Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
Log in  ::  Register  ::  Not logged in
Home       Members    Calendar    Who's On

Add to briefcase

Understanding Security Expand / Collapse
Posted Tuesday, June 14, 2011 9:16 PM



Group: Administrators
Last Login: Yesterday @ 2:05 PM
Points: 31,698, Visits: 16,178
Comments posted to this topic are about the item Understanding Security

Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #1125428
Posted Wednesday, June 15, 2011 5:33 AM



Group: General Forum Members
Last Login: 2 days ago @ 1:21 AM
Points: 6,784, Visits: 8,668
The picture use used in the editorial reminded me of the good old ROT13 solution on thread some years ago.


Don't drive faster than your guardian angel can fly ...
but keeping both feet on the ground won't get you anywhere

- How to post Performance Problems
- How to post data/code to get the best help

- How to prevent a sore throat after hours of presenting ppt ?

"press F1 for solution", "press shift+F1 for urgent solution"

Need a bit of Powershell? How about this

Who am I ? Sometimes this is me but most of the time this is me
Post #1125608
Posted Wednesday, June 15, 2011 8:44 AM

UDP Broadcaster

UDP BroadcasterUDP BroadcasterUDP BroadcasterUDP BroadcasterUDP BroadcasterUDP BroadcasterUDP BroadcasterUDP Broadcaster

Group: General Forum Members
Last Login: Monday, March 9, 2015 12:54 PM
Points: 1,446, Visits: 3,235
SQL servers implementation is pretty good although it has no real turn-key management solution (yes, it provides some infastructure) and the exact encryption result can not be reproduced external to the server.

Key management is by far the most important element of security involving encryption and it requires serious thought and planning to come up with an optimal solution. For maximum security key management should be a roll your own approach.

The probability of survival is inversely proportional to the angle of arrival.
Post #1125775
Posted Wednesday, June 15, 2011 11:54 AM
SSC Eights!

SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!

Group: General Forum Members
Last Login: Thursday, March 26, 2015 12:29 PM
Points: 953, Visits: 1,207
In my last job doing public sector consulting, I saw a lot of our customers mandating encryption at rest for all databases without being able to even articulate the tradeoffs and risks, and without also mandating any sort of key management strategy. I saw this on RFC's for different departments in different states. It's clearly become a checklist item. But the incomplete understanding is scary. I guess somebody is going to have to lose access to something big due to an external attacker getting access to a keyserver or to a disgruntled admin to make people understand the risks.
Post #1125963
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse