Secure SQL Database with TDE Thomas Chan SQL Saturday 445 - Raleigh.

Slides:

Advertisements

Similar presentations

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Advertisements

Oracle Database Security

FlareCo Ltd ALTER DATABASE AdventureWorks SET PARTNER FORCE_SERVICE_ALLOW_DATA_LOSS Slide 1.

Principles of Information Security, 2nd edition1 Cryptography.

On-Premises VM Microsoft builds both SQL Server and Microsoft Azure Thus it can provide end-to-end experiences that are optimized and use.

Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, Java Version, Third Edition.

Gavin Payne Transparent Data Encryption The Hows, Whys and Whens.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Notes: Update as of 12/31/2010 inclusive. Chart counts NIST CVE – Reported Software Flaws by “published” date, utilizing the NIST NVD. SQL Server.

Module 14: Scalability and High Availability. Overview Key high availability features available in Oracle and SQL Server Key scalability features available.

BARBARIN DAVID SQL Server Senior Consultant Pragmantic SA SQL Server Denali : New administration features.

Mobility Methods for document access while away from the office.

November 2009 Network Disaster Recovery October 2014.

Chapter 10 : Designing a SQL Server 2005 Solution for High Availability MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design.

Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 

Data Management Conference Data Security for Audit and Compliance Terry Room Architect, Microsoft Ltd London September 29th.

Roy Ernest Database Administrator Pinnacle Sports Worldwide SQL Server 2008 Transparent Data Encryption.

Sofia, Bulgaria | 9-10 October SQL Server 2005 High Availability for developers Vladimir Tchalkov Crossroad Ltd. Vladimir Tchalkov Crossroad Ltd.

DATABASE MIRRORING  Mirroring is mainly implemented for increasing the database availability.  Is configured on a Database level.  Mainly involves two.

Rajib Kundu Agenda Definitions Failover Cluster Database Snapshots Log shipping Database Mirroring.

Additional Security Tools Lesson 15. Skills Matrix.

Transparent Data Encryption

Module 5: Upgrading to SQL Server 7.0. Overview Planning an Upgrade Preparing to Upgrade Verifying the Upgrade Setting a Compatibility Level.

Module 15 Managing Windows Server® 2008 Backup and Restore.

SharePoint enhancements through SQL Server RSS integration with SharePoint What’s New Elimination of IIS

SQL School is strongly committed to provide COMPLETE PRACTICAL REALTIME Trainings on SQL Server Technologies – Dev, SQL DBA, MSBI (SSIS, SSAS, SSRS) and.

User Manager Pro Suite continued… All-in-One Security, Management & Reporting.

Module 7: SQL Server Special Considerations. Overview SQL Server High Availability Unicode.

Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.

Data Disaster Recovery Planning Greg Fibiger 1/7/2016.

MISSION CRITICAL COMPUTING SQL Server Special Considerations.

C Copyright © 2007, Oracle. All rights reserved. Security New Features.

Log Shipping, Mirroring, Replication and Clustering Which should I use? That depends on a few questions we must ask the user. We will go over these questions.

The Encryption Primer Steve Jones Editor SQLServerCentral.

Over 18 yrs experience with SQL Server

SQL Server High Availability Introduction to SQL Server high availability solutions.

Security Policy and Key Management Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric. Tina Stewart, Vice President.

AGENDA 1.Importance of backups and backup strategy 2.Full DB backup and Restore 3.Filegroup Backup and restore 4.File Backup and Restore 5.Page restore.

Hacking Exposé Using SSL to Protect SQL Connections.

William Durkin A Gourmet Menu of SQL Server High Availability Options.

AlwaysOn In SQL Server 2012 Fadi Abdulwahab – SharePoint Administrator - 4/2013

SQL Server Encryption Ben Miller Blog:

ORACLE's Approach ORALCE uses a proprietary mechanism for security. They user OLS.... ORACLE Labeling Security. They do data confidentiality They do adjudication.

