لطفا منتظر باشید ...
Public services like Web sites are often designed to communicate with database servers, and databases are often used to collect sensitive data from public Internet users, such as credit card information. Because this data must eventually reach the interior of the network, a connection from the Internet through to the private network must exist. Determining how to secure necessary connections between public servers and sensitive private servers is the most difficult aspect of implementing Internet security.To complete this lesson, you will need
The dc01.domain.Fabrikam.com certificate authority
The ISA server configured in Lesson 1
A newly installed Microsoft SQL Server configured in the private network on address 192.168.241.130You can download an evaluation version of Microsoft SQL Server 2000 at www.microsoft.com/sql.
A workstation or server running Windows 2000 configured in the 10.0.0.0 perimeter network
After this lesson, you will be able to
Understand the proper place for public servers in your network
Configure SQL Server for protocol encryption
Configure a firewall to allow SQL data to pass through
Estimated lesson time: 45 minutes
Protecting Public Database Servers
Protecting servers that actually store critical data, such as e-mail and database servers, is vital. Protecting Web servers is somewhat less important if the Web service has been properly separated from other services so that the Web server does not store sensitive information. A server that provides only the Web service will be running from a relatively static set of Web pages or Web applications that connect to dynamic data on a database server. If the Web server is somehow exploited or destroyed, it can be quickly replaced from a backup or another member of a Web service cluster, so the only real security concern is ensuring that the data is not compromised.As long as a successful attack on a Web server does not allow further attacks to the interior of the private network, your data will remain secure. Remember to secure your database servers against your own front-line Web servers when you implement security, under the assumption that the Web servers might someday be exploited.The Proper Place for Database ServersBecause data servers require strong security and communicate closely with other enterprise systems, it is normal practice to place them inside the private network and provide access to them through a proxy server like ISA Server. The firewall or proxy is then configured to allow only Web servers in the perimeter network to connect to the database servers, and only on the service port required for data connectivity, such as the SQL Server TCP port. Furthermore, the connection should be encrypted for maximum security, to prevent hackers who might have exploited another Web server inside the perimeter network from sniffing the network to determine passwords that will allow access to private machines.This configuration prevents any computers on the Internet from connecting to the database servers, and it prevents even the perimeter network-based Web servers from connecting using any method other than the SQL Service port. In addition, by using certificate-based data encryption, you can make it impossible for other machines to impersonate the Web servers to gain access to the SQL server. The only possible exploit with these levels of security in place would be to compromise the Web server itself, and then install software to query the database directly to retrieve data. The database is still protected by logon authentication, which could possibly be determined by examining the source code of applications that run on the Web server and connect to the database server.By strongly securing Web servers and monitoring them for intrusion attempts, you practically eliminate an attacker's ability to exploit them and bounce through the perimeter network to the database server. However, because a connection must exist for the service to function, you can never completely eliminate the possibility of attack.Securing Microsoft SQL ServerMicrosoft SQL Server supports the ability to encrypt communications over TCP/IP connections to the server using Secure Sockets Layer (SSL), which is based on machine SSL certificates. By installing an SSL certificate on a SQL server and configuring the server to require encryption, you can prevent all computers that do not have valid machine certificates from the same root certificate authority (CA) from being able to connect to the SQL data service. By using a firewall to eliminate access to other ports, you can prevent exploitation of the machine by any untrusted machine. This feature allows you to establish the strongest level of database server security possible.When you proxy connections through an ISA server on a single TCP port, you must configure the SQL server and the client to communicate using the TCP/IP network library rather than the traditional named pipes network library. Because all other ports are closed, you will find that Windows integrated authentication is not available?it runs on a separate service port. To connect to a SQL server securely through the SQL Server port alone, you must use SQL Server authentication.Always change the default SA (system administrator) password in SQL Server. By default, the password is empty and anyone can use it to connect to a database server. There is currently a worm released on the Internet that exploits that fact to gain access to SQL servers, and an empty password would be an open invitation to any hacker who exploited a Web server connected to a database server.SQL Server supports encryption over the SQL Server protocol by using SSL. SSL is used to encrypt the data stream before the stream is transmitted, so it can be correctly proxied by ISA Server, unlike IPSec connections, which cannot be proxied or network address translated. You should always use SSL encryption on SQL data streams that flow over the Internet to protect data and SQL authentication information from exposure.
