SlideShare una empresa de Scribd logo

Steve Jones - Encrypting Data

Descargar como PPT, PDF
Red Gate Software
Red Gate Software

Steve Jones - Encrypting Data @ SQL In The City, London

Tecnología
1 de 63
Encrypting Data in SQL Server Steve Jones Editor in Chief SQLServerCentral, Red Gate Software #sqlinthecity
Agenda • What is encryption? • Encryption in SQL Server • Communications • Transparent Data Encryption • Hashing • Keys • Symmetric Keys • Asymmetric Keys
• What is encryption? • Encryption in SQL Server • Communications • Transparent Data Encryption • Hashing • Keys • Symmetric Keys • Asymmetric Keys Agenda
What is Encryption?
encryption is the process of transforming information (referred to as plaintext) using an algorithm (called a cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information (in cryptography, referred to as ciphertext). - Wikipedia
Simple CiphersSimple Ciphers ABCDEFGHIJKLMNOPQRSTUVWXYZ DEFGHIJKLMNOPQRSTUVWXYZABC WKLV LV HQFUBSWHG
Simple Ciphers ABCDEFGHIJKLMNOPQRSTUVWXYZ DEFGHIJKLMNOPQRSTUVWXYZABC WKLV LV HQFUBSWHG THIS IS ENCRYPTED
Complex Encryption Results: ------------------------------------------- 0x00E2A26D824E22468392458DE6F450DA0100000025DE09E F3AD8D7C989E393BF9FE1368D04C1B9BEE086EFFDF6F77A F9E3A3B8142F23723D536C72C216D6F9B104A5E44A
Agenda • What is encryption? • Encryption in SQL Server • Communications • Transparent Data Encryption • Hashing • Keys • Symmetric Keys • Asymmetric Keys
Encryption in SQL Server Client SQL Server Instance Client file system Communication Link (the wire) SQL Server memory SQL Server data files Backup files
Encryption in SQL Server Client SQL Server Instance Client file system Communication Link (the wire) SQL Server data files Backup files SQL Server memory
Encryption in SQL Server Client SQL Server Instance Client file system Communication Link (the wire) SQL Server data files Backup files SL Server memory SQL Server memory
Encryption in SQL Server Client SQL Server Instance Client file system Communication Link (the wire) SQL Server memory SQL Server data files Backup files
Encryption in SQL Server Client SQL Server Instance Client file system Communication Link (the wire) SQL Server data files Backup files SQL Server memory
Encryption in SQL Server Client SQL Server Instance Client file system Communication Link (the wire) SQL Server data files Backup files SQL Server memory
Encryption in SQL Server Client SQL Server Instance Client file system Communication Link (the wire) SQL Server memory SQL Server data files Backup files
Encryption Hierarchy
Agenda • What is encryption? • Encryption in SQL Server • Communications • Transparent Data Encryption • Hashing • Keys • Symmetric Keys • Asymmetric Keys
Communications • Encrypt the connection to/from SQL Server – Encrypt “the wire” • Two options – SSL encryption from SQL Server – IPSec encryption at the Windows host network layer.
SSL Communications • Install certificate on SQL Server, set the FORCE ENCRYPTION options – Yes = required – No = client option • Certificate must be valid based on the system time • DO NOT USE SELF SIGNED CERTIFICATES • All rules in BOL – Encrypting Connections to SQL Server – How to: Enable Encrypted Connections to the Database Engine
Agenda • What is encryption? • Encryption in SQL Server • Communications • Transparent Data Encryption • Hashing • Keys • Symmetric Keys • Asymmetric Keys
Transparent Data Encryption • TDE introduced in SQL Server 2008 • Protects the data at rest by encrypting the data on disk. – The transaction log is encrypted – Backups are encrypted (can eliminate compression) – Tempdb is encrypted for all operations. – Replication data is not encrypted – Filestream data is not encrypted
Transparent Data Encryption • Implemented with a simple ALTER DATABASE command ALTER DATABASE AdventureWorks2008R2 SET ENCRYPTION ON; GO • Encryption is handled by the Database Encryption Key (DEK) • Requires a Database Master Key (DMK) and a Certificate to protect the DEK • Backups of the certificate protecting the DEK are necessary to restore a backup.
Transparent Data Encryption
Demo Transparent Data Encryption
Transparent Data Encryption • Overhead is < 5% • Enterprise Edition only (not BI edition) • Value? • Third Party Tools
Agenda • What is encryption? • Encryption in SQL Server • Communications • Transparent Data Encryption • Hashing • Keys • Symmetric Keys • Asymmetric Keys
Hashing • “A hash function is any algorithm or subroutine that maps large data sets, called keys, to smaller data sets.” - Wikipedia
Hashing • SQL Server uses the HASHBYTES functions • CHECKSUM() or BINARY_CHECKSUM() can also be used. • other implementations using .NET/CLR are better. (see Expert SQL Server Encryption, Michael Coles) • SQL Server 2012 adds SHA2_256 and SHA2_512 algorithms.
Demo Hashing
Hashing orEncryption • Hashing is not really encryption – Decryption is not supported (usually) • Hashing is deterministic, encryption is not • Hashing is quicker • In general, a hash of searchable data can be used to allow indexing of encrypted data. – Caveat – Only hash the portion of the encrypted data needed for searching, e.g. last four digits of a credit card number. • Choose the strongest algorithm available in your version. – SQL Server 2008 – SHA1 – SQL Server 2012 - SHA2_512
Agenda • What is encryption? • Encryption in SQL Server • Communications • Transparent Data Encryption • Hashing • Keys • Symmetric Keys • Asymmetric Keys
Keys • Multiple Keys in SQL Server – Service Master Key – Database Master Key – Database Encryption Key – Symmetric Keys – Asymmetric Keys – Certificates
The Encryption Hierarchy
Service MasterKey • Service Master Key = SMK • The Service Master Key is created when it is first needed. No CREATE DDL • Secured by Windows DPAPI (default) • Accessed by Service Account for database engine, or a principal with access to the service account name and password
Service MasterKey • Must be manually backed up. BACKUP SERVICE MASTER KEY • Must be restored in a DR situation to open other keys secured by this key (Database Master Keys) • Can be regenerated if necessary. – This can cause data loss • Encryption is now AES
Database MasterKey • Database Master Key = DMK • The Database Master Key is created by an administrator (CREATE/ALTER DDL) • This is secured by the SMK and a password (TripleDES encryption in 2008, AES in 2012) • This can be secured by password only (DROP ENCRYPTION BY SERVICE MASTER KEY option)
Database MasterKey • Backup and restore using DDL commands BACKUP MASTER KEY RESTORE MASTER KEY • OPEN/CLOSE manually if not protected by the SMK • Attach/restore of an encrypted database requires the password for the DMK • You can alter the DMK to add SMK encryption after attach/restore
Agenda • What is encryption? • Encryption in SQL Server • Communications • Transparent Data Encryption • Hashing • Keys • Symmetric Keys • Asymmetric Keys
Symmetric Encryption • Like a normal key lock • The key that encrypts the data also decrypts the data
Symmetric Keys • Symmetric Keys are created in a database and are always in that database (cannot be backed up/restored) • Symmetric Keys are deterministic, and can be duplicated with the same creation parameters. • Symmetric keys require less resources than asymmetric keys, but there is still an additional CPU load from their use.
Symmetric Keys • The identity value always generates the same GUID for the key. These must be unique in a session. • The KEY_SOURCE and IDENTITY can be used to recreate a key. If you choose the same ones, and the same algorithm, you’ll get the same key • You can, and should, secure these keys with asymmetric keys
Demo Symmetric Keys
Symmetric Keys • The algorithm used is stored in the header of the encrypted data. • You can generate temporary keys for encryption/decryption • CREATE SYMMETRIC KEY #MyTempKey • Encryption with passphrases uses symmetric keys (TripleDES)
Agenda • What is encryption? • Encryption in SQL Server • Communications • Transparent Data Encryption • Hashing • Keys • Symmetric Keys • Asymmetric Keys
Asymmetric Encryption • Asymmetric keys are unlike keys and locks in the real world. • Based on factoring very large prime numbers. • More secure than symmetric keys • Require more resources for encryption/decryption than symmetric keys
Asymmetric Encryption Now is the time for all good men to come to the aid of their country Asymmetric Algorithm Key 1 0x26CD66B61E50369C BBDB42F484237370E0 2238EEAE588E06D00F 8D0C6FAB5C48F68639 ABB4003564CFB48A4 1BA373CFA411E99D3 AB31A1B7CE40CB35 0x26CD66B61E50369C BBDB42F484237370E0 2238EEAE588E06D00F 8D0C6FAB5C48F68639 ABB4003564CFB48A4 1BA373CFA411E99D3 AB31A1B7CE40CB35 Asymmetric Algorithm Key 1 0xE7A518047A8D3836B 76006D9CE04DA2F803 607A57CD7F9EE855FC 3451EB02A076F28DD6 14BA841AC756E52CFE C4006746480C8204D57 9083C4AD0D627CAD24
Asymmetric Encryption Now is the time for all good men to come to the aid of their country Asymmetric Algorithm Key 1 0x26CD66B61E5036 9CBBDB42F4842373 70E02238EEAE588E 06D00F8D0C6FAB5 C48F68639ABB4003 564CFB48A41BA37 3CFA411E99D3AB3 1A1B7CE40CB35 0x26CD66B61E5036 9CBBDB42F4842373 70E02238EEAE588E 06D00F8D0C6FAB5 C48F68639ABB4003 564CFB48A41BA37 3CFA411E99D3AB3 1A1B7CE40CB35 Asymmetric Algorithm Key 2 Now is the time for all good men to come to the aid of their country
Asymmetric Encryption Key 1 – Private Key Key 2 – Public Key Keys 1 and 2 are paired and generated together. One is referred to as a private key and the other a public key. Only the user has the private key, but the public key is distributed to everyone
Asymmetric Encryption Now is the time for all good men to come to the aid of their country Asymmetric Algorithm Anyone encrypts with Steve’s Public Key 0x26CD66B61E50369 CBBDB42F484237370 E02238EEAE588E06D 00F8D0C6FAB5C48F6 8639ABB4003564CFB 48A41BA373CFA411E 99D3AB31A1B7CE40 CB35 0x26CD66B61E50369 CBBDB42F484237370 E02238EEAE588E06D 00F8D0C6FAB5C48F6 8639ABB4003564CFB 48A41BA373CFA411E 99D3AB31A1B7CE40 CB35 Asymmetric Algorithm Only Steve can decrypt with his private key Now is the time for all good men to come to the aid of their country
Asymmetric Encryption Now is the time for all good men to come to the aid of their country Asymmetric Algorithm Steve can encrypt with his private key 0x26CD66B61E50369 CBBDB42F484237370 E02238EEAE588E06D 00F8D0C6FAB5C48F6 8639ABB4003564CFB 48A41BA373CFA411E 99D3AB31A1B7CE40 CB35 0x26CD66B61E50369 CBBDB42F484237370 E02238EEAE588E06D 00F8D0C6FAB5C48F6 8639ABB4003564CFB 48A41BA373CFA411E 99D3AB31A1B7CE40 CB35 Asymmetric Algorithm Anyone can decrypt with Steve’s public key Now is the time for all good men to come to the aid of their country
Asymmetric Encryption Now is the time Steve can encrypt with his private key 0x26CD66B61E50369C BBDB42F48423737 Steve encrypts again with Andy’s Public Key 0x48385D8A87BD329FF 328E476BC234 0x26CD66B61E50369C BBDB42F48423737
Asymmetric Encryption 0x48385D8A87B D329FF328E476 BC234 Andy decrypts the outer message with his private key 0x26CD66B61E50369C BBDB42F48423737 Andy then decrypts with Steve’s Public key to verify the message is from Steve Now is the time0x26CD66B61E50369C BBDB42F48423737
Asymmetric Encryption • Use DDL to create asymmetric keys (CREATE/DROP/ALTER) • Can be created outside the server (FROM FILE option) – SN.exe (Visual Studio SDK) – Makecert (Windows SDK)
Asymmetric Encryption • You can encrypt an asymmetric key with a password. – This will be required for decryption – Not required for encryption • Asymmetric keys are usually used to encrypt symmetric keys, which encrypt the data. This balances security with resources • You can remove the private key (prevents decryption in that db).
Certificates • Certificates are asymmetric keys with additional metadata. • Expiration dates are not enforced by SQL Server – Administrators must decrypt/re-encrypt the data and remove the old certificates – Useful for marking the key rotation dates (query sys.certificates) • To restore certificates, use CREATE CERTIFICATE. • SQL Server 2012 increases the maximum certificate length to 4,096. • Always use the longest length you can.
Demo Asymmetric Encryption
Key Length • Use long keys • Use strong algorithms (MD5/SHA1 = bad) • DKIM attack on Google’s mail system* – 384 bit key cracked on high end laptop – 512 bit key cracked for ~$75 using AWS – 768 bit key could be cracked by large orgs – This changes all the time www.wired.com/threatlevel/2012/10/dkim-vulnerability-widespread/all/ 58
The End • Questions? • Don’t forget to fill out your feedback forms • Resources at the end of the PPT • www.sqlservercentral.com/forums • www.voiceofthedba.com/talks
References • Encryption - http://en.wikipedia.org/wiki/Encryption • Understanding TDE - http://msdn.microsoft.com/en-us/library/bb934049.aspx • Hash Function - http://en.wikipedia.org/wiki/Hash_function • Rainbow Tables - http://en.wikipedia.org/wiki/Rainbow_table • Transparent Data Encryption – https://www.simple-talk.com/sql/database-administration/transparent-data-encryption/ • How to enable/remove Transparent Data Encryption (TDE) - http://blogs.msdn.com/b/batuhanyildiz/archive/2012/10/16/how-to-enable-remove-transparent-data-encryption-tde. • Sys.database_encryption_keys - http://msdn.microsoft.com/en-us/library/bb677274.aspx • TDE and Backup Compression - http://sqlcat.com/sqlcat/b/technicalnotes/archive/2009/02/16/tuning-backup-compression-part-2.aspx • Encrypting Connections to SQL Server - http://msdn.microsoft.com/en-us/library/ms189067.aspx • ENCRYPTBYCERT - http://technet.microsoft.com/en-us/library/ms188061.aspx • DECRYPTBYKEY - http://technet.microsoft.com/en-us/library/ms181860.aspx • DECRYPTBYASYMKEY - http://technet.microsoft.com/en-us/library/ms189507.aspx • DECRYPTBYCERT - http://technet.microsoft.com/en-us/library/ms178601.aspx • DECRYPTBYKEYAUTOASYMKEY - http://technet.microsoft.com/en-us/library/ms365420.aspx • DECRYPTBYKEYAUTOCERT - http://technet.microsoft.com/en-us/library/ms182559.aspx
References • HASHBYTES - http://msdn.microsoft.com/en-us/library/ms174415.aspx • CHECKSUM() - http://msdn.microsoft.com/en-us/library/ms189788.aspx • BINARY_CHECKSUM() - http://msdn.microsoft.com/en-us/library/ms173784.aspx • Expert SQL Server Encryption - http://www.amazon.com/gp/product/1430224649? ie=UTF8&amp;tag=redgatsof- 20&amp;linkCode=as2&amp;camp=1789&amp;creative=9325&amp;creativeASIN=1430224649 • Data Hashing in SQL Server - http://blogs.msdn.com/b/sqlsecurity/archive/2011/08/26/data-hashing.aspx • CREATE ASYMMETRIC KEY - http://technet.microsoft.com/en-us/library/ms174430.aspx • ALTER ASYMMETRIC KEY - http://technet.microsoft.com/en-us/library/ms187311.aspx • CREATE CERTIFICATE - http://technet.microsoft.com/en-us/library/ms187798.aspx • ALTER CERTIFICATE - http://technet.microsoft.com/en-us/library/ms189511.aspx • BACKUP CERTIFICATE - http://technet.microsoft.com/en-us/library/ms178578.aspx • sys.certificates - http://technet.microsoft.com/en-us/library/ms189774.aspx • ENCRYPTBYPASSPHRASE - http://technet.microsoft.com/en-us/library/ms188910.aspx • ENCRYPTBYKEY - http://technet.microsoft.com/en-us/library/ms174361.aspx • ENCRYPTBYASYMKEY - http://technet.microsoft.com/en-us/library/ms186950.aspx
References • http://blogs.msdn.com/b/raulga/archive/2006/03/11/549754.aspx • Windows SDK (Makecert) - http://msdn.microsoft.com/en- us/windowsserver/bb980924.aspx • SN.EXE - http://msdn.microsoft.com/en-us/library/k5b5tt23.aspx • Subway Hacked - http://arstechnica.com/business/news/2011/12/how-hackers- gave-subway-a-30-million-lesson-in-point-of-sale-security.ars • Install SSL Certificate - http://blogs.msdn.com/b/jorgepc/archive/2008/02/19/enabling-certificates-for-ssl- connection-on-sql-server-2005-clustered-installation.aspx • Encrypting Connections to SQL Server - http://msdn.microsoft.com/en- us/library/ms189067.aspx • SQL Server 2005: A look at the master keys - part 2 - http://blogs.msdn.com/b/lcris/archive/2005/09/30/475822.aspx • Cryptography in SQL Server http://msdn.microsoft.com/en- us/library/cc837966%28v=sql.100%29.aspx • http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out- of-your-passwords/
Images • Enigma Machine - http://www.flickr.com/photos/badwsky/34164244/ • The Encryption Hierarchy from BOL - http://msdn.microsoft.com/en- US/library/ms189586%28v=SQL.90%29.aspx • Hashing Image - http://upload.wikimedia.org/wikipedia/commons/thumb/5/58/Hash_table_4_1_1_0_0_1_0_LL.svg/ 240px-Hash_table_4_1_1_0_0_1_0_LL.svg.png • TDE Structure - http://msdn.microsoft.com/en-us/library/bb934049.aspx

