Thank you Justin You are correct in theory, however, I have implemented other security measures as well. I have a requirement (not the current one) that a database be accessible from an outside network as well. (I am an application provider) The main reason for getting off port 1433 is because if a steady, if not increasing scans to that port from the Pacific Rim IP numbers. I also block (through IPchains) ALL pacific Rim IP numbers, with the exception of Australia and New Zealand. This database is updated weekly from RIPE.
My original problem was getting Linux/Apache/ColdFusion to communicate with the SQL server, and thanks to the helpful tips from this list, it has been resolved. My systems may not be absolutely crack proof, but hopefully I have made it a little more difficult. ===================================== Douglas White group Manager mailto:doug@;samcfug.org http://www.samcfug.org ===================================== ----- Original Message ----- From: "Justin MacCarthy" <[EMAIL PROTECTED]> To: "CF-Linux" <[EMAIL PROTECTED]> Sent: Thursday, November 07, 2002 3:58 AM Subject: RE: Communicating with SQL2000 database from a Red Hat server | Well it is the default SQL port. Usually a SQL box would be in a DMZ, | therefore not available to the web. Even just add a cross-over cable from | machine. You could change the default port to something different, but | doing so is really security through obscurity, a port scan will find it | anyway (with few exceptions:-) ) A decent firewall, and a properly setup | win2000 box (ipsec, permissions, lockdown) is really the solution. | | Justin | | ______________________________________________________________________ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm ------------------------------------------------------------------------------ Archives: http://www.mail-archive.com/cf-linux%40houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_linux or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
