SQL over broadband

[mrliam69]

I need to let 2 sites access each others databases for information purposes and the other week I set up our router to point any sql port requests to the sql server, which worked fine but I am concerned over security.
Is it a case of just changing the port to something obscure and do I need to change passwords logins etc...
Or just a thought would it be better to set it up in Active Directory.....

 

[Catadmin]

If the SQL Server Service account isn't using a domain (AD) user account, then the two SQL Servers won't be able to interact and use things like MSDTC, Replication, etc.

Some things to take into consideration.

1) There are some activites in SQL, like Replication, which require persistant connections, so Broadband can be good.

2) Security over broadband is more a network consideration than it is a SQL Server consideration. Definately the first thing you want to do is disable port 1433 on your SQL Servers and use something more obscure, but it is NOT by any means the ONLY security precaution you should take.

Make sure your patches and SPs are all up to date both on SQL and the OS. Talk with your network admin about SSL or other security options. If the servers are on two different domains, security gets a little more complicated. Think about complicated passwords for all accounts that might be using the two SQL Servers. Make sure any domain user account for SQL is NOT an admin account on the domain.

There's tons of other network security issues, but your network admin should have an idea of how to deal with those. If not, then it's time for you to check on network newsgroups for assistance.

Hope that helps.



Catadmin - MCDBA, MCSA
"If a person is Microsoft Certified, does that mean that Microsoft pays the bills for the funny white jackets that tie in the back???