Recomendados

Using Vault for your Nodejs Secrets
Using Vault for your Nodejs SecretsUsing Vault for your Nodejs Secrets
Using Vault for your Nodejs SecretsTaswar Bhatti
 
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...DynamicInfraDays
 
Azure key vault - Brisbane User Group
Azure key vault - Brisbane User GroupAzure key vault - Brisbane User Group
Azure key vault - Brisbane User GroupRahul Nath
 
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultAzure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultTom Kerkhove
 
Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013javagroup2006
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultTom Kerkhove
 
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultTom Kerkhove
 
NoSQL Now! Webinar Series: Innovations in NoSQL Query Languages
NoSQL Now! Webinar Series: Innovations in NoSQL Query Languages NoSQL Now! Webinar Series: Innovations in NoSQL Query Languages
NoSQL Now! Webinar Series: Innovations in NoSQL Query Languages DATAVERSITY
 

Recomendados

Using Vault for your Nodejs Secrets
Using Vault for your Nodejs SecretsUsing Vault for your Nodejs Secrets
Using Vault for your Nodejs SecretsTaswar Bhatti
 
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...DynamicInfraDays
 
Azure key vault - Brisbane User Group
Azure key vault - Brisbane User GroupAzure key vault - Brisbane User Group
Azure key vault - Brisbane User GroupRahul Nath
 
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultAzure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultTom Kerkhove
 
Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013javagroup2006
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultTom Kerkhove
 
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultTom Kerkhove
 
NoSQL Now! Webinar Series: Innovations in NoSQL Query Languages
NoSQL Now! Webinar Series: Innovations in NoSQL Query Languages NoSQL Now! Webinar Series: Innovations in NoSQL Query Languages
NoSQL Now! Webinar Series: Innovations in NoSQL Query Languages DATAVERSITY
 
Techdays Finland 2018 - Building secure cloud applications with Azure Key Vault
Techdays Finland 2018 - Building secure cloud applications with Azure Key VaultTechdays Finland 2018 - Building secure cloud applications with Azure Key Vault
Techdays Finland 2018 - Building secure cloud applications with Azure Key VaultTom Kerkhove
 
NoSQL - No Security?
NoSQL - No Security?NoSQL - No Security?
NoSQL - No Security?Gavin Holt
 
NoSQL, no security?
NoSQL, no security?NoSQL, no security?
NoSQL, no security?wurbanski
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB DeploymentMongoDB
 
NoSQL, no SQL injections?
NoSQL, no SQL injections?NoSQL, no SQL injections?
NoSQL, no SQL injections?Wayne Huang
 
Designing software with security in mind?
Designing software with security in mind?Designing software with security in mind?
Designing software with security in mind?Omegapoint Academy
 
Elk its big log season
Elk its big log seasonElk its big log season
Elk its big log seasonEric Luellen
 
Windows 8 Apps and the Outside World
Windows 8 Apps and the Outside WorldWindows 8 Apps and the Outside World
Windows 8 Apps and the Outside WorldMicrosoft Developer Network (MSDN) - Belgium and Luxembourg
 
Designing software with security in mind
Designing software with security in mindDesigning software with security in mind
Designing software with security in mindOmegapoint Academy
 
Aruman Cassandra database
Aruman Cassandra databaseAruman Cassandra database
Aruman Cassandra databaseUmesh Dande
 
Arm yourself with Domain Driven Security. It's time to slay some security trolls
Arm yourself with Domain Driven Security. It's time to slay some security trollsArm yourself with Domain Driven Security. It's time to slay some security trolls
Arm yourself with Domain Driven Security. It's time to slay some security trollsOmegapoint Academy
 
Domain Driven Security Jfokus 2016
Domain Driven Security Jfokus 2016Domain Driven Security Jfokus 2016
Domain Driven Security Jfokus 2016Omegapoint Academy
 
SQL Server Column Based Encryption
SQL Server Column Based EncryptionSQL Server Column Based Encryption
SQL Server Column Based EncryptionDavid Dye
 
Getting Started with SQLite
Getting Started with SQLiteGetting Started with SQLite
Getting Started with SQLiteMindfire Solutions
 
Backup and Restore SQL Server Databases in Microsoft Azure
Backup and Restore SQL Server Databases in Microsoft AzureBackup and Restore SQL Server Databases in Microsoft Azure
Backup and Restore SQL Server Databases in Microsoft AzureDatavail
 
CIS 2015- Building IAM for OpenStack- Steve Martinelli
CIS 2015- Building IAM for OpenStack- Steve MartinelliCIS 2015- Building IAM for OpenStack- Steve Martinelli
CIS 2015- Building IAM for OpenStack- Steve MartinelliCloudIDSummit
 
44CON 2014 - Pentesting NoSQL DB's Using NoSQL Exploitation Framework, Franci...
44CON 2014 - Pentesting NoSQL DB's Using NoSQL Exploitation Framework, Franci...44CON 2014 - Pentesting NoSQL DB's Using NoSQL Exploitation Framework, Franci...
44CON 2014 - Pentesting NoSQL DB's Using NoSQL Exploitation Framework, Franci...44CON
 
Geek Sync | Detecting and Responding to Database Change - Brian Kelley | IDERA
Geek Sync | Detecting and Responding to Database Change - Brian Kelley | IDERAGeek Sync | Detecting and Responding to Database Change - Brian Kelley | IDERA
Geek Sync | Detecting and Responding to Database Change - Brian Kelley | IDERAIDERA Software
 
4aa5 3404
4aa5 34044aa5 3404
4aa5 3404Bloombase
 
SQL Server Encryption - Adi Cohn
SQL Server Encryption - Adi CohnSQL Server Encryption - Adi Cohn
SQL Server Encryption - Adi Cohnsqlserver.co.il
 
