Re: Encrypting MS SQL databases

[PCSC Information Services <info () pcsage biz>]

Hi Martin,

There are many approaches to encryption available these days. Rather  
than
considering encrypting the data 'inside' the application perhaps it  
might be
easier for all concerned to encrypt the files instead. This would  
ensure that
only the appropriate credentials could gain access to the replicated  
databases.
If the data is extremely sensitive I would be remiss in not  
mentioning a two
factor authentication mechanism. While this is somewhat more  
difficult for your
end-users, the added security is quickly becoming a de-facto standard  
for
business critical applications and services.
Knowing that IT budgets are often strained these days, it might be  
efficacious
for you to consider truecrypt (http://www.truecrypt.org/) for these  
needs. The
product is free and open source and works on most MS Windows OS and  
Linux
(which also opens up BSDs) The documentation is quite good, and given  
its
price it would allow you to quickly resolve the situation without an  
added
budget requirement. Good luck with your work on this effort.

Sincerely,

Sean Swayze
info AT pcsage DOT biz



On 11-Aug-06, at 5:37 AM, MARTIN Benoni wrote:

> Hi list !
>
> I'm currently working on a solution needing to perform replications
> between MS SQL Server databases: there will be a central database and
> several laptops connecting to it. The replications will occur on the
> laptops, so they will have all the data on them, including sensitive
> data.
>
> So I will need to encrypt the data in their databases, and AFAIK,  
> MS SQL
> server 2K does not have encryption tools included.
>
> So I will be looking for a tool that:
> - will not be a millstone around people's neck :) (having 5 more
> logins/passwords to know just because of the encryption)
> - will be strong enough to not panic if a laptop is stolen :)
>
> Any clue will be appreciated !
>
> ---------------------------------------------------------------------- 
> -----
> This list is sponsored by: Norwich University
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The NSA has designated Norwich University a center of Academic  
> Excellence
> in Information Security. Our program offers unparalleled Infosec  
> management
> education and the case study affords you unmatched consulting  
> experience.
> Using interactive e-Learning technology, you can earn this esteemed  
> degree,
> without disrupting your career or home life.
>
> http://www.msia.norwich.edu/secfocus
> ---------------------------------------------------------------------- 
> -----


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------