Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

Man in the MIddle

By Steve Jones,

It might be time to learn a bit more about network protocols, SSL, and encryption for many DBAs. At least Oracle DBAs after a session at the recent Black Hat Europe conference. Researches showed how a man-in-the-middle (MITM) attack could take place against clear text traffic to an Oracle database and credentials could be revealed or the session hijacked.

This article talks about the issues, and it mentions that these MITM attacks are seen as "easy" by attackers. I would have thought these are harder than other types of attacks, but perhaps not. Just the chance that they can take place is worrisome to a DBA who might harden a server only to find that the communications with a client are compromised.

SQL Server include a number of encryption technologies, TDE, SSL and more. And unlike Oracle, which charges for encryption features, these are included in the price of SQL Server. You can deploy them on any of your instances just by flipping a switch.

While it is that easy, you should take some time to plan things out and think about how to better secure your SQL Server instance. Encrypting the data files, or the communication traffic won't ensure your server is secure, but each little additional security precaution makes it less likely that you will get hacked.

Steve Jones


The Voice of the DBA Podcasts

Everyday Jones

The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there.

You can also follow Steve Jones on Twitter:

Overall RSS Feed: or now on iTunes!

Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.

Total article views: 202 | Views in the last 30 days: 3
 
Related Articles
ARTICLE

Podcast Announcements

Podcast Feeds

BLOG

New Hebrew SQL Server Podcast

Five months ago, I wrote a post about my love for Podcasts. At some point, I started to think about...

BLOG

Podcasting

A new video setup is on the way!!!! Actually I'll do a couple podcasts on podcasting over the hol...

ARTICLE

We Need to Learn Encryption

With all the recent worms and attacks out there, it's only a matter of time before someone focuses m...

ARTICLE

Security Alert : SQL Server Worm Virus Attacking Systems

This past week, a worm virus began to attack SQL Servers on the internet that hold a blank password....

Tags
editorial    
encryption    
security    
ssl    
 
Contribute

Join the most active online SQL Server Community

SQL knowledge, delivered daily, free:

Email address:  

You make SSC a better place

As a member of SQLServerCentral, you get free access to loads of fresh content: thousands of articles and SQL scripts, a library of free eBooks, a weekly database news roundup, a great Q & A platform… And it’s our huge, buzzing community of SQL Server Professionals that makes it such a success.

Join us!

Steve Jones
Editor, SQLServerCentral.com

Already a member? Jump in:

Email address:   Password:   Remember me: Forgotten your password?
Steve Jones