Understanding SQL Server 2016 Always Encrypted
Understanding SQL Server 2016 Always EncryptedUnderstanding SQL Server 2016 Always Encrypted
Understanding SQL Server 2016 Always EncryptedEd Leighton-Dick
 
Protecting Your Data with Encryption
Protecting Your Data with EncryptionProtecting Your Data with Encryption
Protecting Your Data with EncryptionEd Leighton-Dick
 

Más contenido relacionado

La actualidad más candente

Techdays Finland 2018 - Building secure cloud applications with Azure Key Vault
Techdays Finland 2018 - Building secure cloud applications with Azure Key VaultTechdays Finland 2018 - Building secure cloud applications with Azure Key Vault
Techdays Finland 2018 - Building secure cloud applications with Azure Key VaultTom Kerkhove
 
NoSQL - No Security?
NoSQL - No Security?NoSQL - No Security?
NoSQL - No Security?Gavin Holt
 
NoSQL, no security?
NoSQL, no security?NoSQL, no security?
NoSQL, no security?wurbanski
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB DeploymentMongoDB
 
NoSQL, no SQL injections?
NoSQL, no SQL injections?NoSQL, no SQL injections?
NoSQL, no SQL injections?Wayne Huang
 
Designing software with security in mind?
Designing software with security in mind?Designing software with security in mind?
Designing software with security in mind?Omegapoint Academy
 
Elk its big log season
Elk its big log seasonElk its big log season
Elk its big log seasonEric Luellen
 
Designing software with security in mind
Designing software with security in mindDesigning software with security in mind
Designing software with security in mindOmegapoint Academy
 
Aruman Cassandra database
Aruman Cassandra databaseAruman Cassandra database
Aruman Cassandra databaseUmesh Dande
 
Arm yourself with Domain Driven Security. It's time to slay some security trolls
Arm yourself with Domain Driven Security. It's time to slay some security trollsArm yourself with Domain Driven Security. It's time to slay some security trolls
Arm yourself with Domain Driven Security. It's time to slay some security trollsOmegapoint Academy
 
Domain Driven Security Jfokus 2016
Domain Driven Security Jfokus 2016Domain Driven Security Jfokus 2016
Domain Driven Security Jfokus 2016Omegapoint Academy
 
SQL Server Column Based Encryption
SQL Server Column Based EncryptionSQL Server Column Based Encryption
SQL Server Column Based EncryptionDavid Dye
 
Backup and Restore SQL Server Databases in Microsoft Azure
Backup and Restore SQL Server Databases in Microsoft AzureBackup and Restore SQL Server Databases in Microsoft Azure
Backup and Restore SQL Server Databases in Microsoft AzureDatavail
 
CIS 2015- Building IAM for OpenStack- Steve Martinelli
CIS 2015- Building IAM for OpenStack- Steve MartinelliCIS 2015- Building IAM for OpenStack- Steve Martinelli
CIS 2015- Building IAM for OpenStack- Steve MartinelliCloudIDSummit
 
44CON 2014 - Pentesting NoSQL DB's Using NoSQL Exploitation Framework, Franci...
44CON 2014 - Pentesting NoSQL DB's Using NoSQL Exploitation Framework, Franci...44CON 2014 - Pentesting NoSQL DB's Using NoSQL Exploitation Framework, Franci...
44CON 2014 - Pentesting NoSQL DB's Using NoSQL Exploitation Framework, Franci...44CON
 
Geek Sync | Detecting and Responding to Database Change - Brian Kelley | IDERA
Geek Sync | Detecting and Responding to Database Change - Brian Kelley | IDERAGeek Sync | Detecting and Responding to Database Change - Brian Kelley | IDERA
Geek Sync | Detecting and Responding to Database Change - Brian Kelley | IDERAIDERA Software
 
SQL Server Encryption - Adi Cohn
SQL Server Encryption - Adi CohnSQL Server Encryption - Adi Cohn
SQL Server Encryption - Adi Cohnsqlserver.co.il
 

La actualidad más candente (20)

Techdays Finland 2018 - Building secure cloud applications with Azure Key Vault
Techdays Finland 2018 - Building secure cloud applications with Azure Key VaultTechdays Finland 2018 - Building secure cloud applications with Azure Key Vault
Techdays Finland 2018 - Building secure cloud applications with Azure Key Vault
 
NoSQL - No Security?
NoSQL - No Security?NoSQL - No Security?
NoSQL - No Security?
 
NoSQL, no security?
NoSQL, no security?NoSQL, no security?
NoSQL, no security?
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB Deployment
 
NoSQL, no SQL injections?
NoSQL, no SQL injections?NoSQL, no SQL injections?
NoSQL, no SQL injections?
 
Designing software with security in mind?
Designing software with security in mind?Designing software with security in mind?
Designing software with security in mind?
 
Elk its big log season
Elk its big log seasonElk its big log season
Elk its big log season
 
Windows 8 Apps and the Outside World
Windows 8 Apps and the Outside WorldWindows 8 Apps and the Outside World
Windows 8 Apps and the Outside World
 
Designing software with security in mind
Designing software with security in mindDesigning software with security in mind
Designing software with security in mind
 
Aruman Cassandra database
Aruman Cassandra databaseAruman Cassandra database
Aruman Cassandra database
 
Arm yourself with Domain Driven Security. It's time to slay some security trolls
Arm yourself with Domain Driven Security. It's time to slay some security trollsArm yourself with Domain Driven Security. It's time to slay some security trolls
Arm yourself with Domain Driven Security. It's time to slay some security trolls
 
Domain Driven Security Jfokus 2016
Domain Driven Security Jfokus 2016Domain Driven Security Jfokus 2016
Domain Driven Security Jfokus 2016
 
SQL Server Column Based Encryption
SQL Server Column Based EncryptionSQL Server Column Based Encryption
SQL Server Column Based Encryption
 
Getting Started with SQLite
Getting Started with SQLiteGetting Started with SQLite
Getting Started with SQLite
 
Backup and Restore SQL Server Databases in Microsoft Azure
Backup and Restore SQL Server Databases in Microsoft AzureBackup and Restore SQL Server Databases in Microsoft Azure
Backup and Restore SQL Server Databases in Microsoft Azure
 
CIS 2015- Building IAM for OpenStack- Steve Martinelli
CIS 2015- Building IAM for OpenStack- Steve MartinelliCIS 2015- Building IAM for OpenStack- Steve Martinelli
CIS 2015- Building IAM for OpenStack- Steve Martinelli
 
44CON 2014 - Pentesting NoSQL DB's Using NoSQL Exploitation Framework, Franci...
44CON 2014 - Pentesting NoSQL DB's Using NoSQL Exploitation Framework, Franci...44CON 2014 - Pentesting NoSQL DB's Using NoSQL Exploitation Framework, Franci...
44CON 2014 - Pentesting NoSQL DB's Using NoSQL Exploitation Framework, Franci...
 
