We have several applications that are installed in several departments that interact with database via Intranet. Users tend to use weak passwords or store login/password written on a sheets of paper where everybody can see them. I'm worried about login/password leakage & want to minimize consequences. Minimizing database-server attack surface by hiding database-server from Intranet access would be a great idea also.
I'm thinking about intermediary data access service method-based security. It seems more flexible than table-based or connection-based database-server one. This approach also allows to hide database-server from public Intranet.
What kind of .net technologies and best practices would you suggest?
Thank in you in advance!