I have an application that runs on a client's server built on a SQL Server 2005 database.
We have now developed an ASP.NET v2 application which connects to this database. This web application will be hosted on an ISP's server but needs to access the SQL Server database on the client's server.
The client's server has a firewall and so forth so I assume it should be possible to make the SQL Server accessible via the Internet but of course I am woriied about security. Can someone point me to some best practices to achieve this.
can you develop a web service to run on the client's server? you probably want to avoid opening SQL Server to the world.
Best practice: DO NOT DO IT. Lets leave security concerns aside - the ip delay will significantly slow you down. Try it out first, but the large ping times MAY be terrible for you.
THat said, all you noramlly have to do (not assuming reconfiguration) is to allow:
* The server somehow to be reached
* On Port 1433 (default port).
Use A VPN or IPSEC to secure traffic and make sure that "accessible through the internet" is not "accessible for every idiot out there". The ISP admin should be able to help you, or the customers admins. But I would not do it - the performance may not be to your liking. Test performance out first.
Related
I have a single Windows application (.NET) on serving as a server and communicating with the database. I also have client Windows applications (.NET) which communicate with the server application. Pretty standard so far.
As of now, I am using the IP address of the server, say "192.168.1.114", which I enter in my client software to establish the link. For instance, "http://192.168.1.114".
Now, I am trying to change that connection to HTTPS. Is there any way I can do that without actually changing the codebase? (I don't have the source code)
Any IIS certificate? Require SSL? Machine Key? Binding? Anything! I just want those packets to not be transmitted with regular HTTP.
Thank you so much, dear Community.
Situation
So I'm thinking about building ASP.NET Core website to host it on Linux based hosting provider. But I still want to use MSSQL database, so best choice for that would be Microsoft Azure.
My Question
Now my question is rather security based, since I know, that hosting them on different providers is totally possible (Regarding this question)
But if I'm about to do so, then how will be my data encrypted? If I'm about to use default HTTP protocol, then I asume, it's not, but if to use HTTPS protocol, it should be encrypted as well? Or how would it work, do I need to setup some other protocols or security for that matter?
My Thoughts
Since Client won't be directly connected with Web Site to Database connection, then there is not chance, that this connection would be listened, yet this "might not be listened" is rather not a far chance. And if HTTPS is included, then all connections should be encrypted, then it should work same with Web Server to Database connection.
You can access Azure SQL from anywhere as long as IP address is in the firewall rule. Since communication to Azure SQL is on SSL/TCP at all times, data is already encrypted.
Ideally, you want to host Azure SQL and web application in same region not to mention same provider. The main reason is your website will be dramatically slow due to network latency, if you host those in different location.
Recently, Azure offers App Service on Linux. It is definitely worth the try, before considering an alternative route.
FYI: Web Apps on Linux does not yet support deployment of .NET Core apps from uncompiled source. You need to publish/compile your .NET Core app locally first, and then push the published site bits to your app.
I have an ASP.NET web application that has been hosted in IIS local Machine.
My Question is :
Is there any free or paid method that allows browsing this web
application from the internet as Host Server ?
Thanks
The easiest way to to publish it directly onto the internet. You do run the risk of attackers then being able to attach your machine, so you will need to brush up on your security skills. It might be worth looking into one of the free hosting options from AWS, Azure or Google Cloud.
To use your local machine as a web server, first, configure it to use a static IP. Its been a while since I've done it on windows, but this looks about right http://www.howtogeek.com/howto/19249/how-to-assign-a-static-ip-address-in-xp-vista-or-windows-7/.
Next you will need to configure port forwarding on your model. You want to send all traffic on port 80 to your machine, using its new fixed IP address. If your using HTTPS as well, configure port 443 to go to your machine. There are too many different modem brands, all of which handle this slightly differently, to consider offering any more help on this. You will need to do some reading up on your particular modem for step-by-step instructions.
If your internet connection is using a fixed IP, then you can stop here.
If not, or if you just want a domain name, then its worth signing up for a dynamic dns service. I use No-ip, its free, it integrates with my modem and I haven't had any problems with it in the last few years. Once this is in place, you will be able to hit your webserver just like a real one. Using something like "http://mypc.no-ip.biz/mydemoapp/
But again, be warned about exposing your machine on the internet. There are nasty people out there who love to hijack other peoples computers.
Update:
This should give you some guidance on port forwarding
http://www.howtogeek.com/66214/how-to-forward-ports-on-your-router/
Try http://www.noip.com I just logged in and it seemed happy. Otherwise, have a click through all the settings in your modem looking for ddns or dynamic DNS. There is usually a drop down of all the providers that it will talk to. And some providers have apps that you run on your PC , which is easier that working with the modem for some. (Or for models that don't support ddns.)
I was planning to have my web application on one server instance, my sql (express) on another instance and a separate domain controller on another. The purpose to allow the asp.net application to access sql server under windows security. This is hosted on a cloud server. Am I getting any security benefit doing this considering its on the cloud server? For example, each 'machine' will have Remote Desktop active.
If it is better than keeping it all on one server instance, what else can i do to maximize security?
Well, separating servers out such that if one is compromised it doesn't lead to a compromise of all your data is a good thing, definitely. That's the main advantage you are getting.
You need to make sure, with the separate layout, that your SQL box doesn't allow connections (to the SQL server) from just any old IP; only the Web server (And, obviously, your external firewall would block that port anyway).
As to what else you can do? Perhaps ask on the networking forums. Many, many things come to mind :)
The environment setup has an ASP.NET webservice on IIS 6 connecting to a SQL Server over the network.
I am trying to understand, whether it's possible to secure the calls between IIS and SQL Server 2008. Is it possible? Is it something on the lines of SSL?
thanks for reading!
If you still want to after Pierreten's answer...
Yes, you can enable SSL Encryption for all SQL Server connections.
SQL Server SSL Encryption, server side, is described here. And in KB 316898 too
"Server side" requires only a server certificate and all connections are encrypted
"client side" requires client certs and is optional, and only for that client
Certain client libraries (notably MS JDBC) do not support server side s you may invalidate your host's monitoring (This has happened to me a time or 2)
a blog entry too
Assuming your SQL box is on the same network as your iis box hosting the service, and both are tucked away behind a firewall, there's no need for that extra security
If both machines are in the same domain, an efficient and easy to manage way to secure the link is by using IPsec.