Solved

Securing SQL Server 2012

Posted on 2013-11-16
6
268 Views
Last Modified: 2013-11-22
Hey guys!!

I must secure a sqlserver database.  I've read quite a bit about certificates and key but being a newbie to security I'm lost.

I am using 2005 express and 2012 express.

Any help would certainly be appreciated.

Thanks,
Jerry
0
Comment
Question by:JDL129
  • 3
  • 3
6 Comments
 
LVL 11

Expert Comment

by:Technodweeb
Comment Utility
Securing the server can mean a lot of things. You mention certificates in your question which is really encryption, not really security. Are you trying to simply encrypt the database or are you trying to prevent access? Or both?
0
 

Author Comment

by:JDL129
Comment Utility
Technodweeb!!!!!  Thanks for the post!!

My main goal is to prevent access to files with patient medical information that are contained in a sql server 2005 express database.  How would be the best way to go about it?

Sorry I'm late answering but the bank screwed up my account and EE was not able to process my payment.

Thanks again!!

Jerry
0
 
LVL 11

Expert Comment

by:Technodweeb
Comment Utility
With medical information you need to study up on HIPPA Compliance. I cannot advise you on this topic. As for good first steps to safeguard your data would be to store things that are sensitive in an encrypted fashion as you were speaking of initially.

For the best performance, you could encrypt the data before placing it into the data fields. This would happen on-the-fly and each computer in the network would never feel the performance hit. The other way to do it would be to encrypt the tables in the SQL database itself which will be a much bigger performance hit as every transaction would require an encryption or decryption process to occur. This requires Express 2005 or greater which you have. The only other option would be to encrypt the file system where the database files reside, but this will be even more of a performance hit as every filesystem read and write will be affected.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:JDL129
Comment Utility
Thanks for the post!!!!

How would I go about encrypting the data before placing it into the data fields and also how would I go about decrypting it when I read it back into the database.

THANKS!!!!

Jerry
0
 
LVL 11

Accepted Solution

by:
Technodweeb earned 500 total points
Comment Utility
That option would be useful to you if you were the developer of the application. Since you asked this question, I can assume that you are not the app developer.

So you are trying to prevent a person that might have copied the DB file from accessing the data within?

This means that you would need to use the methods found here:
http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&sqi=2&ved=0CEYQFjAB&url=http%3A%2F%2Fdownload.microsoft.com%2Fdownload%2F4%2F7%2Fa%2F47a548b9-249e-484c-abd7-29f31282b04d%2FSQLEncryption.doc&ei=5HePUtzcEJDg2wXnwoAQ&usg=AFQjCNHkAVvzLfb_qaOaqJxvVNiQCqDcHg&sig2=U9lVlHLj8HZu7qyXISYF2w&bvm=bv.56988011,d.b2I&cad=rjt

I would make certain you have an excellent and verified backup before you do anything with encryption. One ooops factor will render your DB useless. Practice this process on a standalone instance, even on another machine or better yet, in a virtual machine, this way you can test and if it does not work you can rollback and do it again till you get it right.
0
 

Author Closing Comment

by:JDL129
Comment Utility
WONDERFUL!!!
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Slowly Changing Dimension Transformation component in data task flow is very useful for us to manage and control how data changes in SSIS.
The Delta outage: 650 cancelled flights, more than 1200 delayed flights, thousands of frustrated customers, tens of millions of dollars in damages – plus untold reputational damage to one of the world’s most trusted airlines. All due to a catastroph…
Using examples as well as descriptions, and references to Books Online, show the documentation available for date manipulation functions and by using a select few of these functions, show how date based data can be manipulated with these functions.
Viewers will learn how to use the SELECT statement in SQL to return specific rows and columns, with various degrees of sorting and limits in place.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now