Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure SQL Database with TDE Thomas Chan SQL Saturday 445 - Raleigh.

Published byAdele Johns Modified over 8 years ago

Similar presentations

Presentation on theme: "Secure SQL Database with TDE Thomas Chan SQL Saturday 445 - Raleigh."— Presentation transcript:

1 Secure SQL Database with TDE Thomas Chan SQL Saturday 445 - Raleigh

2 Thanks Vendors

3 How am I ?  Work for Virginia.gov as SQL DBA.  18+ year in IT.  Love computer, database and Sid Meier's Civilization.

4 Agenda  Why encrypt database ?  Where can I encrypt SQL database ?  What is TDE ?  How does it work ?  Pros and Cons !  Demos

5 Why encrypt database ?  Protect sensitive data against un-authorized user (OS and data store).  Compliance with standards and policies (business or legal).

6 Standards  PCI DSS – financial/payment (credit card).  HIPAA – health/medical.  FERPA – education and family.  Sarbanes-Oxley Act (SOX) – US corporation, accounting and communication.  PII – personal identifiable information.

7 Where can I encrypt SQL data(base) ? SQL functions TDE SSL

8 What is TDE ? Database TDE

9 What is TDE ?  One more layer to protect data.  Encrypt at page level on the fly. It means data, log and backup files are encrypted.  Does not encrypt columns or connections.  Algorithm: AES 128, 192, 256 and Triple DES

10 Encryption Hierarchy  Windows level: Data Protection API (DPAPI)  SQL Instance level: master key and certificate  Database level: database master key and encryption key

11 Encryption Hierarchy 2 SQL Instance Windows / OS Database

12 Encryption Hierarchy 3

13 Pros and Cons  Encrypt database files: backup, transaction log and data files  Protect data against lower level access like OS users  Low performance cost  It is transparent, no coding  Does not encrypt memory or file streams data  Does not encrypt connections  Must have SQL 2008+ enterprise or developer edition PROS CONS

14 Other considerations  Always encrypt TempDB (pro or cons)  Master key dependency (may use SQL EKM capability or EKM software)  Works with high availability and disaster recovery options: failover clustering, mirroring and log shipping  Replication data is not encrypted when it travels between servers (plain text)  Does not work “well” with compression

15 Demo  Enable TDE  Disable TDE  Show data and backup file before and after in notepad  Monitor enabling operation  Restore database with TDE enabled in 2 nd instance  TDE working with log shipping

16 Demo 3  Sata 5400 rpm  1 GB  1 min 20 sec  SCSI 15000 rpm  much faster

17 Reference  Understanding TDE https://msdn.microsoft.com/en- us/library/bb934049(v=sql.120).aspx  Protecting SQL Server Data – John Magnabosco http://www.amazon.com/Protecting-Server-Data-John- Magnabosco/dp/1906434271  Extensible Key Management (EKM) https://msdn.microsoft.com/en- us/library/bb895340(v=sql.120).aspx

18 Questions ?

Download ppt "Secure SQL Database with TDE Thomas Chan SQL Saturday 445 - Raleigh."

Similar presentations

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
Oracle Database Security

Oracle Database Security
FlareCo Ltd ALTER DATABASE AdventureWorks SET PARTNER FORCE_SERVICE_ALLOW_DATA_LOSS Slide 1.

FlareCo Ltd ALTER DATABASE AdventureWorks SET PARTNER FORCE_SERVICE_ALLOW_DATA_LOSS Slide 1.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
On-Premises VM Microsoft builds both SQL Server and Microsoft Azure Thus it can provide end-to-end experiences that are optimized and use.

On-Premises VM Microsoft builds both SQL Server and Microsoft Azure Thus it can provide end-to-end experiences that are optimized and use.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, Java Version, Third Edition.

Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, Java Version, Third Edition.
Gavin Payne Transparent Data Encryption The Hows, Whys and Whens.

Gavin Payne Transparent Data Encryption The Hows, Whys and Whens.
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.
Notes: Update as of 12/31/2010 inclusive. Chart counts NIST CVE – Reported Software Flaws by “published” date, utilizing the NIST NVD. SQL Server.

Notes: Update as of 12/31/2010 inclusive. Chart counts NIST CVE – Reported Software Flaws by “published” date, utilizing the NIST NVD. SQL Server.
Module 14: Scalability and High Availability. Overview Key high availability features available in Oracle and SQL Server Key scalability features available.

Module 14: Scalability and High Availability. Overview Key high availability features available in Oracle and SQL Server Key scalability features available.
BARBARIN DAVID SQL Server Senior Consultant Pragmantic SA SQL Server Denali : New administration features.

BARBARIN DAVID SQL Server Senior Consultant Pragmantic SA SQL Server Denali : New administration features.
Mobility Methods for document access while away from the office.

Mobility Methods for document access while away from the office.
November 2009 Network Disaster Recovery October 2014.

November 2009 Network Disaster Recovery October 2014.
Chapter 10 : Designing a SQL Server 2005 Solution for High Availability MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design.

Chapter 10 : Designing a SQL Server 2005 Solution for High Availability MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design.
Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 

Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 
Data Management Conference Data Security for Audit and Compliance Terry Room Architect, Microsoft Ltd London September 29th.

Data Management Conference Data Security for Audit and Compliance Terry Room Architect, Microsoft Ltd London September 29th.
Roy Ernest Database Administrator Pinnacle Sports Worldwide SQL Server 2008 Transparent Data Encryption.

Roy Ernest Database Administrator Pinnacle Sports Worldwide SQL Server 2008 Transparent Data Encryption.
Sofia, Bulgaria | 9-10 October SQL Server 2005 High Availability for developers Vladimir Tchalkov Crossroad Ltd. Vladimir Tchalkov Crossroad Ltd.

Sofia, Bulgaria | 9-10 October SQL Server 2005 High Availability for developers Vladimir Tchalkov Crossroad Ltd. Vladimir Tchalkov Crossroad Ltd.
DATABASE MIRRORING  Mirroring is mainly implemented for increasing the database availability.  Is configured on a Database level.  Mainly involves two.

DATABASE MIRRORING  Mirroring is mainly implemented for increasing the database availability.  Is configured on a Database level.  Mainly involves two.
Rajib Kundu Agenda Definitions Failover Cluster Database Snapshots Log shipping Database Mirroring.

Rajib Kundu Agenda Definitions Failover Cluster Database Snapshots Log shipping Database Mirroring.

Similar presentations

Ads by Google