SQL Server Sercurity Outside The Firewall ...
Jul 20, 2005
Hello,
We use Informix and MySQL on linux/unix to drive our web application.
SQL*Server is used only for backend enterprise applications within the
firewall. I am trying to get the management to use SQL*Server outside the
firewall. They tell me there are security issues with Microsoft products,
including SQL*Server, that make it vulnerable to attacks outside the
firewall. Can someone please point me to white papers/documentation that
suggests how SQL*Server can be used securely outside the firewall? I think
if I put SQL*server on it's own box and open it up only to the applications
on our web servers, we should be secure. However, I need hard evidence.
Thanks.
- Rajesh
View 2 Replies
ADVERTISEMENT
Mar 18, 2008
I recently Aquired a SQL 2005 standard x64 edition, I attached a table from sql 2000, there is a system table in this database called dtproperties and it has a public role. Now, I setup a limited user and that user can see this table and query it, etc. I removed this table from the public role so this user does not have access to it.
My questions are,
how does removing the public role from dtproperties affect users?
if it has to be public role, then does it need to insert, update, or delete?
if it does need insert update or delete, what happens if a user does delete insert etc.
I guess looking for an all around answer to why public on dtproperties
Tdar
View 1 Replies
View Related
Jul 20, 2005
My ISP recently had me reset my TCP/IP stack. After that, Norton PersonalFirewall prompted me twice that SQL Server was trying to access theInternet. Both times I responded to allow it to and to always use thataction. Now I am not able to use SQL Server with NPF enabled. If I disableNPF, SQL Server works fine.I am using the desktop edition of SQL Server 7, on a standalone PC, notconnected to a server. I have been using SQL Server and NPF together forover a year. Now, since my TCP/IP stack was reset, NPF interferes with SQLServer.Anyone have any experience with this?Thanks,Neil
View 3 Replies
View Related
Jan 6, 2000
I am trying to connect to SQL Server 7.0 from a web server. The web server is outside our firewall, SQL Server is inside the firewall. I want to use a multiprotocol connection so I can encrypt it. We have port 1433 open on our firewall for TCP/IP from SQL Server. When I connect with just TCP/IP it works. When I switch to multiprotocol it fails with error code 1701. I can connect to the SQL Server box from inside the firewall using multiprotocol.
My theory is that when you use multiprotocol you are using another port than 1433. Is this the answer?
View 1 Replies
View Related
Aug 3, 2004
I have a simple asp page that queries a database inside our firewall. It works fine from the inside, and only uses port 1433. But if i put it out on our web server it won't connect and tries to use ports 139 and 445. Has anybody ran across this before?
Thanks,
John
View 10 Replies
View Related
Apr 25, 2008
Hi,
Is there any concerns or problems with forward a port to SQL server
from our internet firewall so that you can access the databases over the internet? Is it a standard practice to do this in order to remotely access the SQL server. Or is there a better way to do this? Also, if it is ok to do this are any things you need to do to enhance your security from vulnerabilities being open to the internet.
Any suggestions or comments would be appreciated on this subject.
Thanks
View 2 Replies
View Related
Jul 27, 2006
I am using SQL Server 2005 Express + SP1 on a Windows Small Business Server(SBS) box. The SBS is connected to a client thru LAN.
Following are what I gave as IP address and DNS on the server:
IP: 192.168.16.2, subnet mask : 255.255.255.0, Preferred DNS server: 192.168.16.2, Default gateway and Alternate DNS Server blank
On the client, I have,
IP: 192.168.16.4, subnet mask : 255.255.255.0, Preferred DNS server, Default gateway and Alternate DNS Server blank
I can ping and connect to either of the machines.
If I do a sqlcmd -S "tcp:servernameINSTANCE,port", I get the following error message:
HResult 0x80090304, Level 16, State 1
SQL Network Interfaces: The Local Security Authority cannot be contacted
Sqlcmd: Error: Microsoft SQL Native Client : Cannot generate SSPI context
If I do a sqlcmd -S "tcp:192.168.16.2INSTANCE,port", it connects to SQL Server.
I have the Windows Firewall ON. If I Off the firewall, I do not have any problem at all.
I included File and Printer Sharing, sqlsvr.exe in the Exception list of the Windows Firewall.
Any help to solve the issue is appreciated.
Thanks.
View 7 Replies
View Related
Jun 6, 2007
I cannot seem to find the definitive how-to guide for this. Can anyone point me in the right direction?
I have SQL Server 2005 (x64) already running on Windows 2003 R2 (x64). I'm having difficulty trying to expose it the Internet.
Using the Surface Area Configuration tool I can see that remote connections using TCP/IP is enabled. I also made the machine administrator a member of the SysAdmin role from here too.
In Windows Firewall "SQL Server" and "Web" are already checked as exceptions.
I know that SQL Server uses port 1433 and I also read somewhere that clients connecting to SQL Server communicate on a random port between 1024 and 5000. So, on my router (Netgear WNR854T) I'm forwarding ports 1024 through 5000 to the machine where SQL Server lives.
In my connection string I'm using the IP address of the SQL Server machine with ":1433" appended to the address. Yet I cannot connect to SQL Server. Am I missing anything?
View 9 Replies
View Related
Apr 18, 2008
Hello,
I have purchased 4 new boxes for SQL2005 and my var database product all running on the new Windows 2008 server. A lot of silly mind bender issues but I am up and live now. However, what should the firewall settings be on my SQL database box? I have ultimately turned off Windows Firewall so that I could connect and continue forward.
Thanks!
Chris
View 9 Replies
View Related
Apr 10, 2001
I have got a MTS Server and SQL server 7 in different boxes. However, MTS only communicates to SQL server when there is no firewall while it doesn't work when there is a firewall between them. Any idea I can solve this problem?
Many thanks.
William
View 2 Replies
View Related
Jun 7, 2006
I have changed SQL Server port to 2433, and add it to exception in Windows Firewall, add executive files as in this KB http://msdn2.microsoft.com/en-us/library/ms175043.aspx
Want to change port of SQL Server Browser as well, but dont know how to :(
anyway, after enable Firewall, SQL server is stop working. How to get it working with Firewall? Also, if some one lets me know how to change port of SQL Server Browser too, it would be great
thanks
View 3 Replies
View Related
Oct 16, 2007
Can anyone tell me if there's a recommended way to link from a SQL 2000 SP4 DB through a firewall to SQL 2005? I have tried with SQLOLEDB but this uses NETBios which is not secure. Or is there a way to tell it not to use NETBios?
SET @provdetail = 'DRIVER={SQL SERVER};SERVER=<IP address>;Trusted_connection=Yes'
EXEC Master..sp_addlinkedserver
@server = ,'<IP address>',
@srvproduct = '',
@provider = 'SQLOLEDB',
@provstr = @provdetail ,
@catalog = 'TestDB',
@datasrc ='<IP address>DB1'
View 1 Replies
View Related
Jun 19, 2015
I have trying to access a 2nd SQL Server instances running on my WHS 2011 server from my Windows 8.1 Pro client.
The first SQL Server instance I installed is SQL Server 2014 Developer. This has been in place for many months and access from my client pc is not a problem. The Developer instance was installed using standard settings so uses TCP port 1433 and I have verified this by checking the firewall rules. This instance name is <SERVERNAME>
As I want to host a personal website on my server I installed SQL Server 2014 Express as a 2nd instance on my WHS 2011 box for website database purposes. After this installation both instances are accessible via Management Console on the WHS 2011 box.Â
The second instance is named as <SERVERNAME>SQLEXPRESS.
However, I am unable to access the SQLEXPRESS instance using Management Console on my client pc. I know it is a firewall issue as when I turn off the firewall on the WHS 2011 box I can connect successfully. The errors reported have resulted in my trying many things to resolve the problem but none have worked, e.g.
Use the default SQLEXPRESS instance to listen on all TCP ports (default installation option). I checked the necessary firewall rules were set up correctly and they were, i.e. UDP ANY and TCP ANY for the SQLEXPRESS sqlservr.exe file.
Change the default SQLEXPRESS instance to list on a specific TCP port, e.g. 19344
Create an ALIAS for the SQLEXPRESS installation
The instance is definitely set up for Remote Access and is not Hidden.
Are there any other firewall rules I need to apply?
View 2 Replies
View Related
Aug 25, 2006
Hello,
My question is about allowing and securing connections to SQL Server 2000 over the internet. The company that I work for has an application server that several of our clients connect to via the internet using secure .NET remoting. Basically, the clients have a desktop application that they run that creates a remoting connection to our server software and we handle the server/database part. Anyway, one of our clients now wants to use Crystal Reports to run ad hoc queries on their data that is hosted on our SQL 2000 database server behind our firewall. Obviously, opening up a port in our firewall and allowing someone to run ad hoc queries on the database makes us all more than a little nervous about security.
Has anyone else here had to deal with this sort of situation before? We'd like to set up a secure, encrypted connection for this one client, but still keep it locked down for everyone else. Is it as simple as enabling encryption and generating SSL certificates for the client machine and our server? I've only been able to find a few resources that help with bits and pieces of the problem, never anything tackling the issue as a whole. If anyone has any thoughts, experiences, links, etc. to share it would be greatly appreciated. We are a small company and no one here has experience with this sort of thing.
Cheers!
Justin
View 4 Replies
View Related
Mar 6, 2006
Hi,
I'm experiencing problems connecting remotely (through the Management Studio) to a named instance of SQL Server Express 2005.
After investigation I determined it was a firewall issue - turn off windows firewall and I can connect fine. I initially added ports 1433 and 1434 to windows firewall - still no joy. Then I added the binaries explicitly (sqlservr.exe and sqlbrowsr.exe - or whatever they are) - still no joy. So, I looked into the firewall log to see what was being dropped. I found that my IP was trying to connect via port 1047 (TCP)... I've searched for anything about this on google and cannot find any indication that the management studio should be using this port to connect.
If I add this port, the connection works fine. Has anyone else experienced this ? As there seems to be no way of modifying the management studio to connect via a specific port, I'm a bit concerned that something is just not right.
I would appreciate any advice you can give.
Thanks.
View 1 Replies
View Related
Nov 6, 2015
We have a hosted server with a website and sql server 2008 on.
The windows firewall is turned on for all networks / profiles and says its blocking incoming traffic.
I see a lot of login attempts in the windows logs where hackers are trying to connect to it. I can also access it via SSMS from multiple external ips.
Everywhere I've googled says that incoming traffic should be blocked by default by the firewall.
There are no obvious rules that allow SSMS access.
If I do a blocking rule on inbound rules for a single ip that does work, blocking it from that ip, but any other ip's can still connect.
In the firewall log file I can see the allowed connections on port 1433 etc. other than the dropped one from the test blocking rule.
View 5 Replies
View Related
Jun 8, 2007
Dim strCON As String = _
"workstation id=DJI-MAIN;packet size=4096;user id=sa;integrated security=SSPI;data source=DJI-MAIN;persist security info=False;initial catalog=RacingSystem"
Dim cnn1 As New SqlConnection(strCON)
cnn1.Open()
This is the code I have been using to connect to my default instance for 18 months. A recent upgrade to Windows Live onecare now prevents me connecting to the server from the same machine. The following error message is generated:-
Unhandled Exception: System.Data.SqlClient.SqlException: SQL Server does not exist or access denied.
at System.Data.SqlClient.ConnectionPool.GetConnection(Boolean& isInTransaction)
at System.Data.SqlClient.SqlConnectionPoolManager.GetPooledConnection(SqlConnectionString options, Boolean& isInTransaction)
at System.Data.SqlClient.SqlConnection.Open()
at TrainerReport001.Form1.Form1_Load(Object sender, EventArgs e) in F:#ProjectsStatsOwnerReport001Form1.vb:line 84
at System.Windows.Forms.Form.OnLoad(EventArgs e)
at System.Windows.Forms.Form.OnCreateControl()
at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible)
at System.Windows.Forms.Control.CreateControl()
at System.Windows.Forms.Control.WmShowWindow(Message& m)
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.ScrollableControl.WndProc(Message& m)
at System.Windows.Forms.ContainerControl.WndProc(Message& m)
at System.Windows.Forms.Form.WmShowWindow(Message& m)The program '[3336] TrainerReport001.exe' has exited with code 0 (0x0).
at System.Windows.Forms.Form.WndProc(Message& m)
at System.Windows.Forms.ControlNativeWindow.OnMessage(Message& m)
at System.Windows.Forms.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.DebuggableCallback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
at System.Windows.Forms.SafeNativeMethods.ShowWindow(HandleRef hWnd, Int32 nCmdShow)
at System.Windows.Forms.Control.SetVisibleCore(Boolean value)
at System.Windows.Forms.Form.SetVisibleCore(Boolean value)
at System.Windows.Forms.Control.set_Visible(Boolean value)
at System.Windows.Forms.ThreadContext.RunMessageLoopInner(Int32 reason, ApplicationContext context)
at System.Windows.Forms.ThreadContext.RunMessageLoop(Int32 reason, ApplicationContext context)
at System.Windows.Forms.Application.Run(Form mainForm)
at TrainerReport001.Form1.Main() in F:#ProjectsStatsOwnerReport001Form1.vb:line 2
If I turn off the onecare firewall I can connect as normal, but this is not a desired option. I have tried enabling port 1433 on the firewall, this does not work either. Any help greatly appreciated, onecare support seems reluctant to help.
TIA
View 4 Replies
View Related
Nov 1, 2006
Hello,I am trying to connect with sql by using following connection string"server='serverIP'; user id='username'; password='xxxxxxx'; database='databasename';"If SQL Server 2000 server that is behind a firewall , I need to change it.Can anyone let me know what should I change in my Connection String.I am using Asp.net 1.x Thanks in Advance
View 4 Replies
View Related
Apr 23, 2001
Hi all,
I am developing a 3-tier web app (IIS, MTS, SQLServer7). My problem is SQL Server 7 is not responding to MTS Server when there is a firewall in between.
However, when the firewall is removed, everything works fine, therefore I think the problem is not caused by the code.
I am very sure that port 1433 (the default port used by SQL7) is open in the firewall.
Please help because I am stuck with this problem for weeks and really stressed out.
Thanks in advance.
William
View 2 Replies
View Related
May 30, 2001
Hi guys.
We have an external webserver/sqlbox not on domain network and internal on domain.
I need to register both servers or need to do a linked server between two.
There is something i found in Multi protocol. Will somebody explain the whole process.
If i need to change the port settings in SQL, is that just the Client neetwork utility I should change or should i run the setup.
Any input appreciated.....
:-)
-MAK
View 1 Replies
View Related
Dec 1, 2004
Hi there!
I'm a bit new to all this, so please bear with me! :)
I've got a webserver in our DMZ and I'm trying to create an ODBC connection from that server to a db server within our firewall. When I try and connect, the following message appears:
Connection failed:
SQLState: '01000'
SQL Server Error: 10060
[Microsoft][ODBC SQL Server Driver][TCP/IP Sockets]ConnectionOpen (Connect()),
Connection failed:
SQL State: '08001'
SQL Server Error: 17
[Microsoft][ODBC SQL Server Driver][TCP/IP Sockets]SQL Server does not exist or access denied
I'm at a bit of a loss as to what's going on, as we have an application on the webserver that connects to another SQL DB server within our firewall with no problem!
webserver:
OS - win2000 standard server sp4
db server:
OS - WinNT 4.0
SQL - 7.0
If anyone can help, it would be much appreciated!!
Cheers,
Ewan :)
View 1 Replies
View Related
Jul 20, 2005
Hi all, I have some DTS packages that are used to import /export data to aSQL box located outside in a DMZ behind a firewall.We need to open up a port in the firewall so that the Internal Server cancommunicate (Execute DTS packages against) with the SQL box located outsidethe DMZ.How do I find out what Port we need to open so that the Internal SQL box cancommunicate with the external SQL box?Thanks in advanceMark
View 1 Replies
View Related
May 6, 2008
Hello,
I have created a new dtsx package with a FTP Task inside.
On this task I am able to configure the user, password server address etc...
Everything is working correctly until I try to connect to a FTP in DMZ.
Of course I have a firewall to access to it...So my question is how to bypass proxy settings in the FTP task component.
I do it in FileZilla so how can I do the same thing in ftp task?
Regards
Stephane
View 1 Replies
View Related
Apr 17, 2007
Hello,
I am trying to connect a web app to a SQL 2005 that is behind a firewall.
The challenge is this, the SQL is behind a firewall and the webserver is at a different location. From my desktop development environment, I connect through a VPN first and then can point to the internal IP of the DB server. This works fine as long as the VPN is connected.
But how do I do this from a hosted web application that is not on my local machine or using my VPN?
Is there some sort of tunneling Connection that I can use within code?
thanks
View 3 Replies
View Related
Nov 6, 2004
When I changed to software Firewall, I got lots of problems running asp.net and Dnn.
Unfortunatly zonelabs does not support me, cause ZA pro don't "officially" support servers. But speaking to their support, and via email, I am told several of their customers run ZA pro under winXP, with IIS and SQL running.(ZA pro 5.1.033.000)
Unfortunatly I have not been able to get them to read my thead on Zonelabs support forum.
I bought ZA pro after talking on with a salesrep, and was told IIS and SQL is a breeze to config, and if I run into problems their forum or support would help me. Yeah right. So at the time beeing I am stucked.
I first started out installing, and making the most obvious changes, and got everthing working I thought. But when trying to log into a dnn project in my root, nothing happend.
So, I knew the firewall didn't play along. Then I gave SQL server rights, 4 green checkmarks in config. Now I could log in. But installing new modules was still a problem. I tried to add "formcreator for dnn" by Snow to a tab. But I got a msg saying a critical error accourd. "SQL server doed not excist or access denied". This is what I have done so far:
1. In Privacy Settings Cookie Control, Ad Blocking and Mobile Code Control are all set to Off
2. Added localhost: Clicked Firewall >> Zones >> Add >> Host/Site name OR IP Address: 127.0.0.1
3. Made sure IIS, and SQL Server have full access: Click Program Control >> Programs.
So as you see, the firewall is still not allowing the application (dnn application) to connect to the SQL server. Surely their must be a way to fix this?
