happy with answers here, hire a professional network engineer.

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards