The point is that you're only addressing the "data at rest" part of the
requirements, not the "data in motion" part.

-ASB: http://XeeSM.com/AndrewBaker


On Fri, Jul 9, 2010 at 1:39 PM, Cameron Cooper <[email protected]> wrote:

>  Looking to protect the information on the MD3000, since that’s where all
> the data is stored and accessed from.
>
>
>
> _____________________________
>
> *Cameron Cooper*
>
> *Network Administrator | CompTIA A+ Certified***
>
> Aurico Reports, Inc
>
> Phone: 847-890-4021 | Fax: 847-255-1896
>
> [email protected] | www.aurico.com
>
>
>
> *From:* Ken Schaefer [mailto:[email protected]]
> *Sent:* Friday, July 09, 2010 12:26 PM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Database Encryption
>
>
>
> What threat are you actually trying to protect against? The application
> will need to access the data in cleartext (since you are not using in-field
> encryption of data). So, the only threat that I can see you mitigating is
> theft of the server, or theft of the disks in the server. You could just use
> Bitlocker to handle that.
>
>
>
> Cheers
>
> Ken
>
>
>
> *From:* Cameron Cooper [mailto:[email protected]]
> *Sent:* Saturday, 10 July 2010 1:21 AM
> *To:* NT System Admin Issues
> *Subject:* RE: Database Encryption
>
>
>
> We have two databases that we would be moving to SQL 2008.  We would need
> to purchase the per processor license due to clients nationwide accessing
> our system. (ie checking reports)
>
>
>
> We are a pre-employment background screening company that is trying to get
> accredited through the NAPBS, and from what I understand in order to become
> accredited we need to have the entire database encrypted.
>
>
>
> _____________________________
>
> *Cameron Cooper*
>
> *Network Administrator | CompTIA A+ Certified*
>
> Aurico Reports, Inc
>
> Phone: 847-890-4021 | Fax: 847-255-1896
>
> [email protected] | www.aurico.com
>
>
>
> *From:* Ziots, Edward [mailto:[email protected]]
> *Sent:* Friday, July 09, 2010 12:14 PM
> *To:* NT System Admin Issues
> *Subject:* RE: Database Encryption
>
>
>
> Two questions,
>
>
>
> One how many databases are you moving to SQL 2008, maybe there is the
> ability to go with Enterprise Edition R2  for the transparent data
> encryption you are seeking, and just have 1 database cluster accordingly (
> Active/ Passive).  You don’t have to go per-processor for licensing, but Cal
> management can be a pain otherwise. Especially if you have proxy boxes (
> webservers, other applications etc etc) connecting to the database backend,
> then Per Processor solves a lot of your problems.
>
>
>
> Other than that, I know that RED Gate SQL backup, and Quests Litespeed can
> produce encrypted backups.
>
>
>
> The second question, is why do you need to encrypt the whole database? why
> not just encrypt the rows with the sensitive data itself, is this a PCI DSS
> requirement they want you to do ? Could not the backups themselves be
> encrypted to meet the requirements?
>
>
>
> Just some thoughts on this thread…
>
>
>
> Z
>
>
>
> Edward E. Ziots
>
> CISSP, Network +, Security +
>
> Network Engineer
>
> Lifespan Organization
>
> Email:[email protected] <email%[email protected]>
>
> Cell:401-639-3505
>
>
>
> *From:* Cameron Cooper [mailto:[email protected]]
> *Sent:* Friday, July 09, 2010 12:32 PM
> *To:* NT System Admin Issues
> *Subject:* Database Encryption
>
>
>
> All,
>
>
>
> We are looking to replace our database servers with new hardware and
> software and will be running Windows Server 2008 R2 Enterprise Edition
> (64bit), with SQL Server 2008 R2 Standard on each machine.  Also, each
> machine connects into a MD3000.
>
>
>
> What would be the best way to encrypt the entire database?  I know this can
> be done with the enterprise version of SQL Server 2008 R2, but due to the
> cost per processor (for unlimited CALs), we will be going with the Standard
> edition.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Reply via email to