Anyone that has managed to get ZAP to work correct along with IIS and SQL?
clue
View 1 Replies
View Related
May 7, 2002
Hi guys.
We have an external webserver(server1 on domain1) is a DMZ, and sql server7(server2 on domain2) inside the firewall.
Domain1 trusts domain2 but domain2 does not trust domain1.
Our firewall hosting by outside vendor and they told me they already opened up the port 1433 for server2.
I put a small asp.net application on server1(this application works fine in intranet. 2000 server,iis5,virtue directory, and .net frameword were well installed and configured), and I got S'QL server does not exist or login fail error'.
Any idea about that? And how to test the port was opened?
Any input appreciated.....
View 2 Replies
View Related
Mar 4, 2000
OK, here's the situation. I have set up my two server to use MultiProtocol as their net-lib and locked it down to use only port 1433 instead of "port hopping". I have set up my firewall to allow the traffic on port 1433 between the 2 machines and I added a hosts entry at each machine for the partner machine. With this set up I can do everything that I need to and have not found any limitations until now.
THE PROBLEM: I publish a db (on either machine) and enable immediate updating subscriptions. I then push this db to the other machine. Everything works fine and updates on the publishing db are replicated to the subscribing databases without any problems. However, when I try to do an update on the subscribing database I get an error that "transaction error, ODBC driver [SQLOLEDB] does not support distributed transactions..." No matter which machine I configure as the publisher or the subscriber this error always occurs when trying to update the subscriber. Also, as soon as I disable the firewall the error goes away and updates go back and forth like normal. I've double checked and all packets go through the firewall on port 1433 and none are refused. Not sure where to go from here and any help would be appreciated....
THANKS,
- Matt K.
kanema@saic.com
View 2 Replies
View Related
Dec 23, 2000
Hi,
Need to set up replication between a server in our corporate network and another outside our network. Both are NT 4 servers running SQL7 and I am instructed to configure merge replication on both ends. My questions are: Is it possible to achieve this by running tcpip(read somewhere that I would need to run MPR to load the net libraries) and configuring the firewall to allow tcp/ip on the ports we are running SQL on between the two servers?
Please help as this is very urgent.
Regards
Kunta
View 1 Replies
View Related
Jul 20, 2005
HelloI have a project where I need to update a few tables in a SQL Server 2000database which resides behind a firewall, ie port 1433 is blocked. I alsoneed to verify the updates were successful.I am a C# developer. What are my options in doing this.. web services?John Dalberg
View 1 Replies
View Related
Nov 14, 2005
In this situation do I need a proxy or forwarder at both ends to prevent connection issues? Are there plans to handle this in future SSSB upgrades. Thanks.
View 8 Replies
View Related
Jan 29, 2001
I'm trying to adminster a remote MS SQL server from inside my company's firewall. I have the correct permissions to pass traffic through the firewall, but I need to authenticate to it first. When I try to register this remote SQL server through Enterpise Manager, it of course does not let me because of the firewall. Is there any way I can pass the firewall ID and password during the server registration process, and then pass the SQL server ID and password? I'm no SQL server expert by any means, but it doesn't look like it's possible. Are there any third party utilities that may accomplish this?
Thanks for the help!
Aaron
View 2 Replies
View Related
Mar 12, 2007
Hi
I am really struggling with this problem.
I am connecting to several SQL 2000 servers on another LAN from my workstation and I have to go through a firewall.
I got the firewall people to open port 1433 and was then able to connect any server with a default instance using Query Anlyzer and the IP address of the Server.
When I try to connect from my workstation to a server with a named instance I am being blocked by the firewall before it gets to the server.
I went into Client Network Utility on my workstation and removed named pipes which only left Tcpip using port 1433.
Fire wall is now blocking “nbname UDP 137”.
Is there a setting somewhere on my workstation that I can force the traffic to the named instance to use Tcpip through port 1433.
Any Help would be great.
View 3 Replies
View Related
Oct 3, 2014
I am running a package in the catalog. The package contains a c# script that uses FTP webrequest. It runs fine in SSDT. Trying to execute from the catalog the ftp list directory is timing out.
This seems to be a firewall issue. We have tried adding an exception for dtexec, but that did not . I am thinking another program runs the package, maybe ISServer.exe?
Any program that would need the firewall exception to run the package in the catalog?
View 6 Replies
View Related
