From my last question, I have new idea for database protection. The following ports will be connected via SSL only. Is it possible to hack this database server?
PS. This question is not include SQL injection problem.
Thanks,
It's possible to hack just about anything. Your HTTP or (especially) your FTP server could have security bugs in it which open a backdoor. These could be anything from arbitrary code execution under root/Administrator or full filesystem access.
I assume also that your database server is also not bug-free, and could expose all your data.
Obviously, though, having as few ports as possible open is better.
Everything is possible, but sure this decrease the possibilities.
In practice, you can never make your server hacker-proof. As long as hackers have some means to send data to the server, they can potentially exploit security vulnerabilities to do bad things. Limiting the server's surface area, using encryption, and so on all help and make it less likely you'll get hacked, but you're never 100% safe.
I always tell people the only hack-proof server is the one that is unplugged and powered down in the closet.
It is important, when presenting a security solution, do identify what kind of intrusion you are attempting to guard against. Even with only three ports open, even with one for that matter, a successful dictionary attack against accounts accessing the server via FTP port could do some damage.
As a general rule, we do not expose our databases directly outside the network/firewall. Only web or user application servers have exposed ports but nothing that isn't behind the firewall can directly touch the database servers.
This is still vulnerable several ways:
That doesn't mean it's not a good idea to do things this way, but it's dangerous to think this, or anything really, is "hack proof". I'll spare you the typical wisecrack about windows security.