Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
Log in  ::  Register  ::  Not logged in

Man in the MIddle

By Steve Jones,

It might be time to learn a bit more about network protocols, SSL, and encryption for many DBAs. At least Oracle DBAs after a session at the recent Black Hat Europe conference. Researches showed how a man-in-the-middle (MITM) attack could take place against clear text traffic to an Oracle database and credentials could be revealed or the session hijacked.

This article talks about the issues, and it mentions that these MITM attacks are seen as "easy" by attackers. I would have thought these are harder than other types of attacks, but perhaps not. Just the chance that they can take place is worrisome to a DBA who might harden a server only to find that the communications with a client are compromised.

SQL Server include a number of encryption technologies, TDE, SSL and more. And unlike Oracle, which charges for encryption features, these are included in the price of SQL Server. You can deploy them on any of your instances just by flipping a switch.

While it is that easy, you should take some time to plan things out and think about how to better secure your SQL Server instance. Encrypting the data files, or the communication traffic won't ensure your server is secure, but each little additional security precaution makes it less likely that you will get hacked.

Steve Jones

The Voice of the DBA Podcasts

Everyday Jones

The podcast feeds are available at Comments are definitely appreciated and wanted, and you can get feeds from there.

You can also follow Steve Jones on Twitter:

Overall RSS Feed: or now on iTunes!

Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at

Total article views: 208 | Views in the last 30 days: 1
Related Articles

Podcast Announcements

Podcast Feeds


New Hebrew SQL Server Podcast

Five months ago, I wrote a post about my love for Podcasts. At some point, I started to think about...



A new video setup is on the way!!!! Actually I'll do a couple podcasts on podcasting over the hol...


We Need to Learn Encryption

With all the recent worms and attacks out there, it's only a matter of time before someone focuses m...


Security Alert : SQL Server Worm Virus Attacking Systems

This past week, a worm virus began to attack SQL Servers on the internet that hold a blank password....


Join the most active online SQL Server Community

SQL knowledge, delivered daily, free:

Email address:  

You make SSC a better place

As a member of SQLServerCentral, you get free access to loads of fresh content: thousands of articles and SQL scripts, a library of free eBooks, a weekly database news roundup, a great Q & A platform… And it’s our huge, buzzing community of SQL Server Professionals that makes it such a success.

Join us!

Steve Jones

Already a member? Jump in:

Email address:   Password:   Remember me: Forgotten your password?
Steve Jones