Practice: Establishing SQL Server Security for the Internet
In this practice, you use ISA Server to proxy connections between the perimeter network and an internal SQL server, in preparation for establishing a perimeter Web server that will use data stored on the private SQL server.In this practice, you will place a SQL server inside the private network, publish it to the perimeter network using Microsoft ISA Server, and then configure the SQL server to accept only encrypted connections. This will prevent any computer that does not have a valid certificate from your root CA from establishing a connection to the SQL server.This exercise requires three computers: the ISA server configured in Lesson 1, a Windows 2000 workstation or server located in the perimeter network (10.0.0.0 network), and a Windows 2000 server running Microsoft SQL Server 2000.Before you perform these exercises, perform a default installation of Microsoft SQL Server 2000 and configure it to use both Windows integrated and SQL authentication. In this exercise, the SQL server is named SQL.domain.Fabrikam.com and it has an IP address of 192.168.241.130.In production environments, once you test connectivity between the perimeter network machine and the SQL server, you are ready to deploy the Web application on the perimeter network machine that requires access to the database server.Exercise 1: Publishing the SQL ServerIn this exercise, with the SQL server inside the private network, you publish it to the perimeter network using ISA Server.To publish the SQL Server to the perimeter network
Log on to the ISA Server as the administrator.
Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
In the console tree, click Publishing. The Configure Publishing Policy page appears, as shown in Figure 11.12.
Figure 11-12.
The ISA Server publishing policy page
Click Publish Servers. The Publish Servers page appears.
Click Publish A Server. The New Server Publishing Rule Wizard appears, as shown in Figure 11.13.
Figure 11-13.
The New Server Publishing Rule Wizard
Type SQL Server in the Server Publishing Rule Name box, and click Next.
The Address mapping page appears. Type the internal IP address of the SQL server, 192.168.241.130, in the IP Address Of Internal Server box.
Click Browse, and then click OK to select the External IP Address On ISA Server.
Click Next. The Protocol Settings page appears.
Select Microsoft SQL Server in the Apply The Rule To This Protocol drop-down list, and click Next.
In the Client Type page, select Any Request, and click Next.
Click Finish to close the wizard. A new server will appear in the published servers list.
Exercise 2: Enabling SSL Encryption on the SQL ServerIn this exercise, you configure the SQL server to accept only encrypted connections by requiring protocol encryption and then installing an SSL encryption certificate.To force encryption on the SQL server
Click Start, point to Programs, point to Microsoft SQL Server, and click Server Network Utility. The SQL Server Network Utility dialog box appears as shown in Figure 11.14.
Figure 11-14.
The SQL Server Network Utility dialog box
Select the Force Protocol Encryption check box.
Click OK to close the Network Server Utility dialog box.
Click OK when a message box appears informing you that changes will not take effect until the SQL Server service is restarted.
Right-click the SQL Server icon in the system tray, and click Stop.
When a message appears asking if you're sure, click Yes.The System Tray icon appears with a red stop icon, indicating that the service is stopped.
Right-click the SQL Server icon in the system tray, and click Start.Notice that you cannot start the service. This occurs because no valid SSL Encryption certificate for the server exists in the certificate store.
To install an SSL encryption certificate for the SQL server
Open Internet Explorer and browse to http://dc01/certsrv. The Microsoft Certificate Services Web page appears.
Select Request a Certificate, and click Next. The Choose Request Type page appears.
Select Advanced Request, and click Next. The Advanced Certificate Request page appears.
Select Submit a Certificate Request To This CA Using A Form, and click Next. The Advanced Certificate Request page appears.
In the Certificate Template list box, select Web Server. The page changes to the Advanced Certificate Request page, as shown in Figure 11.15.
Figure 11-15.
Requesting a SQL certificate
Type SQL.domain.fabrikam.com in the Name box.The name you type in the Name box must exactly match the server's fully qualified domain name for the SSL Certificate to be recognized by the SQL Server service. To find out exactly what your server's fully qualified domain name is, open a command prompt on the SQL server, and ping local-host. The name returned is your server's fully qualified domain name.
Type rootca@Fabrikam.com in the E-Mail box.
Select Microsoft Enhanced Cryptographic Provider in the CSP list box.
Select Use Local Machine Store.
