Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Hacking Exposé - Using SSL to Secure SQL Server Connections


Published on

Are you someone (A DBA, Developer, etc) that connects to SQL Server to use data? You probably hear a lot about how protected your database can be when at rest. But what about when you connect to SQL and start running some queries? Using a simple hacking technique we will dig into some packets on our network and see what's in them. You may be shocked! Then we will create a self-signed SSL certificate, use it to encrypt our connections on the SQL Server, and see the actual changes in the packet as hackers would.

Demo scripts and processes not included in great detail with the slide deck. Some presentation notes are included.

Published in: Technology
  • Login to see the comments

  • Be the first to like this

Hacking Exposé - Using SSL to Secure SQL Server Connections

  1. 1. Hacking ExposéUsing SSL to Protect SQL Connections
  2. 2. Who Am I? • WaterOx Consulting • SQL Server MVP • Friend of Redgate • PASSDC • SQL Saturday DC & Nova Scotia • SQL Summer Camp
  3. 3. What is Hacking?
  4. 4. How safe is your data? Hacking / Cracking • Modifying computer hardware or software • Accomplish goals outside of original purpose Measures taken to protect your data • Primarily at rest • In motion over the network • Not always the case
  5. 5. Easy to get tools RawCap • Command line tool • Run from USB • Captures packets into a file for reference later WireShark • GUI • Captures packets as well • Reads other capture files Lots of others out there
  6. 6. DEMO
  7. 7. What to do?
  8. 8. SSL Definition • Secure Socket Layer • Standard security technology • Provide communication security over network • Encrypts data flowing between parties • Primarily prevent eavesdropping and tampering
  9. 9. How SSL Works 1. Client attempts to connect to server 2. Server send client copy of certificate 3. Client confirms trust 4. Server sends back acknowledgement to start SSL Session 5. Encrypted data shared between client and server
  10. 10. Lockdown
  11. 11. Secure Your SQL Server Connection 1. Create / Obtain SSL Certificate 2. Grant permissions to use certificate 3. Enable SSL in SQL Server 4. Connect
  12. 12. DEMO
  13. 13. No single solution Data in motion • SSL – encrypt connections • File encryption tools Data at rest • TDE • Column level encryption
  14. 14. Review By default connections are not encrypted • Need to setup SSL (self signed minimum) • Requires restart • Encrypts data being transmitted No one solution • Protect data in transit • Protect data at rest • Separation of duties
  15. 15. Con tac t @CBellDBA