ASB,
They are only specifying encryption of the database, we would assume its at rest, but it has to be unencrypted when its being utilized for the application etc etc to read the data from the database itself. Encryption at rest on the disk would be either SQL or the 3rd party disks, if they needed encryption for the data returned from the DB server to the application and back to the end-user, then a combination of IPSEC and SSL and strong authentication should be used, along with proper database security and auditing of user actions accordingly. I would look at it something like this: Task: Data at rest DB Server - Encryption of Backups Task Data in motion: IPSEC between the requesting application/service and the database server (Use ESP) (assuming Web Server is only system that is allowed to talk to DB server to request information, adjust accordingly) DB Server----IPSEC (ESP)------WEBSERVER-------SSL V3/TLSV1-----Client (2 Factor Authentication) (Strong Auditing of sensitive fields) Verification of Encrypted channel between DB and Web Protection of Web front end or middle tier from WEB application Attacks, especially XSS/CSRF and SQLI (Either Source code review and fixing, or WAF as a compensating control, until the code is fixed) No AD HOC reporting directly to the database. IPS/HIDS on the webserver/DB for defense in depth. Thoughts? Additional things you would look at in this type of architecture? Z Network Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 From: Andrew S. Baker [mailto:[email protected]] Sent: Friday, July 09, 2010 1:45 PM To: NT System Admin Issues Subject: Re: Database Encryption The point is that you're only addressing the "data at rest" part of the requirements, not the "data in motion" part. -ASB: http://XeeSM.com/AndrewBaker On Fri, Jul 9, 2010 at 1:39 PM, Cameron Cooper <[email protected]> wrote: Looking to protect the information on the MD3000, since that's where all the data is stored and accessed from. _____________________________ Cameron Cooper Network Administrator | CompTIA A+ Certified Aurico Reports, Inc Phone: 847-890-4021 | Fax: 847-255-1896 [email protected] | www.aurico.com From: Ken Schaefer [mailto:[email protected]] Sent: Friday, July 09, 2010 12:26 PM To: NT System Admin Issues Subject: RE: Database Encryption What threat are you actually trying to protect against? The application will need to access the data in cleartext (since you are not using in-field encryption of data). So, the only threat that I can see you mitigating is theft of the server, or theft of the disks in the server. You could just use Bitlocker to handle that. Cheers Ken From: Cameron Cooper [mailto:[email protected]] Sent: Saturday, 10 July 2010 1:21 AM To: NT System Admin Issues Subject: RE: Database Encryption We have two databases that we would be moving to SQL 2008. We would need to purchase the per processor license due to clients nationwide accessing our system. (ie checking reports) We are a pre-employment background screening company that is trying to get accredited through the NAPBS, and from what I understand in order to become accredited we need to have the entire database encrypted. _____________________________ Cameron Cooper Network Administrator | CompTIA A+ Certified Aurico Reports, Inc Phone: 847-890-4021 | Fax: 847-255-1896 [email protected] | www.aurico.com From: Ziots, Edward [mailto:[email protected]] Sent: Friday, July 09, 2010 12:14 PM To: NT System Admin Issues Subject: RE: Database Encryption Two questions, One how many databases are you moving to SQL 2008, maybe there is the ability to go with Enterprise Edition R2 for the transparent data encryption you are seeking, and just have 1 database cluster accordingly ( Active/ Passive). You don't have to go per-processor for licensing, but Cal management can be a pain otherwise. Especially if you have proxy boxes ( webservers, other applications etc etc) connecting to the database backend, then Per Processor solves a lot of your problems. Other than that, I know that RED Gate SQL backup, and Quests Litespeed can produce encrypted backups. The second question, is why do you need to encrypt the whole database? why not just encrypt the rows with the sensitive data itself, is this a PCI DSS requirement they want you to do ? Could not the backups themselves be encrypted to meet the requirements? Just some thoughts on this thread... Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected] <mailto:email%[email protected]> Cell:401-639-3505 From: Cameron Cooper [mailto:[email protected]] Sent: Friday, July 09, 2010 12:32 PM To: NT System Admin Issues Subject: Database Encryption All, We are looking to replace our database servers with new hardware and software and will be running Windows Server 2008 R2 Enterprise Edition (64bit), with SQL Server 2008 R2 Standard on each machine. Also, each machine connects into a MD3000. What would be the best way to encrypt the entire database? I know this can be done with the enterprise version of SQL Server 2008 R2, but due to the cost per processor (for unlimited CALs), we will be going with the Standard edition. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
