SQL server; put SQL in DMZ or internal network ?

SQL server; put SQL in DMZ or internal network ?

Post by Marlon Bro » Tue, 28 Jun 2005 04:36:52


My company.com main website (Win2003 Server, IIS6.0) pulls data from a SQL
database. The SQL database is currently housed in myMainSQL server (which is
SAN connected in the internal network).

I am working on a project now to place all web servers behind a
reverse-proxy (ISA).

Question I have is this:
Is it recommended to place such SQL server in the "DMZ", or since the
webserver will be "protected" by a reverse proxy it will be OK keep the SQL
db in my internal network, as is now ?

If I place the SQL server in the DMZ (server joined to a workgroup), I would
need to open ports for data backup, MOM agents and SMS agent reach the SQL
server, in addition to spend more money with an additional server and
licenses.

I'd appreciate if you give your input on this.
 
 
 

SQL server; put SQL in DMZ or internal network ?

Post by SQL M » Tue, 28 Jun 2005 04:45:21

Hi

Think of this.

If SQL Server is in your corporate network, and your hacker can use tactics
like SQL Injection and where no tight security model exists, the Internal
network is open to the hacker.

Regards
--------------------------------
Mike Epprecht, Microsoft SQL Server MVP
Zurich, Switzerland

IM: XXXX@XXXXX.COM

MVP Program: http://www.yqcomputer.com/

Blog: http://www.yqcomputer.com/