Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
axisperfect
Starting Member
21 Posts |
 Posted - 2004-06-28 : 23:52:04
|
We've been reading articles and books left and right here in the office, and I think we're just knocked out by our own confusion.  I was wondering if someone could point us to the right direction on how we should up a secured configuration of our SQL Server 2000 (and possibly IIS).We're deploying a public web application (running IIS 6.0 and ASP). The web machine is publicly accessible. I think this means we gotta allow anonymous access, right?Our database runs on another machine -- both machines are on their own little intranet, but there is NO domain controller. Just a workgroup. We're lost on Authentication modes. Some articles say that Windows Authentication is the most secure -- however, since we don't have a domain and IIS+DB are on separate machines, are we right in assuming we're left with Mixed Mode?Here's a rough draft of what we plan to do:1. Setup IIS to allow anonymous connections (IUSR_)2. Setup our SQL Server on Mixed Mode. Create a role with access to the stored procedures on our database.3. Use that password/ID when setting a connection in our ASP pages to connect to the database.Have we made a big security blunder anywhere here?  |
|
|
derrickleggett
Pointy Haired Yak DBA
4184 Posts |
Posted - 2004-06-29 : 00:10:19
|
| I don't suppose there's anyway you can get a domain can you. :) I don't normally recommend this, but in your case I would probably:1. Change the default SQL Server port to something other than 1433.2. Go with Mixed Mode.3. Get rid of the BUILTIN/Administrators group after creating a DB-Admin SQL Server login with an extremely strong password and granting it the same permissions the BUILTIN/Administrators user has.4. Create logins for the application based on logical roles the application needs. Only grant these users EXEC on procs they absolutely need.5. Change the password on a regular basis, make sure you don't have it anywhere in your code, and possibly setup encryption depending on how sensitive the data is and if you can afford the performance hit.MeanOldDBAderrickleggett@hotmail.comWhen life gives you a lemon, fire the DBA. |
 |
|
|
timmy
Master Smack Fu Yak Hacker
1242 Posts |
Posted - 2004-06-29 : 00:33:41
|
| You've got your plan mostly right, but you shouldn't need to use Mixed Mode. Here's how it could be done:1. Create the IUSR_machinename / IWAM_machinename accounts on the IIS box (they should be there anyway)2. Create identically named and passworded accounts on your SQL Server box. These will be seen as the same account as far as SQL is concerned. Create logins for these users on SQL.Note: the IWAM_ account is only required if you're using out-of-process components such as ActiveX dlls etc |
|
|
|
axisperfect
Starting Member
21 Posts |
Posted - 2004-06-29 : 22:49:06
|
| Hey, thanks for all the recommendations, guys. And to derrickleggett, yeah, getting a domain is unlikely. :P :)So, is creating a duplicate IUSR_machine account preferable so that we can avoid using Mixed Mode? And to do the duplicated account, I wouldn't be able to use the random password, right? I'd have to set one so I could create the same name/password on the DB machine.This by-passes a domain controller, though -- it's just a workaround, right? Would it be as secure? |
|
|
|
Kristen
Test
22859 Posts |
Posted - 2004-06-30 : 05:44:42
|
| You might want to take a look athte MS Best Practices Analyzer - it spotted some goofs in our setup that we had overlooked.Kristen http://www.microsoft.com/downloads/details.aspx?displayla%20ng=en&familyid=B352EB1F-D3CA-44EE-893E-9E07339C1F22&displaylang=en |
|
|
|
|
|
|
|
|
Help? Securing of SQL Server 2000, IIS6.0