Your SlideShare is downloading. ×
SQL Server Encryption - Adi Cohn
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

SQL Server Encryption - Adi Cohn

1,740
views

Published on

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,740
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
60
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Adi Cohn - SRL Group Encryption with SQL Server 2008
  • 2. Agenda
    • Types of encryptions and there uses
    • Price of encryption
    • Basic terms
    • Key management types
    • Encryption and permissions
    • Restoring database to a different server
    • Working with TDE
  • 3. Types of encryption
    • SQL Server 2008 supports 2 completely different types of encryptions:
      • Cell level encryption – Encrypts part of the data
      • DB level encryption – Encrypts the whole DB
  • 4. Cell level Encryption
    • The encryption is “statement based”. The insert/update statements are responsible to encrypt the data and select statement has to decrypt the data.
    • Any application that works with the database has to be designed to work with the encryption and decryption mechanism
    • The developers and the DBA have many options to choose from and lots of control over the encryption mechanism
  • 5. Database level encryption
    • The whole database is encrypted.
    • The encryption and decryption is transparent to the applications.
    • Used to protect from file theft (data or backup), log shipping or mirroring
    • DBA and developers don’t have many configuration options and control on the encryption process.
  • 6. “ Price” of encryption
    • Encryption and decryption adds more CPU usage
    • Encrypted data takes much more disk space then the original data
    • SQL Server can not use index seek on encrypted data.
  • 7. Basic terms
    • Encryption – Conversion of clear data into scrambled data that has to be modified in order to make scenes. The encrypted data also referred as chipertext.
    • Decryption – Transforming of the encrypted data into its original state. Decrypted data also referred as cleartext.
  • 8. Basic terms
    • Key – The mechanism that is used in order encrypt and decrypt the data.
      • Symmetric key – The same key is used for encrypting and decrypting the data (also known as shared key).
      • Asymmetric key – Different keys are used to encrypt or decrypt the data (Also known as private and public keys).
    • Symmetric mechanism works faster then asymmetric mechanism, but is considered a weaker mechanism then asymmetric mechanism.
  • 9. Basic terms
    • Certificate – An electronic document that contains asymmetric keys with identifying information about its owner and the CA that issued the certificate
  • 10. Key management
    • SQL Server uses 3 types of key management:
      • External key management – SQL Server 2008 introduced the ability to use an external application to manage the keys.
      • Encrypt by password – The user supplies a password for key generating, and the keys are managed independently
      • SQL internal hierarchical mechanism – There are few layers of key management that are structured as hierarchy. Each key is depended on a key in a layer above
  • 11. Encryption hierarchy
  • 12. 4 Ways to encrypt and decrypt the data
    • SQL Server suports 4 mechanisim to encrypt data:
      • Encryption by PassPhrase
      • Encryption by symmetric key
      • Encryption by asymmetric key
      • Encryption by certificates
  • 13. Demo1 encrypting and decrypting columns
  • 14. Security Considerations
    • In reality unlike in the demo, there are security considerations. Users need to get permissions to use the keys.
    • Unfortunately there isn’t a direct way to grant permission only to encrypt andor decrypt the data
    • In order to limit the usage of the keys we’ll need to implement our own code.
  • 15. Demo 2 – Implementing security
  • 16. Moving an encrypted DB (column level)
    • Sometimes there is a need to move the database to a new server
    • Keys that were encrypted by password can be used immediately
    • Before using keys that are managed by SQL Server, we need to modify the database master key
  • 17. Demo 3 – Moving the database to a different instance
  • 18. Transparent database encryption
    • TDE can be done only on SQL Server 2008 Enterprise edition
    • Before configuring TDE we have to
      • create asymmetric keys or certificate
      • Create a database encryption key
    • It is important to backup the all the certificates and keys that were used to configure the TDE
  • 19.
    • After we created the database encryption key we need to run alter database statement
    • While the database is being encrypted, users can still work with it
    • We can monitor encryption’s progress with sys.dm_database_encryption_keys
  • 20. Demo 4 – Using TDE
  • 21. Thank you for listening [email_address]

×