|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: ODBC in DMZ
Stefan Norberg (stnor
sweden.hp.com)
Fri, 16 Jul 1999 12:21:51 +0200
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Sean Costello: "Re: ODBC in DMZ"
- Previous message: Stefan Norberg: "Re: Bastions and Setup.exe"
C.K,
Can remember what port Orcale is defaulting to - but yes - it's uses sockets
(one port).
I am also pretty sure the Oracle driver does only clear text. VPN or a
hardware crypto box will solve the problem.
/stefan
----- Original Message -----
From: C. K. Lung <clunghotmail.com>
To: Firewall-Wizards <firewall-wizardsnfr.net>
Sent: Friday, July 16, 1999 04:29
Subject: RE: ODBC in DMZ
> Hi Stefan;
>
> Thank you for your detailed explanation. It is very useful.
>
> What if we are using Oracle instead of MS SQL? Would it be the same? If
I
> have VPN, would it overcome the problem of clear text? Any input is
greatly
> appreciated.
>
> Best regards,
>
> C.K.
>
> > -----Original Message-----
> > From: Stefan Norberg [mailto:stnorsweden.hp.com]
> > Sent: Thursday, July 15, 1999 5:16 AM
> > To: C. K. Lung
> > Subject: Re: ODBC in DMZ
> >
> >
> > C.K.,
> > ODBC is not a communications protocol. It relies on an underlying
> > communications mechanism.
> > For example:
> > A client can access a MS SQL-server (using ODBC), via Named Pipes
> > (yuck :P),
> > MS RPC or TCP/IP Sockets (default port is 1433).
> >
> > In a DMZ I would recommend sockets, although this communication
> > is in clear
> > text, because it's only one port to open up.
> >
> > MS RPC is all high ports in all directions plus tcp/135. Named Pipes is
> > NetBIOS-ssn (tcp/137).
> >
> > Use strong passwords. If possible - make the DB-replica read-only.
> >
> > /stefan
> >
> > -------------------------------------------------------------------
> > Stefan Norberg (stnorsweden.hp.com)
> > HP Consulting
> > PGP-key: http://people.hp.se/stnor/stnor.asc
> > KeyID: 2048-1024/0x06795314
> > Fingerprint: FB30 E334 8F04 F7D6 1FE7 2DFA 31D9 9052 0679 5314
> >
> > ----- Original Message -----
> > From: C. K. Lung <clunghotmail.com>
> > To: Firewall-Wizards <firewall-wizardsnfr.net>
> > Sent: Wednesday, July 14, 1999 02:34
> > Subject: ODBC in DMZ
> >
> >
> > > A user needs to use ODBC access a program in DMZ. Do I need to
> > open ports
> > > or/and socket to allow the access? What kind of security risk it
would
> > > post? Any comments/suggestions are greatly appreciated.
> > >
> > > Sincerely,
> > >
> > > C.K.
> > >
> >
> >
> >
>
- Next message: Sean Costello: "Re: ODBC in DMZ"
- Previous message: Stefan Norberg: "Re: Bastions and Setup.exe"
This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:19:03 CDT