Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.
COURSE of the MONTH
13 days, 14 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Securing SQL Server 2012
Posted on 2013-11-16
Hey guys!!
I must secure a sqlserver database. I've read quite a bit about certificates and key but being a newbie to security I'm lost.
I am using 2005 express and 2012 express.
Any help would certainly be appreciated.
Thanks,
Jerry
I must secure a sqlserver database. I've read quite a bit about certificates and key but being a newbie to security I'm lost.
I am using 2005 express and 2012 express.
Any help would certainly be appreciated.
Thanks,
Jerry
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
3-
3
6 Comments
Securing the server can mean a lot of things. You mention certificates in your question which is really encryption, not really security. Are you trying to simply encrypt the database or are you trying to prevent access? Or both?
Technodweeb!!!!! Thanks for the post!!
My main goal is to prevent access to files with patient medical information that are contained in a sql server 2005 express database. How would be the best way to go about it?
Sorry I'm late answering but the bank screwed up my account and EE was not able to process my payment.
Thanks again!!
Jerry
My main goal is to prevent access to files with patient medical information that are contained in a sql server 2005 express database. How would be the best way to go about it?
Sorry I'm late answering but the bank screwed up my account and EE was not able to process my payment.
Thanks again!!
Jerry
With medical information you need to study up on HIPPA Compliance. I cannot advise you on this topic. As for good first steps to safeguard your data would be to store things that are sensitive in an encrypted fashion as you were speaking of initially.
For the best performance, you could encrypt the data before placing it into the data fields. This would happen on-the-fly and each computer in the network would never feel the performance hit. The other way to do it would be to encrypt the tables in the SQL database itself which will be a much bigger performance hit as every transaction would require an encryption or decryption process to occur. This requires Express 2005 or greater which you have. The only other option would be to encrypt the file system where the database files reside, but this will be even more of a performance hit as every filesystem read and write will be affected.
For the best performance, you could encrypt the data before placing it into the data fields. This would happen on-the-fly and each computer in the network would never feel the performance hit. The other way to do it would be to encrypt the tables in the SQL database itself which will be a much bigger performance hit as every transaction would require an encryption or decryption process to occur. This requires Express 2005 or greater which you have. The only other option would be to encrypt the file system where the database files reside, but this will be even more of a performance hit as every filesystem read and write will be affected.
Thanks for the post!!!!
How would I go about encrypting the data before placing it into the data fields and also how would I go about decrypting it when I read it back into the database.
THANKS!!!!
Jerry
How would I go about encrypting the data before placing it into the data fields and also how would I go about decrypting it when I read it back into the database.
THANKS!!!!
Jerry
That option would be useful to you if you were the developer of the application. Since you asked this question, I can assume that you are not the app developer.
So you are trying to prevent a person that might have copied the DB file from accessing the data within?
This means that you would need to use the methods found here:
http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&sqi=2&ved=0CEYQFjAB&url=http%3A%2F%2Fdownload.microsoft.com%2Fdownload%2F4%2F7%2Fa%2F47a548b9-249e-484c-abd7-29f31282b04d%2FSQLEncryption.doc&ei=5HePUtzcEJDg2wXnwoAQ&usg=AFQjCNHkAVvzLfb_qaOaqJxvVNiQCqDcHg&sig2=U9lVlHLj8HZu7qyXISYF2w&bvm=bv.56988011,d.b2I&cad=rjt
I would make certain you have an excellent and verified backup before you do anything with encryption. One ooops factor will render your DB useless. Practice this process on a standalone instance, even on another machine or better yet, in a virtual machine, this way you can test and if it does not work you can rollback and do it again till you get it right.
So you are trying to prevent a person that might have copied the DB file from accessing the data within?
This means that you would need to use the methods found here:
http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&sqi=2&ved=0CEYQFjAB&url=http%3A%2F%2Fdownload.microsoft.com%2Fdownload%2F4%2F7%2Fa%2F47a548b9-249e-484c-abd7-29f31282b04d%2FSQLEncryption.doc&ei=5HePUtzcEJDg2wXnwoAQ&usg=AFQjCNHkAVvzLfb_qaOaqJxvVNiQCqDcHg&sig2=U9lVlHLj8HZu7qyXISYF2w&bvm=bv.56988011,d.b2I&cad=rjt
I would make certain you have an excellent and verified backup before you do anything with encryption. One ooops factor will render your DB useless. Practice this process on a standalone instance, even on another machine or better yet, in a virtual machine, this way you can test and if it does not work you can rollback and do it again till you get it right.
Featured Post
Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat. The purpose of this eBook is to educate the reader about ransomware attacks.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
This article shows gives you an overview on SQL Server 2016 row level security. You will also get to know the usages of row-level-security and how it works
Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
Via a live example, show how to extract insert data into a SQL Server database table using the Import/Export option and Bulk Insert.
The Email Laundry PDF encryption service allows companies to send confidential encrypted emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses
Course of the Month13 days, 14 hours left to enroll
801 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.