dcsimg
Results 1 to 7 of 7

Thread: Static IP address and server security

  1. #1

    Thread Starter
    Hyperactive Member Peekay's Avatar
    Join Date
    Sep 2006
    Location
    Witbank, South Africa
    Posts
    430

    Static IP address and server security

    I have set up my local server with SQL Server to receive HTTP requests from the internet via our static IP modem. On the server there are also many company documents which can be downloaded to our users worldwide, via HTTP requests to this server.
    I have Windows Defender defending the lot.
    How can I properly ensure the security of all the information on the server.

    Thanks
    PK

  2. #2
    Frenzied Member PlausiblyDamp's Avatar
    Join Date
    Dec 2016
    Location
    Newport, UK
    Posts
    1,165

    Re: Static IP address and server security

    At the very least I would want a decent firewall between this server and the internet that only allows the specific http ports through. IF I am being really honest though I wouldn't consider putting anything that is considered private to the company on a machine that is directly connected to the internet anyway. If you need to give access to certain resources then put them on their own machine and give access to that machine.

    Also you have posted this in the VB6 area but the question isn't related to VB6 so I have asked the Mods to move it to a more appropriate forum.

  3. #3
    Super Moderator Shaggy Hiker's Avatar
    Join Date
    Aug 2002
    Location
    Idaho
    Posts
    34,704

    Re: Static IP address and server security

    That's an important topic, but not one which is programming related, and not one that we have a specific forum for. Therefore, I moved it to General PC, where people do cover such topics, when they arise.
    My usual boring signature: Nothing

  4. #4
    Frenzied Member jdc2000's Avatar
    Join Date
    Oct 2001
    Location
    Idaho Falls, Idaho USA
    Posts
    1,575

    Re: Static IP address and server security

    I assume that you require login credentials from anyone wanting access to that system.

    You would want to monitor the log files for hacker login attempts, maybe use a vulnerability scanner to check for issues, limit failed login attempts, and, since you have this on an SQL Server, make sure that there are no SQL login credentials that could be easily guessed. This is just for starters. Any system that you have visible on the Internet is being attacked daily by hackers.

  5. #5

    Thread Starter
    Hyperactive Member Peekay's Avatar
    Join Date
    Sep 2006
    Location
    Witbank, South Africa
    Posts
    430

    Re: Static IP address and server security

    jdc2000

    I assume that you require login credentials from anyone wanting access to that system.
    Only users authenticated by their Windows OS and by my program may send HTTP messages and it is sent serialized and cannot (I think) be deciphered.

    Shaggy Hiker

    At the very least I would want a decent firewall
    I am not sure what a decent firewall is. Presently I use defender as stated, but it is the first time I am using it and I do not know how good it is.
    I used to have Norton, but I have finally had enough of it and deleted that virus (only my personal opinion) from my PC.

    PK

  6. #6
    Frenzied Member jdc2000's Avatar
    Join Date
    Oct 2001
    Location
    Idaho Falls, Idaho USA
    Posts
    1,575

    Re: Static IP address and server security

    The Shields Up page at grc.com might be useful in checking to see what vulnerabilities you have.

    Possibly useful inks:

    https://docs.microsoft.com/en-us/sql...l-server-ver15

    https://www.mssqltips.com/sqlservert...th-sql-server/

    https://searchsecurity.techtarget.co...n-and-database

  7. #7
    Lively Member
    Join Date
    Jun 2019
    Posts
    72

    Re: Static IP address and server security

    This is extremely large topic but here are some ideas:
    - use firewall which is directly connected to the internet - normal router can do that as most have built-in firewall
    - the router forwards only ports required from the internal server which handles HTTP
    - use secure HTTP (HTTPS) so the traffic is encrypted between the server and the client
    - change the HTTPS port from 443 to something different, e.g. 34567 - not the best but avoid scanners for standard services
    - run the SQL server on another machine (not where HTTP services are running)
    - web services should use limited privileges user to access the SQL server
    - use SSL connection from the web services to SQL server
    - keep log of login attempts in your web service
    - keep log of successful attempts
    - analyze successful logins by country and city and lock accounts used outside expected country
    - encrypt files and only users with correct key to be able to decrypt

    There are more but most of the above can be done quickly and (again most of them) do not require additional development.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Featured


Click Here to Expand Forum to Full Width