What are the security risks of using hosted SQL
B"H
Where ever I look I see that no one recommends having your SQL Server available on the Internet (public ip).
Everyone says that you should only have local machines access your sql. If you need to access your sql then you should VPN into your secure network and then have access. or you should proxy your request through a webservice which gives you the exact data you need.
Yet on the other hand I see many companies ready to host SQL and everyone is pushing the cloud.
So what are the security risks of leaving your SQL on the net and how is that mitigated or not applicable when we are talking about SQL Azure from Microsoft, or MySQL in the cloud from amazon or google, or hosting SQL at any of the hosting solutions out there?
Thank you.
Software/Hardware used:
Software/Hardware used:
ASKED:
December 7, 2009 10:17 PM
UPDATED:
September 11, 2012 4:20 PM
Answer Wiki:
When you host your database server on the public internet and have no rules preventing the public internet from accessing it are the same no matter what platform you use. There is the risk of a brute force attack against the database using the administrator account. These admin accounts always have the same username (root for mysql, sa for MS SQL, and system for Oracle) so the only issue becomes finding the password.
Hosting providers (and Microsoft via SQL Azure) will set an extremely hard to find password, and they will change this password on a regular basis.
It is still a best practice to not allow direct access to the database. In fact many hosting providers do not allow direct access to the database servers.
To see all answers submitted to the Answer Wiki: View Answer History.
At least consider setting up a VPN tunnel between your server and your other systems.