I need to develop an application which stores data in a SQL Server 2005 database (the app itself will be either a WCF Service or an Asp.Net Web Service).
Now, this data is supremely confidential, and I need to have it stored in an encrypted form in the database.
So, I am wondering what the best practices are around this. I know that there is some encryption capabilities that SQL Server has in-built. Is there a 'for dummies' type of resource for this so that I can quickly get going.
Alternatively I was thinking that I could encrypt/decrypt in my C# code and not in the database - maybe have a layer which handles this just above the data access layer (is that a good idea)?
Look at this link for a good introduction with samples.
I think doing the data encryption in the application is better, because in that case the transferred data is already encrypted. Otherwise you have to use a secure channel between your app and the database server.
It depends on your needs, i would say.
Have you considered encrypting your data at the file-system level?
It's Windows 2008/Vista only, but it should give you what you need and it's what it's designed for.
Before you decide on an encryption method, you need to access what parts of the system are vulnerable. If the potential for unauthorized access to the database exists, does the same threat exist for your application? Someone could run your code through Reflector and determine what methods were being used to encrypt and decrypt. You can mitigate that exposure to some extent with the code obsfucators. If that concern is not a risk, then you may find it easier to encrypt your data at the application level.
Encryption needs to happen in a few different places depending on the application. For example a consumer site using credit card info needs to encrypt the connection over the network to prevent man in the middle attacks or snooping. when the data is stored in the database you need to encrypt the data so that a low level sales rep cant read and access the customers credit card info , in which you might want to implement column level encryption as appropriate permission in addition to this if your worried that one day the janitor at your data centre might steal one of your backups then you need TDE implement to encrypt data at the disk level.
Encryption has a performance overhead esp with regard to CPU usage more importantly the overhead depends on the alogrithim being used for exncryption.
Related
I am running a MS Access app using a few tables hosted on our native SQL server to facilitate easy integration with PowerBI and other apps. I am an intermediate MS Access user and new the SQL Server. I don't store anything critically sensitive in any tables and am happy with our normal security for data at rest. However, when my app or PowerBI requests data from the server, how is that data protected? I don't want the increased complexity that comes w/ certificate management and processing time associated with encrypting data. However, I don't want to be low hanging fruit for attacks when I request data from the server (i.e. attacks in transit).
Thanks!
First of all - security is about three things. Confidentiality, integrity and availability. Confidentiality means, that people are not supposed to see data that is not meant for them. Integrity means, that the data is what you expect it to be (no third party is able to manipulate it). And availability means, that the server is always up and running.
This is a simplification, but just to make the point that security is more than many of us believe. If your server is down, then the security is equal to zero.
Having said that, you wanted to know how to protect the communication channel. Sorry to say that, but the best thing we have right now is TLS, which requires certificate management. Look into this page to understand, how this can be configured: http://dba-datascience.com/ssl-or-tls-encryption-on-sql-server/
If you want to know how to protect your SQL Server even more (beyond the communication channel), look into the CIS Benchmarks available here: https://www.cisecurity.org/cis-benchmarks/. They are very technical (which is good), but may be also confusing a bit when you see it for the first time.
We have a process where data is sent from one database to another for distribution. The process chosen at the time was to encrypt the data because of all the people that could access the database. However, de-crypting the data is a slow process.
What are the alternatives to securing the data on the servers to prevent access?
It all depends on your requirements.
If you really need to keep the data private from people whom have access to the database then you pretty much have no option but to encrypt.
If you are sending the data to other locations and it is the transfer itself that needs to be secure you can use encyption for just the communication, ie webservices over https or custom encryption over tcp/ip, or saving to flat files and encrypting it as a whole..
If the data itself needs to be hidden from the people whom have access to it then there is a question of how secure the data needs to be.. If you are just wanting to avoid clear text there are some pretty fast encryption algorithms that can be used, here is a List of different encryption algorithms.
But if you are storing things like medical history or banking information then you have no option but to either upgrade your hardware to improve performance or take the processing time like a man ;).
If we are talking about passwords, where you only need to know if the user entered the correct password or not, then you could hash the passwords with a salt, and compare with the database hash, read more about that here: Link.
Easy answer: none. The only way to prevent people with physical access to the database table (note: the database TABLE - most DBMS can set access rights for indivifual tables) from reading it, is encrypting the data. It really is that simple.
Couple of recommendations
Work with DBA to create roles and restrict access to sensitive columns. In this case you don't have to encrypt.
Few columns you have to encrypt due to regulatory requirements. Selectively encrypt only the columns having sensitive data.
Also use relatively faster algorithms like AES. You can also cache the crypto object if not already done.
I've been looking for finding the best solution to store highly sensitive information like an Amount or a balance in a banking application. Can I store that just as a numeric field or Do I need any encryption to encrypt that data? Am a bit worried about encryptions since these fields are frequently being accessed by the users. So when ever it gets accessed there needs to be some decryption mecahnism and to store back the new balance amount that again needs some encryption.
Or is there is a better solution for that.
Database is SQL Server 2008 R2 and the platform is .NET 4.0
This is an important topic to think about, there are lots of ways to do it.
However encryption in the best possible way when we have confidential data and to save things from Hackers you should surely encrypt it.
Take a look at this
http://msdn.microsoft.com/en-us/library/ms179331.aspx
and this
http://msdn.microsoft.com/en-us/library/ms174361.aspx
You should not need to store the data in an encrypted manner.
When it comes to security of data you should always work on preventing access via firewalls and correct login protocols.
Also only allows users to access data for which they have clearance.
When it comes to encryption - you could encrypt the disk but encrypting columns is not really worth the access time it will take in decrypting the data and if someone has access to the database invariably they will have access to the decryption routines.
Just started looking into encryption using keys and certificates in sql server 2005/08 and although it looks very good I'm not too sure why I should use it over sql server security permissioning.
For example, I have a table with sensitive data in, such as user-name/passwords.
I can either encrypt the data using say ENCRYPTBYCERT, or simply leave as plain text and just apply permissions to the table for authorised users.
I won't be transferring this data over the internet, just accessing internally over the network.
Are there any other reasons to use encryption?
Well it provides more security if you encrypt at the DB level. It's tied to the machine for a start, so you can't (for example) backup the database, restore it somewhere else, and have at it. If you also encrypt the keys (in a web.config encrypted section for example), then you have just defended against several different potential attacks.
So if you were storing customer data (protected by privacy law), or CC data (obviously with due regard to PCI DSS), then encrypting it like this protects it, for example, from your own support staff.
And then... if you're assuming that your other security is rock solid, bad people will never be able to get access to the data, but if they did, and if it was encrypted, they're still getting nowhere.
i devoleped windows application with c# and i use local sql database i want to secure it
from admins -
can i put password for sql database like (test.mdf) to secure it if no what is he best way to secure my database
(in other words)
can i keep my database not authenticated with windows and only be seen for auser i define
I'm afraid there's no 100% secure method to achieve what you want. You could protect Stored Procedure using WITH ENCRYPTION, but if somebody really wants to find out what your code does, he can find a way (e.g. with SQL Profiler).
If the issue is data sensitivity, you could encrypt the values before saving them in the database, but this will require you to modify your application and possibly add significant overhead. Also, unless you use some kind of obfuscation, your code can be reverse-engineered (actually, it can be even if you obfuscate it, it just takes longer).
In my experience, the most effective way to protect the data is via License Agreements. If customer tries to "play around" where he should not, then you have the rights to suspend support, charge extra fees to fix issues and, eventually, you have ground to sue them if you're afraid they "stole" your intellectual property.