We have been running a standalone SQL2005 box which uses a dedicated
webserver for the last 12 months and both sit on our perimeter (DMZ) zone.
The SQL box is now due to be replaced by a failover SQL cluster. Failover
clusters requires domain access and therefore it will have to sit on the
TRUSTED zone but now we face a real security issue with how the webserver
(in the DMZ) can safely talk to the cluster (in the TRUST) without
compromising security. I can maybe live with opening 1433 for SQL as it will
still require authentication, but .NET on the DMZ webserver will still
require port 80 to be open to the cluster. Am I missing something here,
surely this can't be done safely? I fear the only "safe" method is to create
a new standalone domain in the DMZ to facilitate the SQL cluster as this
seems to be the only way for the failover cluster to sit in the DMZ. How
else can the DMZ webserver talk to the SQL Cluster if the cluster sits in
the Trusted zone? Is PAT a safe alternative? Any advice appreciated Thanks

Why do you have a "trusted" network defined at all? To protect the assets
in that location and to secure them from the "untrusted" users in the DMZ.

If this is true, then why would anyone place a database server, the system
that hosts the most sensitive information asset in the organization, on an
"untrusted" network?

Given you accept the viewpoint above, then you must decide on how to connect
application services across the boundary.

We have accomplished this in several different frameworks. The most import
decision is whether to choose SQL Server or Windows authentication, the
latter being more secure. The main reason is because SS authentication must
transmit the login credentials to the DBMS across the network, and is
subject to interception.

The following references detail how to construct this. The WSSRA is by far
the most secured implementation, but it will require a quite robust security
infrastructure. At the very least, you will need to consider the use of
IPSEC and/or SSL to secure the communications between the database tier and
the others (preferable a middleware component, but, perhaps, directly
between the presentation tier--Web--and data services).

Building Secure ASP.NET Applications: Authentication, Authorization, and
Secure Communication
http://msdn2.microsoft.com/en-us/library/aa302415.aspx

Building Secure ASP .NET Applications .pdf Download
http://www.microsoft.com/downloads/details.aspx?familyid=055FF772-97FE-41B8-A58C-BF9C6593F25E&displaylang=en

Windows Server System Reference Architecture
http://www.microsoft.com/technet/solutionaccelerators/wssra/raguide/default.mspx

Windows Server System Reference Architecture (WSSRA)
http://www.microsoft.com/downloads/details.aspx?familyid=D44E34EC-B4E2-49A1-9F40-9ED4BA3765DF&displaylang=en


Best of luck.

Sincerely,


Anthony Thomas


--

[quoted text, click to view]