Understanding Security

  • Comments posted to this topic are about the item Understanding Security

  • The picture use used in the editorial reminded me of the good old ROT13 solution on thread http://www.sqlservercentral.com/Forums/Topic579917-338-1.aspx some years ago. :w00t:

    Johan

    Learn to play, play to learn !

    Dont drive faster than your guardian angel can fly ...
    but keeping both feet on the ground wont get you anywhere :w00t:

    - How to post Performance Problems
    - How to post data/code to get the best help[/url]

    - How to prevent a sore throat after hours of presenting ppt

    press F1 for solution, press shift+F1 for urgent solution 😀

    Need a bit of Powershell? How about this

    Who am I ? Sometimes this is me but most of the time this is me

  • SQL servers implementation is pretty good although it has no real turn-key management solution (yes, it provides some infastructure) and the exact encryption result can not be reproduced external to the server.

    Key management is by far the most important element of security involving encryption and it requires serious thought and planning to come up with an optimal solution. For maximum security key management should be a roll your own approach.

    The probability of survival is inversely proportional to the angle of arrival.

  • In my last job doing public sector consulting, I saw a lot of our customers mandating encryption at rest for all databases without being able to even articulate the tradeoffs and risks, and without also mandating any sort of key management strategy. I saw this on RFC's for different departments in different states. It's clearly become a checklist item. But the incomplete understanding is scary. I guess somebody is going to have to lose access to something big due to an external attacker getting access to a keyserver or to a disgruntled admin to make people understand the risks.

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply