hacking exposé - using ssl to secure sql server connections
TRANSCRIPT
Who Am I?•WaterOx Consulting
• SQL Server MVP
• Friend of Redgate
• PASSDC
• SQL Saturday DC & Nova Scotia
• SQL Summer Camp
How safe is your data?
Hacking / Cracking• Modifying computer hardware or software
• Accomplish goals outside of original purpose
Measures taken to protect your data• Primarily at rest
• In motion over the network• Not always the case
Easy to get tools
RawCap• Command line tool
• Run from USB
• Captures packets into a file for reference later
WireShark• GUI
• Captures packets as well
• Reads other capture files
Lots of others out there
SSL
Definition• Secure Socket Layer
• Standard security technology
• Provide communication security over network
• Encrypts data flowing between parties
• Primarily prevent eavesdropping and tampering
How SSL Works
1. Client attempts to connect to server
2. Server send client copy of certificate
3. Client confirms trust
4. Server sends back acknowledgement to start SSL Session
5. Encrypted data shared between client and server
Secure Your SQL Server Connection1. Create / Obtain SSL Certificate
2. Grant permissions to use certificate
3. Enable SSL in SQL Server
4. Connect
No single solution
Data in motion• SSL – encrypt connections
• File encryption tools
Data at rest• TDE
• Column level encryption
Review
By default connections are not encrypted• Need to setup SSL (self signed minimum)
• Requires restart
• Encrypts data being transmitted
No one solution• Protect data in transit
• Protect data at rest
• Separation of duties