If you are developing an on-line store you need to protact your data so the information doesn't go in the wrong hands. Read how Macromedia Dreamweaver MX allows you to safely interact with your database.
There are several aspects to the physical security of your database. They range from how your computers themselves are protected to how your network is set up. How much control you have over these issues varies depending on whether you run your own data center or purchase a hosted solution. Regardless of your situation, you should make sure that the environment you construct or the solution you purchase meets the security level necessary for your project, or else make other arrangements.
The physical security of your database involves several facets. First is the location of the computers that host your data. There are several points to remember when choosing where to set up your data center:
The area should be separated from general office traffic. Ideally, you will be able to lock the room or area to keep out nosey visitors.
The machines should be raised off the floor. You can, of course, purchase expensive raised flooring, but a good set of shelves can accomplish the same thing. Either way, you want the computers a few inches off the floor so that minor water intrusion does not short them out.
The area should be well ventilated and cooled. CPUs and hard drives need good circulation to help keep them cool. Placing exhaust ports up against the wall, or using an area that does not have sufficient air conditioning, is asking for trouble.
Allow room for power protection. In addition to power-loss protection, good power protection units also condition the power coming in to remove spikes that can damage electronic equipment and take your data offline. Remember that most professional units require a 30-Amp circuit and twist-lock receptacles, so make sure you are able to provide that power to the server area.
Fire is an important hazard to consider and can be an expensive one to plan for in a data center environment. Typical fire suppression systems use water. Because water is bad for electronics, data centers often utilize a foam system that puts out fires without soaking the computers. If you cannot afford this kind of system, make sure you do a good job maintaining backups.
In addition to the location of your servers, make sure that you do not invite prying eyes by leaving the computers logged in or leaving the Enterprise Manager running with a table of sensitive data open. Many security procedures are geared toward keeping honest people honest. Don't discount the need to take these simple security steps when your office is subject to visitors or employees who have no need to access database information.
Securing the network
Although there are a number of steps that you can take to augment the security of your network, there are two general topics that bear discussion here. This is not a network topology article and I can’t provide near the level of detail that you will need to implement these tools successfully, but a brief description may send you in the right direction. (There are numerous resources available to help you with the details, too.) The two network tools that you might find useful are proxies and firewalls .
You should know that although a firewall and proxy may perform similar tasks, they are by no means the same thing. The main purpose of a proxy server is to serve as a gateway from a private network to a public network and to offer some caching capability to a number of client machines accessing the Internet through it. A firewall provides a detailed method of separating and protecting private networks, public networks, DMZs (demilitarized zones), and remote access to private networks. That said, a proxy server can offer some limited protection to your online SQL Server.
Using proxy servers
Like Microsoft’s Proxy Server, proxy servers provide a level of translation between a private and public network. For instance, you might construct a private network at your office by assigning non-routable IP addresses to all client machines (say, anything between 192.168.0.1 and 192.168.0.255). This network is private because that IP range, as well as a couple of others, has been deemed as non-routable by the people who deem such things. Those addresses are safe to be used by any network of computers without fear of conflicting with other hosts on the Internet and without fear that those addresses can be accessed from the Internet.
When a private network wants to access a public network, like the Internet, without making the client computers visible to the outside world, a proxy server can be used. The proxy server (usually through a piece of software on the client that manages the connection) takes requests from the private network computers and delivers them to the Internet in their place, acting as a proxy.
When the responses come back, the proxy server receives them and dispatches them to the correct client computer. In this way, all of your client computers can access the Internet over your T1 connection without being exposed themselves. The proxy does this by using two network interfaces: one with a private network IP address and one with a public network IP address.
Ensuring Physical Security
This address translation service can also be used to expose certain parts of a private network to the Internet through the proxy interface. In the case of SQL Server, access to the SQL service itself can be exposed through Proxy Server. All requests to SQL Server come through port 1433 by default.
So if you can expose just port 1433 of a SQL Server, then legitimate activity can proceed without exposing the computer itself to the Internet. Microsoft provides a way to do just that. You can set your SQL Server up behind Proxy Server by following these steps:
Install Proxy Server and get it up and running on the private and public networks.
Install the Proxy Client software on your SQL server, which has only a private network IP address.
Create a file called wspcfg.ini (which stands for "Winsock PC configuration") on the SQL server. This is just a text file with the following lines in it:
Save this file to the Bin directory under the main SQL Server directory on your server.
With Proxy Server running, reboot your SQL server. This configuration file runs each time the SQL Server service is started. If it locates the proxy server that is identified in its client installation, port 1433 is bound to it. Any requests coming to port 1433 at the public network IP address of the proxy server are treated as though they were requests directly to the SQL server. This exposes SQL Server's functionality without exposing the computer itself.
To truly protect a network from the dangers of the Internet, you should consider installing a sophisticated firewall solution. Some are software-based and some are hardware-based, meaning really that they have a dedicated piece of hardware running a software solution. You can also arrange for a managed solution that usually includes hardware, software, monitoring, and maintenance for a monthly fee.
Firewalls provide a much more granular level of control over the addresses and ports of your network and how they are made available to the Internet. Basically, a firewall divides your network into three zones: a private zone that is not visible to the Internet, a public zone that is visible to the Internet, and a trusted zone (or DMZ) that sits between the two. The computers in the DMZ are accessible from the private network and the public network but do not allow traffic through except when they are specifically told to do so.
Firewalls are so named because of their similarity to the brick and mortar structures that are also called firewalls. A firewall in a commercial building provides a barrier to slow down a fire so that it is more readily contained within a controllable area. Firewalls are rated based on how long a fire will take to burn through and encroach on the adjoining area. For example, a two-hour firewall is designed to withstand a fire for two hours, allowing time for action to be taken and the fire put out.
Network firewalls serve much the same purpose. They are designed to slow an attack and alert people that there is a problem, allowing them time to handle the problem before the adjoining network areas are compromised. No solution is perfect and even the best firewall solutions need careful planning, observation, and maintenance to protect your data. There is often a careful balance to be achieved between the access that you need and the danger you are trying to avoid.
Nonetheless, firewalls do present one of the core opportunities that we have to protect stored data. A SQL server is vulnerable to attack from several angles—by taking control of the server itself or by obtaining passwords to its security accounts. SQL servers can often be compromised as a result of an attack on a web server or an e-commerce application.
The protection of your data relies on your ability to protect your entire network from intrusion. Think of your network as one unit and you will have better luck protecting it. Firewalls provide an important step in that direction.