Allow and restrict remote sql server access

I want to expose my sql server instance via the internet. I've been programming asp.net to sql server for a long time, but for the first time i'm hosting the sql server myself instead of the clients server. So what i want to do is move my sql server from my dev machine at home to a virtual server (yet to hire). But of course i don't want anyone to just enter my sql server but just a few persons. So what i was thinking was to allow only a few ip addresses to the sql server instance.

Can anyone tell me how i can expose my sql server to the internet and limit the access to the instance to only a few ip addresses? And ehm, if you know even better ways to secure it, i'd be happy, because this is the first time for me :)

Michel


Solution 1:

You can use IPsec or the Windows Firewall to do this.

The version of Windows will determine how you do this. More recent versions - eg. Windows Server 2008 and 2008 R2 expose this ability through the Windows Firewall in the control panel.

You'd want to make sure SQL Server is listening on a fixed port number, and then control access to that port by configuring a firewall rule to just allow a specific IP address (or subnet) to connect.

I did a similar thing for a SQL 2000 cluster running on Windows Server 2003. In that case we scripted a whole bunch of IPsec rules to allow only specific machine to be able to connect to the SQL port.

Solution 2:

Install some SSH server on the box, then using PuTTY or any other ssh client, tunnel the SQL server port over the SSH connection. Set server's firewall to allow only SSH connection.

The clients will use the SSH tunnel to reach the server.

Another option would be to use some sort of VPN, but for few persons, the SSH approach is better.