Click Submit. After a moment, the Certificate Issued page appears.
Click Install This Certificate. The Certificate Installed page appears.
Close Internet Explorer.
Right-click the SQL Server system tray icon, and click Start. The SQL Service starts.All SQL communications with this server will now be encrypted for all clients. Clients must have a valid machine certificate from the same root CA installed to communicate with this server.
Exercise 3: Verifying SQL Connectivity Through the FirewallIn this exercise, you use SQL management tools to verify that SQL is connected through the firewall. First, you install the tools, and then you test connectivity through the ISA server using SSL encryption from the perimeter network.If the query analyzer is already installed on your Windows 2000 client machine, you can skip this procedure.To install SQL management tools
Log on to a Windows 2000 client machine in the perimeter network.
Insert the SQL Server CD, or unpack the SQLEVAL file.
Browse to the root of the CD or c:\sqleval.
Double-click Autorun. The Microsoft SQL Server 2000 installer screen appears.
Click SQL Server 2000 Components. The components screen appears.
Click Install Database Server. Microsoft SQL Server 2000 installation wizard appears.
Click Next. The Computer Name page appears.
Ensure that Local Computer is selected, and click Next. The Installation Selection page appears.
Ensure that Create A New Instance Of SQL Server, Or Install Client Tools is selected, and click Next. The User Information page appears.
Type Administrator in the Name box and Fabrikam in the Company box, and then click Next.
When the Software License Agreement page appears, click Yes.
On the Installation Definition page, select Client Tools Only, and click Next.
In the Select Components page, clear the Books Online and Development Tools check boxes.
Select Management Tools. Clear Enterprise Manager, Profiler, DTC Client Support, and Conflict Viewer.You should have only Query Analyzer selected in the Sub-Components list, and Management Tools and Client Connectivity selected in the Components list, as shown in Figure 11.16.
Figure 11-16.
Installing the Query Analyzer
Click Next. The Start Copying Files page appears.
Click Next. Setup installs the Query Analyzer.
When the Query Analyzer is installed, the Setup Complete message appears. Click Finish to close the installer.
To test connectivity through the ISA server using SSL encryption
Click Start, point to Programs, point to Microsoft SQL Server, and click Query Analyzer. The Query Analyzer, which allows you to check SQL connections, appears as shown in Figure 11.17.
Figure 11-17.
The Microsoft Query Analyzer
In the SQL Server box, type 10.0.0.90.Why do you enter the IP address of the ISA server rather than the IP Address of the SQL server in the SQL Server box?
Ensure that SQL Server Authentication is selected and that the Login Name is sa. Type the sa password in the Password box, and then click OK.The SQL Query Analyzer Object Browser, shown in Figure 11.18, appears showing the SQL server and the list of default databases configured. Notice that you can browse through the objects on the database server by expanding the databases in the Object Browser.
Figure 11-18.
Browsing the database through an encrypted connection
Close the SQL Query Analyzer.
Lesson Review
The following questions are intended to reinforce key information in this lesson. If you are unable to answer a question, review the lesson and try the question again. Answers to the questions can be found in the appendix.
Which public security problem represents more risk for most businesses: the exploitation of a Web server or the exploitation of a database server?
What is the proper security zone for a database server in a typical network architecture?
How does ISA Server secure Microsoft SQL Server database servers?
How does SQL Server ensure that only specific clients can connect to it?
Lesson Summary
Database servers that communicate with Web servers are a dangerous security problem because they can be exploited if the Web servers they communicate with are exploited. Successful attacks against Web servers are common, and subsequent attacks against database servers are common as well. Web servers do not usually store crucial data, but database servers usually do, so their security is actually far more important.
Because of the requirement to communicate closely with other enterprise systems and to be as protected as possible, database servers are normally placed inside private networks even when they have to communicate with Web servers in the perimeter network. Special security measures such as protocol proxying and encryption can help prevent attacks against database servers.
Microsoft SQL Server can by proxied securely by Microsoft ISA Server. As with all proxy connections, the TCP/IP layer is broken at the proxy and regenerated, so TCP/IP layer attacks will not reach the database server.
Microsoft SQL Server supports SSL encryption of the TCP/IP SQL protocol, so that attackers cannot observe communications and so that the client and server can authenticate one another using certificates, which prevents unauthorized computers from connecting to the server.
