$WORK is setting up something similar. There's a web site with a SQLServer backend on a different machine, both in the DMZ, with no domain.
I've opened a one-way port (1433) from the production LAN to the DMZ, and our production SQLServer pulls data from the DMZ SQLServer as needed, usually once every few minutes. Kurt On Wed, Apr 7, 2010 at 05:38, <[email protected]> wrote: > > Greetings! Our DBA has a project going (with the help of an outside vendor) > in which animal welfare agents will enter stats into our (internal) > databases. > > This vendor says to set up a web server in a DMZ (done). Then, open a port > between this DMZ machine and our production database server. Right! > > I can open that port in 2 minutes or less. It seems that, in 3 minutes (a > minute or less after I open that port), someone in Tashkhent or Baku now > owns our entire network (including main HQ a half-continent away)... > > Our DMZ currently has no "DMZ to Trusted" policies, and it seems that is > what defines DMZ. A DMZ box gets compromized, but attackers have no route > on through to "Trusted". > > I'm catching some bad stares (and worse) for my stand on this, but such is > the life of a SysAdmin... > > SO, as nobody here manages a web-based point-of-sales operation, how does > one set up a secure remote data entry system? Our entire economy seems to > be based more and more on web-based (presumably) secure sales transactions, > so it can't be that difficult. > > Thanks! > -- > Richard D. McClary > Systems Administrator, Information Technology Group > ASPCA® > 1717 S. Philo Rd, Ste 36 > Urbana, IL 61802 > > [email protected] > > P: 217-337-9761 > C: 217-417-1182 > F: 217-337-9761 > www.aspca.org > > > The information contained in this e-mail, and any attachments hereto, is > from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) > and is intended only for use by the addressee(s) named herein and may > contain legally privileged and/or confidential information. If you are not > the intended recipient of this e-mail, you are hereby notified that any > dissemination, distribution, copying or use of the contents of this e-mail, > and any attachments hereto, is strictly prohibited. If you have received > this e-mail in error, please immediately notify me by reply email and > permanently delete the original and any copy of this e-mail and any printout > thereof. > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
