Security Basics mailing list archives
Re: Encrypting MS SQL databases
From: PCSC Information Services <info () pcsage biz>
Date: Fri, 11 Aug 2006 09:24:44 -0400
Hi Martin,There are many approaches to encryption available these days. Rather than considering encrypting the data 'inside' the application perhaps it might be easier for all concerned to encrypt the files instead. This would ensure that only the appropriate credentials could gain access to the replicated databases. If the data is extremely sensitive I would be remiss in not mentioning a two factor authentication mechanism. While this is somewhat more difficult for your end-users, the added security is quickly becoming a de-facto standard for
business critical applications and services.Knowing that IT budgets are often strained these days, it might be efficacious for you to consider truecrypt (http://www.truecrypt.org/) for these needs. The product is free and open source and works on most MS Windows OS and Linux (which also opens up BSDs) The documentation is quite good, and given its price it would allow you to quickly resolve the situation without an added
budget requirement. Good luck with your work on this effort. Sincerely, Sean Swayze info AT pcsage DOT biz On 11-Aug-06, at 5:37 AM, MARTIN Benoni wrote:
Hi list ! I'm currently working on a solution needing to perform replications between MS SQL Server databases: there will be a central database and several laptops connecting to it. The replications will occur on the laptops, so they will have all the data on them, including sensitive data.So I will need to encrypt the data in their databases, and AFAIK, MS SQLserver 2K does not have encryption tools included. So I will be looking for a tool that: - will not be a millstone around people's neck :) (having 5 more logins/passwords to know just because of the encryption) - will be strong enough to not panic if a laptop is stolen :) Any clue will be appreciated !---------------------------------------------------------------------- -----This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree,without disrupting your career or home life. http://www.msia.norwich.edu/secfocus---------------------------------------------------------------------- -----
--------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Encrypting MS SQL databases MARTIN Benoni (Aug 11)
- Re: Encrypting MS SQL databases Lars Solberg (Aug 14)
- Re: Encrypting MS SQL databases Saqib Ali (Aug 14)
- Re: Encrypting MS SQL databases PCSC Information Services (Aug 14)
- Re: Encrypting MS SQL databases Hylton Conacher(ZR1HPC) (Aug 15)
- Re: Encrypting MS SQL databases Bruno Guedes Souto (Aug 17)
- <Possible follow-ups>
- RE: Encrypting MS SQL databases MARTIN Benoni (Aug 14)
- Re: RE: Encrypting MS SQL databases krymson (Aug 15)