Geek Sync | Detecting and Responding to Database Change - Brian Kelley | IDERA
Geek Sync | Detecting and Responding to Database Change - Brian Kelley | IDERAGeek Sync | Detecting and Responding to Database Change - Brian Kelley | IDERA
Geek Sync | Detecting and Responding to Database Change - Brian Kelley | IDERA
 
4aa5 3404
4aa5 34044aa5 3404
4aa5 3404
 
SQL Server Encryption - Adi Cohn
SQL Server Encryption - Adi CohnSQL Server Encryption - Adi Cohn
SQL Server Encryption - Adi Cohn
 

Similar a Steve Jones - Encrypting Data

Understanding SQL Server 2016 Always Encrypted
Understanding SQL Server 2016 Always EncryptedUnderstanding SQL Server 2016 Always Encrypted
Understanding SQL Server 2016 Always EncryptedEd Leighton-Dick
 
Protecting Your Data with Encryption
Protecting Your Data with EncryptionProtecting Your Data with Encryption
Protecting Your Data with EncryptionEd Leighton-Dick
 
The Spy Who Loathed Me - An Intro to SQL Server Security
The Spy Who Loathed Me - An Intro to SQL Server SecurityThe Spy Who Loathed Me - An Intro to SQL Server Security
The Spy Who Loathed Me - An Intro to SQL Server SecurityChris Bell
 
Extracting Credentials From Windows
Extracting Credentials From WindowsExtracting Credentials From Windows
Extracting Credentials From WindowsNetSPI
 
Secure360 - Extracting Password from Windows
Secure360 - Extracting Password from WindowsSecure360 - Extracting Password from Windows
Secure360 - Extracting Password from WindowsScott Sutherland
 
Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]SISA Information Security Pvt.Ltd
 
Isaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditingIsaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditingAntonios Chatzipavlis
 
Breaking out of crypto authentication
Breaking out of crypto authenticationBreaking out of crypto authentication
Breaking out of crypto authenticationMohammed Adam
 
MySQL Data Encryption at Rest
MySQL Data Encryption at RestMySQL Data Encryption at Rest
MySQL Data Encryption at RestMydbops
 
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Amazon Web Services
 
Securing your azure web app with asp.net core data protection
Securing your azure web app with asp.net core data protectionSecuring your azure web app with asp.net core data protection
Securing your azure web app with asp.net core data protectionMike Melusky
 
comp security lab.ppsx
comp security lab.ppsxcomp security lab.ppsx
comp security lab.ppsxDesuWajana
 
Data Security Essentials for Cloud Computing - JavaOne 2013
Data Security Essentials for Cloud Computing - JavaOne 2013Data Security Essentials for Cloud Computing - JavaOne 2013
Data Security Essentials for Cloud Computing - JavaOne 2013javagroup2006
 
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptxUNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptxssuserd5e356
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 

Similar a Steve Jones - Encrypting Data (20)

Understanding SQL Server 2016 Always Encrypted
Understanding SQL Server 2016 Always EncryptedUnderstanding SQL Server 2016 Always Encrypted
Understanding SQL Server 2016 Always Encrypted
 
Protecting Your Data with Encryption
Protecting Your Data with EncryptionProtecting Your Data with Encryption
Protecting Your Data with Encryption
 
Presentation
PresentationPresentation
Presentation
 
Key management
Key managementKey management
Key management
 
The Spy Who Loathed Me - An Intro to SQL Server Security
The Spy Who Loathed Me - An Intro to SQL Server SecurityThe Spy Who Loathed Me - An Intro to SQL Server Security
The Spy Who Loathed Me - An Intro to SQL Server Security
 
Extracting Credentials From Windows
Extracting Credentials From WindowsExtracting Credentials From Windows
Extracting Credentials From Windows
 
Secure360 - Extracting Password from Windows
Secure360 - Extracting Password from WindowsSecure360 - Extracting Password from Windows
Secure360 - Extracting Password from Windows
 
Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]
 
Isaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditingIsaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditing
 
Breaking out of crypto authentication
Breaking out of crypto authenticationBreaking out of crypto authentication
Breaking out of crypto authentication
 
MySQL Data Encryption at Rest
MySQL Data Encryption at RestMySQL Data Encryption at Rest
MySQL Data Encryption at Rest
 
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
 
Securing your azure web app with asp.net core data protection
Securing your azure web app with asp.net core data protectionSecuring your azure web app with asp.net core data protection
Securing your azure web app with asp.net core data protection
 
AWS Key Management
AWS Key ManagementAWS Key Management
AWS Key Management
 
comp security lab.ppsx
comp security lab.ppsxcomp security lab.ppsx
comp security lab.ppsx
 
Data Security Essentials for Cloud Computing - JavaOne 2013
Data Security Essentials for Cloud Computing - JavaOne 2013Data Security Essentials for Cloud Computing - JavaOne 2013
Data Security Essentials for Cloud Computing - JavaOne 2013
 
Crypto academy
Crypto academyCrypto academy
Crypto academy
 
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptxUNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
 
fengmei.ppt
fengmei.pptfengmei.ppt
fengmei.ppt
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
 

Más de Red Gate Software

The future of DevOps: fully left-shifted deployments with version control and...
The future of DevOps: fully left-shifted deployments with version control and...The future of DevOps: fully left-shifted deployments with version control and...
The future of DevOps: fully left-shifted deployments with version control and...Red Gate Software
 
Embracing DevOps through database migrations with Flyway
Embracing DevOps through database migrations with FlywayEmbracing DevOps through database migrations with Flyway
Embracing DevOps through database migrations with FlywayRed Gate Software
 
Database DevOps for Managed Service Providers
Database DevOps for Managed Service ProvidersDatabase DevOps for Managed Service Providers
Database DevOps for Managed Service ProvidersRed Gate Software
 
Mizuho Financial: Launching our Database DevOps journey
Mizuho Financial: Launching our Database DevOps journeyMizuho Financial: Launching our Database DevOps journey
Mizuho Financial: Launching our Database DevOps journeyRed Gate Software
 
7 steps to effective SQL Server monitoring
7 steps to effective SQL Server monitoring7 steps to effective SQL Server monitoring
7 steps to effective SQL Server monitoringRed Gate Software
 
Level up your deployments for SQL Source Control
Level up your deployments for SQL Source Control Level up your deployments for SQL Source Control
Level up your deployments for SQL Source Control Red Gate Software
 
Key findings from the 2020 state of database dev ops report
Key findings from the 2020 state of database dev ops reportKey findings from the 2020 state of database dev ops report
Key findings from the 2020 state of database dev ops reportRed Gate Software
 
Extend DevOps to Your SQL Server Databases
Extend DevOps to Your SQL Server DatabasesExtend DevOps to Your SQL Server Databases
Extend DevOps to Your SQL Server DatabasesRed Gate Software
 
What we learned at PASS Summit in 2019
What we learned at PASS Summit in 2019What we learned at PASS Summit in 2019
What we learned at PASS Summit in 2019Red Gate Software
 
Quality in Software Development: Anglia Ruskin University
Quality in Software Development: Anglia Ruskin UniversityQuality in Software Development: Anglia Ruskin University
Quality in Software Development: Anglia Ruskin UniversityRed Gate Software
 
How SQL Change Automation helps you deliver value faster
How SQL Change Automation helps you deliver value fasterHow SQL Change Automation helps you deliver value faster
How SQL Change Automation helps you deliver value fasterRed Gate Software
 
DevOps essentials from Abel Wang and Steve Jones
DevOps essentials from Abel Wang and Steve JonesDevOps essentials from Abel Wang and Steve Jones
DevOps essentials from Abel Wang and Steve JonesRed Gate Software
 
Successfully migrating existing databases to Azure
Successfully migrating existing databases to AzureSuccessfully migrating existing databases to Azure
Successfully migrating existing databases to AzureRed Gate Software
 
The Ultimate Guide to Choosing and Implementing the Right Monitoring Tool
The Ultimate Guide to Choosing and Implementing the Right Monitoring ToolThe Ultimate Guide to Choosing and Implementing the Right Monitoring Tool
The Ultimate Guide to Choosing and Implementing the Right Monitoring ToolRed Gate Software
 
Everything You Need to Know About the 2019 DORA Accelerate State of DevOps Re...
Everything You Need to Know About the 2019 DORA Accelerate State of DevOps Re...Everything You Need to Know About the 2019 DORA Accelerate State of DevOps Re...
Everything You Need to Know About the 2019 DORA Accelerate State of DevOps Re...Red Gate Software
 
Using Redgate, AKS and Azure to bring DevOps to your database
Using Redgate, AKS and Azure to bring DevOps to your databaseUsing Redgate, AKS and Azure to bring DevOps to your database
Using Redgate, AKS and Azure to bring DevOps to your databaseRed Gate Software
 
Using Redgate, AKS and Azure to bring DevOps to your Database
Using Redgate, AKS and Azure to bring DevOps to your DatabaseUsing Redgate, AKS and Azure to bring DevOps to your Database
Using Redgate, AKS and Azure to bring DevOps to your DatabaseRed Gate Software
 
How to Pitch a Software Development Initiative and Ignite Culture Change
How to Pitch a Software Development Initiative and Ignite Culture ChangeHow to Pitch a Software Development Initiative and Ignite Culture Change
How to Pitch a Software Development Initiative and Ignite Culture ChangeRed Gate Software
 

Más de Red Gate Software (20)

The future of DevOps: fully left-shifted deployments with version control and...
The future of DevOps: fully left-shifted deployments with version control and...The future of DevOps: fully left-shifted deployments with version control and...
The future of DevOps: fully left-shifted deployments with version control and...
 
