I have an existing server hosting several sites with associated back end
databases.
I have a new client who needs secure hosting solutions, including a secure
database, without the expense of a new server. I was thinking of the
following architecture. I know some ( most ) of this is not SQL related,
but bear with me please.
I am hosting web services on the server to provide the interface with the
external world. End-Use clients will have applications with certificates to
access these web services. I have two instances of SQL Server 2005 running,
MYSERVER\PUBLIC & MYSERVER\PRIVATE.
MYSERVER\PUBLIC contains all my existing, non-secure, databases plus some
info relevant to the new service which need not be secure.
MYSERVER\PRIVATE will contain all the new, to be secured, data.
MYSERVER\PRIVATE listens only on TCPIP Address 127.0.0.1, so should be
available only as 'localhost' from within the server, i.e. not be public to
the outside world. My web services should be able to access this data, and
the web services will only be accessible to these signed applications. Of
course, any relevant info would be encrypted.
Is this sufficient ?
Any input would be appreciated
Thanks
PhilYou have to make sure that you are using different service accounts for each
instance otherwise someone gaining elevated rights within one instance will
be able to get to the other instance. Additionally, you should not allow
any SQL logins to either instance. The web server should be configured to
connect to the instances using Windows credentials which forces anyone who
can not authenticate in Windows to not have access to either database
instance. The IIS server needs to be locked down to ensure that you don't
have any security holes. The service accounts for each instance should be
regular Windows accounts and NOT a member of local administrators or even
worse domain/enterprise administrators.
After accomplishing that, you pretty much have the front door closed. Now
you have to worry about all of the back end stuff. How are you going to
handle backups of the databases such that the data in your secure instance
remains secure even through the backup files? How are you going to control
administrator and developer access within your company to the secured
instance? How are you going to audit the operations within the secure
instance such that your customer on this secure instance can't create a
situation where they actually damaged data or caused the security to be
compromised, but are pointing the finger at you?
Mike
MHS Enterprises, Inc
Disclaimer: This communication is an original work and represents my sole
views on the subject. It does not represent the views of any other person
or entity either by inference or direct reference.
"Phil" <prounds@.cassandragroup.com> wrote in message
news:eFeo0WchGHA.4080@.TK2MSFTNGP03.phx.gbl...
>I have an existing server hosting several sites with associated back end
>databases.
> I have a new client who needs secure hosting solutions, including a secure
> database, without the expense of a new server. I was thinking of the
> following architecture. I know some ( most ) of this is not SQL related,
> but bear with me please.
> I am hosting web services on the server to provide the interface with the
> external world. End-Use clients will have applications with certificates
> to access these web services. I have two instances of SQL Server 2005
> running, MYSERVER\PUBLIC & MYSERVER\PRIVATE.
> MYSERVER\PUBLIC contains all my existing, non-secure, databases plus some
> info relevant to the new service which need not be secure.
> MYSERVER\PRIVATE will contain all the new, to be secured, data.
> MYSERVER\PRIVATE listens only on TCPIP Address 127.0.0.1, so should be
> available only as 'localhost' from within the server, i.e. not be public
> to the outside world. My web services should be able to access this data,
> and the web services will only be accessible to these signed applications.
> Of course, any relevant info would be encrypted.
> Is this sufficient ?
> Any input would be appreciated
> Thanks
> Phil
>|||"Phil" <prounds@.cassandragroup.com> wrote in message
news:eFeo0WchGHA.4080@.TK2MSFTNGP03.phx.gbl...
>I have an existing server hosting several sites with associated back end
>databases.
> I have a new client who needs secure hosting solutions, including a secure
> database, without the expense of a new server. I was thinking of the
> following architecture. I know some ( most ) of this is not SQL related,
> but bear with me please.
> I am hosting web services on the server to provide the interface with the
> external world. End-Use clients will have applications with certificates
> to access these web services. I have two instances of SQL Server 2005
> running, MYSERVER\PUBLIC & MYSERVER\PRIVATE.
> MYSERVER\PUBLIC contains all my existing, non-secure, databases plus some
> info relevant to the new service which need not be secure.
> MYSERVER\PRIVATE will contain all the new, to be secured, data.
> MYSERVER\PRIVATE listens only on TCPIP Address 127.0.0.1, so should be
> available only as 'localhost' from within the server, i.e. not be public
> to the outside world. My web services should be able to access this data,
> and the web services will only be accessible to these signed applications.
> Of course, any relevant info would be encrypted.
> Is this sufficient ?
>
Can't tell if it's sufficient, but it should work.
Also don't even need to enable TCP/IP for the PRIVATE instance. Programs
running on the same box can use the shared memory provider, which only works
locally. Also make sure to put the private web apps in their own
application pool (or web site), and use a seperate set of Windows accounts
to run the secure web apps, connect to SQL and as the SQL Service account.
Segegate the data and use NTFS permissions to restrict read/write to the
database files, logs and backups.
David
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment