Hacking Exposé Using SSL to Protect SQL Connections.

Slides:

Advertisements

Similar presentations

Internet Protocol Security (IP Sec)

Advertisements

Transfer Content to a Website What is FTP? File Transfer Protocol FTP is a protocol – a set of rules Designed to allow files to be transferred across.

Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.

Chapter 1: Fundamentals of Security JV Note: Images may not be relevant to information on slide.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Cryptography and Network Security

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Encryption, SSL and Certificates BY JOSHUA COX AND RACHAEL MEAD.

Session Hijacking Why web security depends on communications security and how TLS everywhere is the only solution. Scott Helme - 6th Aug scotthel.me.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Database Encryption. Encryption: overview Encrypting Data-in-transit As it is transmitted between client-server Encrypting Data-at-rest Storing data in.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

Cryptography and Network Security Chapter 17

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Chapter 8 Web Security.

SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.

Networking Basics Lesson 1 Introduction to Networks.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

©G. Millbery 2001Communications and Networked SystemsSlide 1 Purpose of Network Components  Switches A device that controls routing and operation of a.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Chapter 4 Getting Paid. Objectives Understand electronic payment systems Know why you need a merchant account Know how to get a merchant account Explain.

Introduction to Secure Sockets Layer (SSL) Protocol Based on:

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

ECE Prof. John A. Copeland fax Office: Klaus 3362.

Secure Socket Layer (SSL) and Secure Electronic Transactions (SET) Network Security Fall Dr. Faisal Kakar

MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Four Windows Server 2008 Remote Desktop Services,

Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Web Security : Secure Socket Layer Secure Electronic Transaction.

Linux/Windows File Sharing Othman Almazrooa CEN Student, Eastern Kentucky University.

Building Security into Your System Bill Major Gregory Ponto.

1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.

IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It.

Extending SQL Server Integration Services Bret Stateham Training Manager Vortex Learning Solutions blogs.netconnex.com.

SSL. Why Is Security Important ●Security is important on E-Commerce because it makes sure that your information gets from your computer to their server.

1 Chapter Overview Planning to Install SQL Server 2000 Deciding SQL Server 2000 Setup Configuration Options Running the SQL Server 2000 Setup Program Using.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Understand Internet Security LESSON Security Fundamentals.

Access The L Line The Express Line to Learning 2007 L Line L © Wiley Publishing All Rights Reserved.

INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.

1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.

Distributed Systems Ryan Chris Van Kevin. Kinds of Systems Distributed Operating System –Offers Transparent View of Network –Controls multiprocessors.

“Candidates were not advantaged by defining every type of operating system provided as examples in the explanatory notes of the standard. Candidates who.

Securing Access to Data Using IPsec Josh Jones Cosc352.

Secure SQL Database with TDE Thomas Chan SQL Saturday Raleigh.

ENCRYPTION, SSL, CERTIFICATES RACHEL AKISADA & MELANIE KINGSLEY.

Azure SQL Database Updates

Data Virtualization Tutorial… SSL with CIS Web Data Sources

IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It works.

Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein

SQL Server 2016 Security Features

Unit 8 Network Security.

Designing IIS Security (IIS – Internet Information Service)

Presentation transcript:

Hacking Exposé Using SSL to Protect SQL Connections

Who Am I? WaterOx Consulting SQL Server MVP Friend of Redgate PASSDC SQL Saturday DC & Nova Scotia SQL Summer Camp

WaterOxConsulting.com Concierge DBA® Services Customized SQL Training Sp_WOxCompliant

What is Hacking?

How safe is your data? Hacking / Cracking Modifying computer hardware or software Accomplish goals outside of original purpose Measures taken to protect your data Primarily at rest In motion over the network Not always the case

Easy to get tools RawCap Command line tool Run from USB Captures packets into a file for reference later WireShark GUI Captures packets as well Reads other capture files Lots of others out there

DEMO

What to do?

SSL Definition Secure Socket Layer Standard security technology Provide communication security over network Encrypts data flowing between parties Primarily prevent eavesdropping and tampering

How SSL Works 1.Client attempts to connect to server 2.Server send client copy of certificate 3.Client confirms trust 4.Server sends back acknowledgement to start SSL Session 5.Encrypted data shared between client and server

Lockdown

Secure Your SQL Server Connection 1.Create / Obtain SSL Certificate 2.Grant permissions to use certificate 3.Enable SSL in SQL Server 4.Connect

DEMO

No single solution Data in motion SSL – encrypt connections File encryption tools Data at rest TDE Column level encryption

Gotchas SSL 3.0 is no longer good enough Need to consider TLS instead TLS needs the first name on the certificate to be the SQL Server SQL Azure is protected SQL on an Azure VM, is not Need to treat like physical server Force Encryption does not need a certificate

Review By default connections are not encrypted Need to setup SSL (self signed minimum) Requires restart Encrypts data being transmitted No one solution Protect data in transit Protect data at rest Separation of duties

Cont WaterOxConsulting.com Session Eval LinkEvent Eval Link