khaledeshah
ISP
We have a database of dialup users, we need to know what is the best method to secure this database from hackers & intruders ?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Securing database 1
- Thread starter khaledeshah
- Start date
- Status
You don't give a lot of info, and your question is very broad. What db, what OS, server, etc?
If you are running on a W2K server, I can help a little. You set up users, and you can set user properties to allow or deny remote access, or control access through remote access policies. This would be the first step.
You can also provide better security for users who work from home by implementing caller ID verification or enforcing callback security.
To use Caller ID, check the Verify Caller ID box and specify a phone number from which the user must dial in. Of course, if they call from the road frequently, this would not work.
To use Call Back, check the Always Callback to option button and enter the phone number from which the remote user will connect. The server will hang up and call the user back at that number. This is more secure than just Caller ID, but again, if they call from the road then this will not work.
However, this is the most secure because even if the users use an easily guessed p/w, a thief will not be able to log in.
However, before I go even further, I need more info from you as to your actual setup.
When in doubt, deny all terms and defnitions.
If you are running on a W2K server, I can help a little. You set up users, and you can set user properties to allow or deny remote access, or control access through remote access policies. This would be the first step.
You can also provide better security for users who work from home by implementing caller ID verification or enforcing callback security.
To use Caller ID, check the Verify Caller ID box and specify a phone number from which the user must dial in. Of course, if they call from the road frequently, this would not work.
To use Call Back, check the Always Callback to option button and enter the phone number from which the remote user will connect. The server will hang up and call the user back at that number. This is more secure than just Caller ID, but again, if they call from the road then this will not work.
However, this is the most secure because even if the users use an easily guessed p/w, a thief will not be able to log in.
However, before I go even further, I need more info from you as to your actual setup.
When in doubt, deny all terms and defnitions.
-
1
- Thread starter
- #3
khaledeshah
ISP
That's what we have now :
We have a Windows 2k which runs MsSQL server where the users database reside.
Also we have a Windows 2K which runs a Radius server.
The Radius server has 2 network cards, one with public IP address which connect the srever to the Internet & the other interface with private IP address & is coonected directly to the database server.
We have a Windows 2k which runs MsSQL server where the users database reside.
Also we have a Windows 2K which runs a Radius server.
The Radius server has 2 network cards, one with public IP address which connect the srever to the Internet & the other interface with private IP address & is coonected directly to the database server.
- Status