I'm reading a book about SQL Server 2005 security, now i'm in the encryptation chapter.
I have some problems in understanding some concepts.
In the book i have read that each time i install a nwe instance of SQL Server , automaticaly a service Master Key is installed.
They say in the book that the master key encripts information like:
Linked server passowords
all database master keys.
They say too, that i need to backup the Service Master Key, when i install the SQL Server.
1) My first question is, for e.g, in my case i have several instances of SQL Server , so, each one should have it's own Service Master Key, even if they are in the same server?
(a default instance and 3 named instances)?
2) The second question is,i have read that this Service Master Key encrypts the connection strings. Do i need to specify anything in the connection string of my app, so that this connection can be encripted, or it's automatic?
I ask this, because in SQL Server 2000, when i connect , e.g, via SQL Server login , the informations goes in plain text through the wire.
I read that in SQL Server 2000 windows authentication was much more secure, because of this.
In SQL Server 2005, the SQL Server authentions does go anymore in text, throught the wire?
3) Other question that i have it's that i read in this same book that i need to do the backup of the Service Master Key.
If i do not use encriptation, do i really nead to do this backup?