Hacking ExposéUsing SSL to Protect SQL Connections

Who Am I?•WaterOx Consulting

• SQL Server MVP

• Friend of Redgate

• PASSDC

• SQL Saturday DC & Nova Scotia

• SQL Summer Camp

What is Hacking?

How safe is your data?

Hacking / Cracking• Modifying computer hardware or software

• Accomplish goals outside of original purpose

Measures taken to protect your data• Primarily at rest

• In motion over the network• Not always the case

Easy to get tools

RawCap• Command line tool

• Run from USB

• Captures packets into a file for reference later

WireShark• GUI

• Captures packets as well

• Reads other capture files

Lots of others out there

DEMO

What to do?

SSL

Definition• Secure Socket Layer

• Standard security technology

• Provide communication security over network

• Encrypts data flowing between parties

• Primarily prevent eavesdropping and tampering

How SSL Works

1. Client attempts to connect to server

2. Server send client copy of certificate

3. Client confirms trust

4. Server sends back acknowledgement to start SSL Session

5. Encrypted data shared between client and server

Lockdown

Secure Your SQL Server Connection1. Create / Obtain SSL Certificate

2. Grant permissions to use certificate

3. Enable SSL in SQL Server

4. Connect

DEMO

No single solution

Data in motion• SSL – encrypt connections

• File encryption tools

Data at rest• TDE

• Column level encryption

Review

By default connections are not encrypted• Need to setup SSL (self signed minimum)

• Requires restart

• Encrypts data being transmitted

No one solution• Protect data in transit

• Protect data at rest

• Separation of duties

Contact

@CBellDBA

Chris@WaterOxConsulting.com