It might be time to learn a bit more about network protocols, SSL, and encryption for many DBAs. At least Oracle DBAs after a session at the recent Black Hat Europe conference. Researches showed how a man-in-the-middle (MITM) attack could take place against clear text traffic to an Oracle database and credentials could be revealed or the session hijacked.
This article talks about the issues, and it mentions that these MITM attacks are seen as "easy" by attackers. I would have thought these are harder than other types of attacks, but perhaps not. Just the chance that they can take place is worrisome to a DBA who might harden a server only to find that the communications with a client are compromised.
SQL Server include a number of encryption technologies, TDE, SSL and more. And unlike Oracle, which charges for encryption features, these are included in the price of SQL Server. You can deploy them on any of your instances just by flipping a switch.
While it is that easy, you should take some time to plan things out and think about how to better secure your SQL Server instance. Encrypting the data files, or the communication traffic won't ensure your server is secure, but each little additional security precaution makes it less likely that you will get hacked.
Steve Jones
The Voice of the DBA Podcasts
The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there.
You can also follow Steve Jones on Twitter:
or now on iTunes!
- Windows Media Podcast - 20.2MB WMV
- iPod Video Podcast - 15.0MB MP4
- MP3 Audio Podcast - 3.6MB MP3
Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.