Best practice for ONLY allowing MySQL access to a server?

Posted by Calvin Froedge on Server Fault See other posts from Server Fault or by Calvin Froedge
Published on 2010-12-29T00:39:57Z Indexed on 2010/12/29 0:55 UTC
Read the original article Hit count: 252

Filed under:
|
|
|

Here's the use case:

I have a SaaS system that was built (dev environment) on a single box. I've moved everything to a cloud environment running Ubuntu 10.10. One server runs the application, the other runs the database. The basic idea is that the server that runs the database should only be accessible by the application and the administrator's machine, who both have correct RSA keys.

My question:

Would it be better practice to use a firewall to block access to ALL ports except MySQL, or skip firewall / iptables and just disable all other services / ports completely? Furthermore, should I run MySQL on a non-standard port? This database will hold quite sensitive information and I want to make sure I'm doing everything possible to properly safeguard it.

Thanks in advance. I've been reading here for a while but this is the first question that I've asked. I'll try to answer some as well = )

© Server Fault or respective owner

Related posts about ubuntu

Related posts about mysql