I'm planning on provisioning a web server and database server in a server farm environment. They will be in the same network but not in the same domain, both windows server 2008 and the database server is sql server 2008. My question being, what is the best way to secure data in transport between the servers? I've looked into IPSEC and SSL but not sure how to go about implementing either.
A:
As you mentioned, IPSEC is your best bet for SQL traffic (port 1433), and SSL for web traffic (port 443).
IPSEC can be enabled through Group Policy in Active Directory.
My knowledge of IPSEC is limited but I believe that the encrypted traffic is put into a tunnel, which then travels through a different port.
When IPSEC is then turned on, traffic over port 1433 can then be blocked either through an ACL or a Firewall, thus ensuring your SQL traffic is completely secure.
If you have the ability to configure Group Policy yourself you may find this link useful.
http://www.petri.co.il/configuring_ipsec_policies_through_gpo.htm
Damien Dennehy
2010-06-16 23:27:01