Microsoft Connect /23/ :39 PM

Securing Your Data With SQL 2016 (An overview of Always Encrypted)

Use relational database as a service

Partial Database Availability

On-premise database. Files in the cloud.

Curacao SQL Saturday June 11, 2016

Refresh a 1TB+ database in under 10 seconds…

Navigating the options for Data Redundancy

Chapter 5 : Designing Windows Server-Level Security Processes

Planning an Effective Upgrade from SQL Server 2008

Finding more space for your tight environment

A Technical Overview of Microsoft® SQL Server™ 2005 High Availability Beta 2 Matthew Stephen IT Pro Evangelist (SQL Server)

From Basic to Something More

Encryption in SQL Server

Windows Azure Migrating SQL Server Workloads

Contained DB? Did it do something wrong?

From Basic to Something More

Required 9s and data protection: introduction to sql server 2012 alwayson, new high availability solution Santosh Balasubramanian Senior Program Manager.

Encrypting Data within SQL Server

Universal SQL Installations Framework (Script review and Demo)

Encryption Not just for the NSA anymore

Migrating your SQL Server Instance

SYED SAJID WASIM SQL SERVER ALWAYS ON Step by Step.

End to End Security and Encryption in SQL Server

Secure/Encrypt SQL Server Database With TDE

AWS S3 Cloud Backup Licensing per system Starting at $79 per year.

The DBA Quit and now you’re it:

Presentation transcript:

Secure SQL Database with TDE Thomas Chan SQL Saturday Raleigh

Thanks Vendors

How am I ?  Work for Virginia.gov as SQL DBA.  18+ year in IT.  Love computer, database and Sid Meier's Civilization.

Agenda  Why encrypt database ?  Where can I encrypt SQL database ?  What is TDE ?  How does it work ?  Pros and Cons !  Demos

Why encrypt database ?  Protect sensitive data against un-authorized user (OS and data store).  Compliance with standards and policies (business or legal).

Standards  PCI DSS – financial/payment (credit card).  HIPAA – health/medical.  FERPA – education and family.  Sarbanes-Oxley Act (SOX) – US corporation, accounting and communication.  PII – personal identifiable information.

Where can I encrypt SQL data(base) ? SQL functions TDE SSL

What is TDE ? Database TDE

What is TDE ?  One more layer to protect data.  Encrypt at page level on the fly. It means data, log and backup files are encrypted.  Does not encrypt columns or connections.  Algorithm: AES 128, 192, 256 and Triple DES

Encryption Hierarchy  Windows level: Data Protection API (DPAPI)  SQL Instance level: master key and certificate  Database level: database master key and encryption key

Encryption Hierarchy 2 SQL Instance Windows / OS Database

Encryption Hierarchy 3

Pros and Cons  Encrypt database files: backup, transaction log and data files  Protect data against lower level access like OS users  Low performance cost  It is transparent, no coding  Does not encrypt memory or file streams data  Does not encrypt connections  Must have SQL enterprise or developer edition PROS CONS

Other considerations  Always encrypt TempDB (pro or cons)  Master key dependency (may use SQL EKM capability or EKM software)  Works with high availability and disaster recovery options: failover clustering, mirroring and log shipping  Replication data is not encrypted when it travels between servers (plain text)  Does not work “well” with compression

Demo  Enable TDE  Disable TDE  Show data and backup file before and after in notepad  Monitor enabling operation  Restore database with TDE enabled in 2 nd instance  TDE working with log shipping

Demo 3  Sata 5400 rpm  1 GB  1 min 20 sec  SCSI rpm  much faster

Reference  Understanding TDE us/library/bb934049(v=sql.120).aspx  Protecting SQL Server Data – John Magnabosco Magnabosco/dp/  Extensible Key Management (EKM) us/library/bb895340(v=sql.120).aspx

Questions ?