SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Database to Database Connection - Unsecure?


Database to Database Connection - Unsecure?

Author
Message
amy26
amy26
Say Hey Kid
Say Hey Kid (668 reputation)Say Hey Kid (668 reputation)Say Hey Kid (668 reputation)Say Hey Kid (668 reputation)Say Hey Kid (668 reputation)Say Hey Kid (668 reputation)Say Hey Kid (668 reputation)Say Hey Kid (668 reputation)

Group: General Forum Members
Points: 668 Visits: 585
Hello, I work for a government agency and I'm trying to implement some automated data pull procedures and I was getting some push back regarding "database to database connections are not secure". When I first heard this I thought they were crazy but I wanted to get some feedback from the community as to how "secure" a linked server or SSIS package is...

I did read that linked servers can be encrypted and use SSL and of course they would be using integrated security with only the permissions they need.

So, I wanted to ask the community for those out there that work in government agencies... how do you handle data transfer between agencies? I have already been using linked servers for some of our trading partners but I have 1 last group that we have to manually download data files on a monthly basis and then manually import them into our database. I personally think that in today's age, we should not have to do any sort of manual data movement but I wanted to get some "offical" positions on securing db to db connections and what the "industry standard" was for doing this.

The data that we are moving is not PII and it is not classified at all... its basically just FOUO data.

Thanks in advance!
DiverKas
DiverKas
Old Hand
Old Hand (317 reputation)Old Hand (317 reputation)Old Hand (317 reputation)Old Hand (317 reputation)Old Hand (317 reputation)Old Hand (317 reputation)Old Hand (317 reputation)Old Hand (317 reputation)

Group: General Forum Members
Points: 317 Visits: 460
Is the physical network layer between the 2 agencies private? Is it a VPN, or some tunnel variant?

If so, then the encryption layer/privacy layer is in place and I would not worry about it. If its not, then the simplest method is to get a secure link between the 2. I would never advocate having a database engine provide that type of security. that is a networking issue all day long.
amy26
amy26
Say Hey Kid
Say Hey Kid (668 reputation)Say Hey Kid (668 reputation)Say Hey Kid (668 reputation)Say Hey Kid (668 reputation)Say Hey Kid (668 reputation)Say Hey Kid (668 reputation)Say Hey Kid (668 reputation)Say Hey Kid (668 reputation)

Group: General Forum Members
Points: 668 Visits: 585
No they are not on the same network and there is no VPN. When you say get a "secure link between the 2" what are you referring to?

I think it would work similarly to how I have another connection established. There is another organizations Oracle database that I push/pull from. We have a linked server connection to their Oracle set up in our SQL Server. We just have permissions in place to allow our IP address to access their server. It is using a login that only is used for our connection and the tables we have access to.

I was just confused when he tried to tell me that database to database is not "secure". He didn't elaborate on what his definition of not secure was. Our Government POC is fine with us pursuing the linked server connection but she wants me to verify that it is secure enough for the standards that the agency has in place (that part I have to research myself) but I wanted to get some other community feedback on how they handle moving data around like this. I'm also fine with doing it in SSIS. I had made the suggestion of using secure FTP but they didn't seem to like that idea.

The only other option they gave was to create a secure VPN connection which would cost like 35k for each destination.... I'm like why would I make them do that for 35k when I can do it for free in SQL? BigGrin
DiverKas
DiverKas
Old Hand
Old Hand (317 reputation)Old Hand (317 reputation)Old Hand (317 reputation)Old Hand (317 reputation)Old Hand (317 reputation)Old Hand (317 reputation)Old Hand (317 reputation)Old Hand (317 reputation)

Group: General Forum Members
Points: 317 Visits: 460
amy26 (2/26/2013)
No they are not on the same network and there is no VPN. When you say get a "secure link between the 2" what are you referring to?

I think it would work similarly to how I have another connection established. There is another organizations Oracle database that I push/pull from. We have a linked server connection to their Oracle set up in our SQL Server. We just have permissions in place to allow our IP address to access their server. It is using a login that only is used for our connection and the tables we have access to.

I was just confused when he tried to tell me that database to database is not "secure". He didn't elaborate on what his definition of not secure was. Our Government POC is fine with us pursuing the linked server connection but she wants me to verify that it is secure enough for the standards that the agency has in place (that part I have to research myself) but I wanted to get some other community feedback on how they handle moving data around like this. I'm also fine with doing it in SSIS. I had made the suggestion of using secure FTP but they didn't seem to like that idea.

The only other option they gave was to create a secure VPN connection which would cost like 35k for each destination.... I'm like why would I make them do that for 35k when I can do it for free in SQL? BigGrin


Secure VPN for 35k? Seriously? I need to get into the hardware business for the government.

Ok, moving on, your right, you can do it in SQL Server... but obviously the transport layer and hardware would be more efficient. Its like putting a Ferrari engine in a baby buggy... I mean you can do it, but why? If the linked server is already deemed sufficient and within norm for both parties, then SSIS unencrypted should also be acceptable, since they are both using ADO, or native drivers depending on endpoints.
Lowell
Lowell
One Orange Chip
One Orange Chip (28K reputation)One Orange Chip (28K reputation)One Orange Chip (28K reputation)One Orange Chip (28K reputation)One Orange Chip (28K reputation)One Orange Chip (28K reputation)One Orange Chip (28K reputation)One Orange Chip (28K reputation)

Group: General Forum Members
Points: 28111 Visits: 39939
wow save that 35K for bonuses!

my first link for creating a free VPN between networks:
http://www.wikihow.com/Set-Up-a-Virtual-Private-Network-with-Windows

another possibility might include secure FTP to throw files on endpoints accessible to both servers.

Lowell

--
help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!

Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search