Posted by: Denny Cherry
For those of you in bigger shops you can probably ignore this. If you work in a smaller shop where everything in the datacenter has a public IP, this post is for you.
Most everyone has seen SQL Servers with public IPs and access to port 1433 wide open. This is how things like SQL Slammer get into the network and cause all sorts of problems (among other little nasties).
All to often I see people online asking about putting things like ISA on a DC which is great reuse of resources, until you realize that you now have your domain controller connected to the public Internet. And you have probably done this without a router or hardware firewall between the Internet and your DC making this probably not the best idea as getting into LDAP on the DC probably isn’t that hard as Windows Firewall will probably have those ports open so that AD can function.
But I’ve seen even worse things connected to the Internet over the years. A while back I was looking at a clients SQL Server. I saw EMC’s PowerPath installed so I asked what sort of SAN was behind the unit. The response an EMC CLARiiON (CX4). Since we were having IO issues I asked if I could VPN in (I was using RDP over the Internet up till now directly into the SQL Server) so I could access the CLARiiON. They said no problem, and proceed to give me the two public IPs for their storage array’s controllers. So here I am accessing the storage array over the public Internet without any sort of encryption between me and the array (as far as I know the array doesn’t support HTTPS). If you’ve never seen the EMC Management tool it is a lovely Java app, and Java doesn’t work so well over RDP so I couldn’t access it via the SQL Server which I at least had a somewhat encrypted connection to.
The basic rule with putting stuff on the Internet should be if it doesn’t need to be on the public Internet it shouldn’t be. More specifically if you don’t want your customers to access it keep it off the net. Especially if it is core to your business.
Can you imagine what would happen if someone broke into the storage array. Forget being able to drop tables or databases if they broke into the SQL Server. They could simply delete the hard drive of the SQL Server, delete the RAID group, rebuild the RAID group, and create a new LUN which would then write 0s to the disks pretty much killing any chance of getting anything back from the disks. Poof all gone, business closed all because the array could be accessed from the public Internet.
Something to think about.