Embracing DevOps through database migrations with Flyway
Embracing DevOps through database migrations with FlywayEmbracing DevOps through database migrations with Flyway
Embracing DevOps through database migrations with Flyway
 
Database DevOps for Managed Service Providers
Database DevOps for Managed Service ProvidersDatabase DevOps for Managed Service Providers
Database DevOps for Managed Service Providers
 
Mizuho Financial: Launching our Database DevOps journey
Mizuho Financial: Launching our Database DevOps journeyMizuho Financial: Launching our Database DevOps journey
Mizuho Financial: Launching our Database DevOps journey
 
7 steps to effective SQL Server monitoring
7 steps to effective SQL Server monitoring7 steps to effective SQL Server monitoring
7 steps to effective SQL Server monitoring
 
Level up your deployments for SQL Source Control
Level up your deployments for SQL Source Control Level up your deployments for SQL Source Control
Level up your deployments for SQL Source Control
 
Key findings from the 2020 state of database dev ops report
Key findings from the 2020 state of database dev ops reportKey findings from the 2020 state of database dev ops report
Key findings from the 2020 state of database dev ops report
 
Extend DevOps to Your SQL Server Databases
Extend DevOps to Your SQL Server DatabasesExtend DevOps to Your SQL Server Databases
Extend DevOps to Your SQL Server Databases
 
2019 year in review slides
2019 year in review slides2019 year in review slides
2019 year in review slides
 
What we learned at PASS Summit in 2019
What we learned at PASS Summit in 2019What we learned at PASS Summit in 2019
What we learned at PASS Summit in 2019
 
Quality in Software Development: Anglia Ruskin University
Quality in Software Development: Anglia Ruskin UniversityQuality in Software Development: Anglia Ruskin University
Quality in Software Development: Anglia Ruskin University
 
How SQL Change Automation helps you deliver value faster
How SQL Change Automation helps you deliver value fasterHow SQL Change Automation helps you deliver value faster
How SQL Change Automation helps you deliver value faster
 
DevOps essentials from Abel Wang and Steve Jones
DevOps essentials from Abel Wang and Steve JonesDevOps essentials from Abel Wang and Steve Jones
DevOps essentials from Abel Wang and Steve Jones
 
Successfully migrating existing databases to Azure
Successfully migrating existing databases to AzureSuccessfully migrating existing databases to Azure
Successfully migrating existing databases to Azure
 
The Ultimate Guide to Choosing and Implementing the Right Monitoring Tool
The Ultimate Guide to Choosing and Implementing the Right Monitoring ToolThe Ultimate Guide to Choosing and Implementing the Right Monitoring Tool
The Ultimate Guide to Choosing and Implementing the Right Monitoring Tool
 
Everything You Need to Know About the 2019 DORA Accelerate State of DevOps Re...
Everything You Need to Know About the 2019 DORA Accelerate State of DevOps Re...Everything You Need to Know About the 2019 DORA Accelerate State of DevOps Re...
Everything You Need to Know About the 2019 DORA Accelerate State of DevOps Re...
 
Using Redgate, AKS and Azure to bring DevOps to your database
Using Redgate, AKS and Azure to bring DevOps to your databaseUsing Redgate, AKS and Azure to bring DevOps to your database
Using Redgate, AKS and Azure to bring DevOps to your database
 
Using Redgate, AKS and Azure to bring DevOps to your Database
Using Redgate, AKS and Azure to bring DevOps to your DatabaseUsing Redgate, AKS and Azure to bring DevOps to your Database
Using Redgate, AKS and Azure to bring DevOps to your Database
 
How to Pitch a Software Development Initiative and Ignite Culture Change
How to Pitch a Software Development Initiative and Ignite Culture ChangeHow to Pitch a Software Development Initiative and Ignite Culture Change
How to Pitch a Software Development Initiative and Ignite Culture Change
 
Taming the Wild West
Taming the Wild West Taming the Wild West
Taming the Wild West
 

Último

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 

Último (20)

