Secure/Encrypt SQL Server Database With TDE

Slides:

Advertisements

Similar presentations

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Advertisements

On-Premises VM Microsoft builds both SQL Server and Microsoft Azure Thus it can provide end-to-end experiences that are optimized and use.

Gavin Payne Transparent Data Encryption The Hows, Whys and Whens.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Notes: Update as of 12/31/2010 inclusive. Chart counts NIST CVE – Reported Software Flaws by “published” date, utilizing the NIST NVD. SQL Server.

Genie Backup ManagerServer 7.0 Product Profile. Copyright© Genie-Soft Corporation All rights reserved. Overview GBM Server 7.0 is a fully integrated.

Windows Azure Migrating SQL Server Workloads Speaker Title Organization.

Chapter 10 : Designing a SQL Server 2005 Solution for High Availability MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design.

Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 

Data Management Conference Data Security for Audit and Compliance Terry Room Architect, Microsoft Ltd London September 29th.

Roy Ernest Database Administrator Pinnacle Sports Worldwide SQL Server 2008 Transparent Data Encryption.

Sofia, Bulgaria | 9-10 October SQL Server 2005 High Availability for developers Vladimir Tchalkov Crossroad Ltd. Vladimir Tchalkov Crossroad Ltd.

DATABASE MIRRORING  Mirroring is mainly implemented for increasing the database availability.  Is configured on a Database level.  Mainly involves two.

Additional Security Tools Lesson 15. Skills Matrix.

Module 7: SQL Server Special Considerations. Overview SQL Server High Availability Unicode.

MISSION CRITICAL COMPUTING SQL Server Special Considerations.

SQL Server 2014, more than just in-memory Eric Zierdt.

Over 18 yrs experience with SQL Server

Secure SQL Database with TDE Thomas Chan SQL Saturday Raleigh.

SQL Server High Availability Introduction to SQL Server high availability solutions.

Security Policy and Key Management Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric. Tina Stewart, Vice President.

AGENDA 1.Importance of backups and backup strategy 2.Full DB backup and Restore 3.Filegroup Backup and restore 4.File Backup and Restore 5.Page restore.

Sql Server Architecture for World Domination Tristan Wilson.

William Durkin A Gourmet Menu of SQL Server High Availability Options.

AlwaysOn In SQL Server 2012 Fadi Abdulwahab – SharePoint Administrator - 4/2013

SQL Server Encryption Ben Miller Blog:

AppAssure 101.  Offers full recovery with an RTO of approx 1 hour  Owned by Dell (acquired in 2012)  Sells direct to customers and through partners.

ORACLE's Approach ORALCE uses a proprietary mechanism for security. They user OLS.... ORACLE Labeling Security. They do data confidentiality They do adjudication.

Microsoft Connect /23/ :39 PM

Azure SQL Database Updates

Introduction to Clustering

Securing Your Data With SQL 2016 (An overview of Always Encrypted)

Migrating to and Integrating with SQL Azure

Use relational database as a service

SQL Server on Linux CTP 1.1 Florian

Turgay Sahtiyan Istanbul, Turkey

THE BATTLE OF CLOUDS Openstack vs. Amazon

On-premise database. Files in the cloud.

Hiding Data from Prying eyes: Using SQL Server 2016 Always Encrypted

Curacao SQL Saturday June 11, 2016

Securing Data with SQL Server 2016

ALWAYSON AVAILABILITY GROUPS

Navigating the options for Data Redundancy

Disaster Recovery Where to Begin

Chapter 5 : Designing Windows Server-Level Security Processes

Planning an Effective Upgrade from SQL Server 2008

Finding more space for your tight environment

A Technical Overview of Microsoft® SQL Server™ 2005 High Availability Beta 2 Matthew Stephen IT Pro Evangelist (SQL Server)

From Basic to Something More

Encryption in SQL Server

Windows Azure Migrating SQL Server Workloads

Contained DB? Did it do something wrong?

Common Security Mistakes

From Basic to Something More

Introduction to SQL Server Management for the Non-DBA

Required 9s and data protection: introduction to sql server 2012 alwayson, new high availability solution Santosh Balasubramanian Senior Program Manager.

Encrypting Data within SQL Server

Tips for SQL Server Performance and Resiliency

Transparent Data Encryption (TDE)

Universal SQL Installations Framework (Script review and Demo)

Encryption Not just for the NSA anymore

Migrating your SQL Server Instance

SYED SAJID WASIM SQL SERVER ALWAYS ON Step by Step.

End to End Security and Encryption in SQL Server

High Availability/Disaster Recovery Solution

AWS S3 Cloud Backup Licensing per system Starting at $79 per year.

Building Defense in Depth using the Full Spectrum of SQL Server Encryption Michael Keleher Database Administrator Hays Consultant at PwC.

We Need To Talk Security

The DBA Quit and now you’re it:

Presentation transcript:

Secure/Encrypt SQL Server Database With TDE Thomas Chan Secure/Encrypt SQL Server Database With TDE

Thanks Vendors

How am I ? I work for Virginia state as SQL DBA 18+ year in IT and since SQL 7 I love computer, database, Sid Meier's Civilization and The Battle of Polytopia

Agenda Where can I do data encryption ? Why encrypt database ? Where TDE act? How does it work ? SSMS user interface Pros and Cons ! Demos 

Where can I do encryption? SQL functions EncryptByKey, DecryptByKey SSL Bit Locker TDE

Why encrypt database ? Protect sensitive data against un-authorized lower level user (OS, virtual machine or storage) Compliance with standards and policies (business or legal)

Standards PCI DSS – financial/payment (credit card) HIPAA – health/medical FERPA – education and family Sarbanes-Oxley Act (SOX) – US corporation, accounting and communication PII – personal identifiable information

Where TDE act ? Database Engine TDE Decrypt Encrypt

What is TDE ? One more layer to protect data Encrypt at page level on the fly. It means data, log and backup files are encrypted Does not encrypt columns or connections Algorithm: AES 128, 192, 256 and Triple DES

Encryption Hierarchy Windows level: Data Protection API (DPAPI) SQL Instance level: master key and certificate Database level: database master key and encryption key

Encryption Hierarchy 2 Windows / OS SQL Instance Database

SSMS user interface

Pros and Cons PROS Encrypt database files: backup, transaction log and data files Protect data against lower level access like OS users Low performance cost It is transparent, no coding CONS Does not encrypt memory or file streams data Does not encrypt connections Must be SQL 2008+ enterprise or developer edition

Other considerations Always encrypt TempDB (pro or cons) Master key dependency (may use SQL EKM capability or EKM software) Works with high availability and disaster recovery options: failover clustering, mirroring and log shipping Replication data is not encrypted when it travels between servers (plain text) Is it work “well” with compression??

Demo Show the data and backup file before TDE in notepad Enable TDE Monitor enabling operation Restore database with TDE enabled in 2nd instance (VM02) Disable TDE TDE working with log shipping ?

SATA + 4200 rpm + 1 GB = 1 min 20 sec SCSI + 15000 rpm + SAN (redundancy disk/Raid 0) will be much faster

References Understanding TDE https://msdn.microsoft.com/en-us/library/bb934049(v=sql.120).aspx Extensible Key Management (EKM) https://msdn.microsoft.com/en-us/library/bb895340(v=sql.120).aspx Protecting SQL Server Data – John Magnabosco (free ebook from Red Gate) http://www.amazon.com/Protecting-Server-Data-John-Magnabosco/dp/1906434271

Questions ?