Solved

Server Data Security in case of stolen server

Posted on 2014-04-18
6
385 Views
Last Modified: 2014-04-21
Hello,

I have a client who is concerned with someone breaking in to their office and stealing their server and then being able to get access to the data.   The server uses Active Directory and a SQL database.  The database by software design uses authentication access.

I know there are tools that allow someone to reset the password to the domain administrator, etc.. and then get to the data.

Is there any good way to reduce this risk in the case of someone stealing the server?

If yes, does it take a big performance hit in regards to disk i/o?
0
Comment
Question by:tucktech
  • 3
  • 2
6 Comments
 
LVL 29

Assisted Solution

by:Rich Weissler
Rich Weissler earned 225 total points
ID: 40009640
For Windows Server, you can use BitLocker.

For SQL, one "built in" possibility is Transparent Data Encryption, which will require the Enterprise Edition of SQL, and you'll need to be very careful with certificates and keys.

In both cases, I'd strongly suggest reading up on the features, implementations and recovery... and be aware that you'll need to keep the private keys for the certificates safe.

And yes, with any encryption, there will be performance hit, but it'll usually be mostly CPU.
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 275 total points
ID: 40010199
The performance hit is nearly unnoticable for bitlocker, and if the whole/partition drive is encrypted, why use additional SQL encryption?
But be aware that for secure encyrption, you need a concept. Turning on bitlocker is not as easy as it seems. Bitlocker ("BL") should not run in transparent mode (which requires a TPM chip, by the way), but should require authentication. As servers normally should reboot "hands-free", this creates a new problem: how to provide the key?

We can solve like this: use a script to unlock the BL-encyrpted drive. Place that script on another, physically better secured server's share and have task scheduler start it. When the server is stolen, the script is not accessible and the drive stays locked.
0
 

Author Comment

by:tucktech
ID: 40010277
Thanks, are there any suggested guides or best practices on bitlocker that you would recommend?

Like the idea of the share and automatic task scheduler to keep it automatic and only available if both devices are available to each other.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 53

Accepted Solution

by:
McKnife earned 275 total points
ID: 40010316
Just learn the syntax of manage-bde.exe
That's all you need. Put it in a batch file and there you go.
No best practices. My method requires the policy"require additional startup key" to be activated.
Of course that method can only be used for non-OS partitions.
0
 

Author Closing Comment

by:tucktech
ID: 40010462
Seems simple enough....
0
 
LVL 53

Expert Comment

by:McKnife
ID: 40013604
If you need more help, just say, we have used this for years.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows Server Licensing - Home Server 6 56
Encryption Decryption in Oracle 12 102
Windows Server 2016 GPU passthrough 4 42
Sharepoint 2010 Audit Logs 11 76
As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
OfficeMate Freezes on login or does not load after login credentials are input.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

943 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now