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 

Steve Jones - Encrypting Data

  • 1. Encrypting Data in SQL Server Steve Jones Editor in Chief SQLServerCentral, Red Gate Software #sqlinthecity
  • 2. Agenda • What is encryption? • Encryption in SQL Server • Communications • Transparent Data Encryption • Hashing • Keys • Symmetric Keys • Asymmetric Keys
  • 3. • What is encryption? • Encryption in SQL Server • Communications • Transparent Data Encryption • Hashing • Keys • Symmetric Keys • Asymmetric Keys Agenda
  • 5. encryption is the process of transforming information (referred to as plaintext) using an algorithm (called a cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information (in cryptography, referred to as ciphertext). - Wikipedia
  • 9. Agenda • What is encryption? • Encryption in SQL Server • Communications • Transparent Data Encryption • Hashing • Keys • Symmetric Keys • Asymmetric Keys
  • 10. Encryption in SQL Server Client SQL Server Instance Client file system Communication Link (the wire) SQL Server memory SQL Server data files Backup files
  • 11. Encryption in SQL Server Client SQL Server Instance Client file system Communication Link (the wire) SQL Server data files Backup files SQL Server memory
  • 12. Encryption in SQL Server Client SQL Server Instance Client file system Communication Link (the wire) SQL Server data files Backup files SL Server memory SQL Server memory
  • 13. Encryption in SQL Server Client SQL Server Instance Client file system Communication Link (the wire) SQL Server memory SQL Server data files Backup files
  • 14. Encryption in SQL Server Client SQL Server Instance Client file system Communication Link (the wire) SQL Server data files Backup files SQL Server memory
  • 15. Encryption in SQL Server Client SQL Server Instance Client file system Communication Link (the wire) SQL Server data files Backup files SQL Server memory
  • 16. Encryption in SQL Server Client SQL Server Instance Client file system Communication Link (the wire) SQL Server memory SQL Server data files Backup files
  • 18. Agenda • What is encryption? • Encryption in SQL Server • Communications • Transparent Data Encryption • Hashing • Keys • Symmetric Keys • Asymmetric Keys
  • 19. Communications • Encrypt the connection to/from SQL Server – Encrypt “the wire” • Two options – SSL encryption from SQL Server – IPSec encryption at the Windows host network layer.
  • 20. SSL Communications • Install certificate on SQL Server, set the FORCE ENCRYPTION options – Yes = required – No = client option • Certificate must be valid based on the system time • DO NOT USE SELF SIGNED CERTIFICATES • All rules in BOL – Encrypting Connections to SQL Server – How to: Enable Encrypted Connections to the Database Engine
  • 21. Agenda • What is encryption? • Encryption in SQL Server • Communications • Transparent Data Encryption • Hashing • Keys • Symmetric Keys • Asymmetric Keys
  • 22. Transparent Data Encryption • TDE introduced in SQL Server 2008 • Protects the data at rest by encrypting the data on disk. – The transaction log is encrypted – Backups are encrypted (can eliminate compression) – Tempdb is encrypted for all operations. – Replication data is not encrypted – Filestream data is not encrypted
  • 23. Transparent Data Encryption • Implemented with a simple ALTER DATABASE command ALTER DATABASE AdventureWorks2008R2 SET ENCRYPTION ON; GO • Encryption is handled by the Database Encryption Key (DEK) • Requires a Database Master Key (DMK) and a Certificate to protect the DEK • Backups of the certificate protecting the DEK are necessary to restore a backup.
  • 26. Transparent Data Encryption • Overhead is < 5% • Enterprise Edition only (not BI edition) • Value? • Third Party Tools
  • 27. Agenda • What is encryption? • Encryption in SQL Server • Communications • Transparent Data Encryption • Hashing • Keys • Symmetric Keys • Asymmetric Keys
  • 28. Hashing • “A hash function is any algorithm or subroutine that maps large data sets, called keys, to smaller data sets.” - Wikipedia
  • 29. Hashing • SQL Server uses the HASHBYTES functions • CHECKSUM() or BINARY_CHECKSUM() can also be used. • other implementations using .NET/CLR are better. (see Expert SQL Server Encryption, Michael Coles) • SQL Server 2012 adds SHA2_256 and SHA2_512 algorithms.
  • 31. Hashing orEncryption • Hashing is not really encryption – Decryption is not supported (usually) • Hashing is deterministic, encryption is not • Hashing is quicker • In general, a hash of searchable data can be used to allow indexing of encrypted data. – Caveat – Only hash the portion of the encrypted data needed for searching, e.g. last four digits of a credit card number. • Choose the strongest algorithm available in your version. – SQL Server 2008 – SHA1 – SQL Server 2012 - SHA2_512
  • 32. Agenda • What is encryption? • Encryption in SQL Server • Communications • Transparent Data Encryption • Hashing • Keys • Symmetric Keys • Asymmetric Keys
  • 33. Keys • Multiple Keys in SQL Server – Service Master Key – Database Master Key – Database Encryption Key – Symmetric Keys – Asymmetric Keys – Certificates
  • 35. Service MasterKey • Service Master Key = SMK • The Service Master Key is created when it is first needed. No CREATE DDL • Secured by Windows DPAPI (default) • Accessed by Service Account for database engine, or a principal with access to the service account name and password
  • 36. Service MasterKey • Must be manually backed up. BACKUP SERVICE MASTER KEY • Must be restored in a DR situation to open other keys secured by this key (Database Master Keys) • Can be regenerated if necessary. – This can cause data loss • Encryption is now AES
  • 37. Database MasterKey • Database Master Key = DMK • The Database Master Key is created by an administrator (CREATE/ALTER DDL) • This is secured by the SMK and a password (TripleDES encryption in 2008, AES in 2012) • This can be secured by password only (DROP ENCRYPTION BY SERVICE MASTER KEY option)
  • 38. Database MasterKey • Backup and restore using DDL commands BACKUP MASTER KEY RESTORE MASTER KEY • OPEN/CLOSE manually if not protected by the SMK • Attach/restore of an encrypted database requires the password for the DMK • You can alter the DMK to add SMK encryption after attach/restore
  • 39. Agenda • What is encryption? • Encryption in SQL Server • Communications • Transparent Data Encryption • Hashing • Keys • Symmetric Keys • Asymmetric Keys
  • 40. Symmetric Encryption • Like a normal key lock • The key that encrypts the data also decrypts the data
  • 41. Symmetric Keys • Symmetric Keys are created in a database and are always in that database (cannot be backed up/restored) • Symmetric Keys are deterministic, and can be duplicated with the same creation parameters. • Symmetric keys require less resources than asymmetric keys, but there is still an additional CPU load from their use.
  • 42. Symmetric Keys • The identity value always generates the same GUID for the key. These must be unique in a session. • The KEY_SOURCE and IDENTITY can be used to recreate a key. If you choose the same ones, and the same algorithm, you’ll get the same key • You can, and should, secure these keys with asymmetric keys
  • 44. Symmetric Keys • The algorithm used is stored in the header of the encrypted data. • You can generate temporary keys for encryption/decryption • CREATE SYMMETRIC KEY #MyTempKey • Encryption with passphrases uses symmetric keys (TripleDES)
  • 45. Agenda • What is encryption? • Encryption in SQL Server • Communications • Transparent Data Encryption • Hashing • Keys • Symmetric Keys • Asymmetric Keys
  • 46. Asymmetric Encryption • Asymmetric keys are unlike keys and locks in the real world. • Based on factoring very large prime numbers. • More secure than symmetric keys • Require more resources for encryption/decryption than symmetric keys
  • 47. Asymmetric Encryption Now is the time for all good men to come to the aid of their country Asymmetric Algorithm Key 1 0x26CD66B61E50369C BBDB42F484237370E0 2238EEAE588E06D00F 8D0C6FAB5C48F68639 ABB4003564CFB48A4 1BA373CFA411E99D3 AB31A1B7CE40CB35 0x26CD66B61E50369C BBDB42F484237370E0 2238EEAE588E06D00F 8D0C6FAB5C48F68639 ABB4003564CFB48A4 1BA373CFA411E99D3 AB31A1B7CE40CB35 Asymmetric Algorithm Key 1 0xE7A518047A8D3836B 76006D9CE04DA2F803 607A57CD7F9EE855FC 3451EB02A076F28DD6 14BA841AC756E52CFE C4006746480C8204D57 9083C4AD0D627CAD24
  • 48. Asymmetric Encryption Now is the time for all good men to come to the aid of their country Asymmetric Algorithm Key 1 0x26CD66B61E5036 9CBBDB42F4842373 70E02238EEAE588E 06D00F8D0C6FAB5 C48F68639ABB4003 564CFB48A41BA37 3CFA411E99D3AB3 1A1B7CE40CB35 0x26CD66B61E5036 9CBBDB42F4842373 70E02238EEAE588E 06D00F8D0C6FAB5 C48F68639ABB4003 564CFB48A41BA37 3CFA411E99D3AB3 1A1B7CE40CB35 Asymmetric Algorithm Key 2 Now is the time for all good men to come to the aid of their country
  • 49. Asymmetric Encryption Key 1 – Private Key Key 2 – Public Key Keys 1 and 2 are paired and generated together. One is referred to as a private key and the other a public key. Only the user has the private key, but the public key is distributed to everyone
  • 50. Asymmetric Encryption Now is the time for all good men to come to the aid of their country Asymmetric Algorithm Anyone encrypts with Steve’s Public Key 0x26CD66B61E50369 CBBDB42F484237370 E02238EEAE588E06D 00F8D0C6FAB5C48F6 8639ABB4003564CFB 48A41BA373CFA411E 99D3AB31A1B7CE40 CB35 0x26CD66B61E50369 CBBDB42F484237370 E02238EEAE588E06D 00F8D0C6FAB5C48F6 8639ABB4003564CFB 48A41BA373CFA411E 99D3AB31A1B7CE40 CB35 Asymmetric Algorithm Only Steve can decrypt with his private key Now is the time for all good men to come to the aid of their country
  • 51. Asymmetric Encryption Now is the time for all good men to come to the aid of their country Asymmetric Algorithm Steve can encrypt with his private key 0x26CD66B61E50369 CBBDB42F484237370 E02238EEAE588E06D 00F8D0C6FAB5C48F6 8639ABB4003564CFB 48A41BA373CFA411E 99D3AB31A1B7CE40 CB35 0x26CD66B61E50369 CBBDB42F484237370 E02238EEAE588E06D 00F8D0C6FAB5C48F6 8639ABB4003564CFB 48A41BA373CFA411E 99D3AB31A1B7CE40 CB35 Asymmetric Algorithm Anyone can decrypt with Steve’s public key Now is the time for all good men to come to the aid of their country
  • 52. Asymmetric Encryption Now is the time Steve can encrypt with his private key 0x26CD66B61E50369C BBDB42F48423737 Steve encrypts again with Andy’s Public Key 0x48385D8A87BD329FF 328E476BC234 0x26CD66B61E50369C BBDB42F48423737
  • 53. Asymmetric Encryption 0x48385D8A87B D329FF328E476 BC234 Andy decrypts the outer message with his private key 0x26CD66B61E50369C BBDB42F48423737 Andy then decrypts with Steve’s Public key to verify the message is from Steve Now is the time0x26CD66B61E50369C BBDB42F48423737
  • 54. Asymmetric Encryption • Use DDL to create asymmetric keys (CREATE/DROP/ALTER) • Can be created outside the server (FROM FILE option) – SN.exe (Visual Studio SDK) – Makecert (Windows SDK)
  • 55. Asymmetric Encryption • You can encrypt an asymmetric key with a password. – This will be required for decryption – Not required for encryption • Asymmetric keys are usually used to encrypt symmetric keys, which encrypt the data. This balances security with resources • You can remove the private key (prevents decryption in that db).
  • 56. Certificates • Certificates are asymmetric keys with additional metadata. • Expiration dates are not enforced by SQL Server – Administrators must decrypt/re-encrypt the data and remove the old certificates – Useful for marking the key rotation dates (query sys.certificates) • To restore certificates, use CREATE CERTIFICATE. • SQL Server 2012 increases the maximum certificate length to 4,096. • Always use the longest length you can.
  • 58. Key Length • Use long keys • Use strong algorithms (MD5/SHA1 = bad) • DKIM attack on Google’s mail system* – 384 bit key cracked on high end laptop – 512 bit key cracked for ~$75 using AWS – 768 bit key could be cracked by large orgs – This changes all the time www.wired.com/threatlevel/2012/10/dkim-vulnerability-widespread/all/ 58
  • 59. The End • Questions? • Don’t forget to fill out your feedback forms • Resources at the end of the PPT • www.sqlservercentral.com/forums • www.voiceofthedba.com/talks
  • 60. References • Encryption - http://en.wikipedia.org/wiki/Encryption • Understanding TDE - http://msdn.microsoft.com/en-us/library/bb934049.aspx • Hash Function - http://en.wikipedia.org/wiki/Hash_function • Rainbow Tables - http://en.wikipedia.org/wiki/Rainbow_table • Transparent Data Encryption – https://www.simple-talk.com/sql/database-administration/transparent-data-encryption/ • How to enable/remove Transparent Data Encryption (TDE) - http://blogs.msdn.com/b/batuhanyildiz/archive/2012/10/16/how-to-enable-remove-transparent-data-encryption-tde. • Sys.database_encryption_keys - http://msdn.microsoft.com/en-us/library/bb677274.aspx • TDE and Backup Compression - http://sqlcat.com/sqlcat/b/technicalnotes/archive/2009/02/16/tuning-backup-compression-part-2.aspx • Encrypting Connections to SQL Server - http://msdn.microsoft.com/en-us/library/ms189067.aspx • ENCRYPTBYCERT - http://technet.microsoft.com/en-us/library/ms188061.aspx • DECRYPTBYKEY - http://technet.microsoft.com/en-us/library/ms181860.aspx • DECRYPTBYASYMKEY - http://technet.microsoft.com/en-us/library/ms189507.aspx • DECRYPTBYCERT - http://technet.microsoft.com/en-us/library/ms178601.aspx • DECRYPTBYKEYAUTOASYMKEY - http://technet.microsoft.com/en-us/library/ms365420.aspx • DECRYPTBYKEYAUTOCERT - http://technet.microsoft.com/en-us/library/ms182559.aspx
  • 61. References • HASHBYTES - http://msdn.microsoft.com/en-us/library/ms174415.aspx • CHECKSUM() - http://msdn.microsoft.com/en-us/library/ms189788.aspx • BINARY_CHECKSUM() - http://msdn.microsoft.com/en-us/library/ms173784.aspx • Expert SQL Server Encryption - http://www.amazon.com/gp/product/1430224649? ie=UTF8&amp;tag=redgatsof- 20&amp;linkCode=as2&amp;camp=1789&amp;creative=9325&amp;creativeASIN=1430224649 • Data Hashing in SQL Server - http://blogs.msdn.com/b/sqlsecurity/archive/2011/08/26/data-hashing.aspx • CREATE ASYMMETRIC KEY - http://technet.microsoft.com/en-us/library/ms174430.aspx • ALTER ASYMMETRIC KEY - http://technet.microsoft.com/en-us/library/ms187311.aspx • CREATE CERTIFICATE - http://technet.microsoft.com/en-us/library/ms187798.aspx • ALTER CERTIFICATE - http://technet.microsoft.com/en-us/library/ms189511.aspx • BACKUP CERTIFICATE - http://technet.microsoft.com/en-us/library/ms178578.aspx • sys.certificates - http://technet.microsoft.com/en-us/library/ms189774.aspx • ENCRYPTBYPASSPHRASE - http://technet.microsoft.com/en-us/library/ms188910.aspx • ENCRYPTBYKEY - http://technet.microsoft.com/en-us/library/ms174361.aspx • ENCRYPTBYASYMKEY - http://technet.microsoft.com/en-us/library/ms186950.aspx
  • 62. References • http://blogs.msdn.com/b/raulga/archive/2006/03/11/549754.aspx • Windows SDK (Makecert) - http://msdn.microsoft.com/en- us/windowsserver/bb980924.aspx • SN.EXE - http://msdn.microsoft.com/en-us/library/k5b5tt23.aspx • Subway Hacked - http://arstechnica.com/business/news/2011/12/how-hackers- gave-subway-a-30-million-lesson-in-point-of-sale-security.ars • Install SSL Certificate - http://blogs.msdn.com/b/jorgepc/archive/2008/02/19/enabling-certificates-for-ssl- connection-on-sql-server-2005-clustered-installation.aspx • Encrypting Connections to SQL Server - http://msdn.microsoft.com/en- us/library/ms189067.aspx • SQL Server 2005: A look at the master keys - part 2 - http://blogs.msdn.com/b/lcris/archive/2005/09/30/475822.aspx • Cryptography in SQL Server http://msdn.microsoft.com/en- us/library/cc837966%28v=sql.100%29.aspx • http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out- of-your-passwords/
  • 63. Images • Enigma Machine - http://www.flickr.com/photos/badwsky/34164244/ • The Encryption Hierarchy from BOL - http://msdn.microsoft.com/en- US/library/ms189586%28v=SQL.90%29.aspx • Hashing Image - http://upload.wikimedia.org/wikipedia/commons/thumb/5/58/Hash_table_4_1_1_0_0_1_0_LL.svg/ 240px-Hash_table_4_1_1_0_0_1_0_LL.svg.png • TDE Structure - http://msdn.microsoft.com/en-us/library/bb934049.aspx

