Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 400
  • Last Modified:

Server Data Security in case of stolen server

Hello,

I have a client who is concerned with someone breaking in to their office and stealing their server and then being able to get access to the data.   The server uses Active Directory and a SQL database.  The database by software design uses authentication access.

I know there are tools that allow someone to reset the password to the domain administrator, etc.. and then get to the data.

Is there any good way to reduce this risk in the case of someone stealing the server?

If yes, does it take a big performance hit in regards to disk i/o?
0
tucktech
Asked:
tucktech
  • 3
  • 2
3 Solutions
 
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
For Windows Server, you can use BitLocker.

For SQL, one "built in" possibility is Transparent Data Encryption, which will require the Enterprise Edition of SQL, and you'll need to be very careful with certificates and keys.

In both cases, I'd strongly suggest reading up on the features, implementations and recovery... and be aware that you'll need to keep the private keys for the certificates safe.

And yes, with any encryption, there will be performance hit, but it'll usually be mostly CPU.
0
 
McKnifeCommented:
The performance hit is nearly unnoticable for bitlocker, and if the whole/partition drive is encrypted, why use additional SQL encryption?
But be aware that for secure encyrption, you need a concept. Turning on bitlocker is not as easy as it seems. Bitlocker ("BL") should not run in transparent mode (which requires a TPM chip, by the way), but should require authentication. As servers normally should reboot "hands-free", this creates a new problem: how to provide the key?

We can solve like this: use a script to unlock the BL-encyrpted drive. Place that script on another, physically better secured server's share and have task scheduler start it. When the server is stolen, the script is not accessible and the drive stays locked.
0
 
tucktechAuthor Commented:
Thanks, are there any suggested guides or best practices on bitlocker that you would recommend?

Like the idea of the share and automatic task scheduler to keep it automatic and only available if both devices are available to each other.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
McKnifeCommented:
Just learn the syntax of manage-bde.exe
That's all you need. Put it in a batch file and there you go.
No best practices. My method requires the policy"require additional startup key" to be activated.
Of course that method can only be used for non-OS partitions.
0
 
tucktechAuthor Commented:
Seems simple enough....
0
 
McKnifeCommented:
If you need more help, just say, we have used this for years.
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now