Notas del editor

  1. What is encryption? The image is the Enigma Machine from WWII.
  2. From Wikipedia
  3. A simple cipher, known as a substitution or rotation cipher. In this case, this is a ROT4. The bottom line is an encrypted string. The top line is the plain text line, and the second line is used to encrypt or decrypt the data.
  4. And the decryption
  5. Here is a more complex encryption using a symmetric key in T-SQL.
  6. Here is the essential link between a client and server. The client has a computer, with a file system and connect to the SQL Server instance across some communication link (the wire). The data in SQL Server is available in its memory (for querying, manipulating, etc.). The data gets stored on disk drives in the data files, and then is copied to backup files, either on disk or tape.
  7. We can’t do much about the client file system. If clients copy/paste data into a text file, spreadsheet, etc., we lose control. Even if they take an image of the screen, they can store data unprotected on their local file system
  8. We can’t do a lot to encrypt things on the client as that’s where we really need data decrypted so the client can read it.
  9. We can encrypt the wire, using SSL communication in SQL Server, or some higher level tunneling like IPSec.
  10. We can encrypt data in SQL Server’s memory. Not completely, but we can use one of our encryption methods to ensure that queries require keys to return the plaintext.
  11. If we use keys, we also have encryption of the data on the data files, or we have the option of using Transparent Data Encryption
  12. As with the data files, we can encrypt the backup files as well.
  13. Create unencrypted db. Detach. View with hex editor. Encrypt, detach, view.