Database to Database Connection - Unsecure?

  • Hello, I work for a government agency and I'm trying to implement some automated data pull procedures and I was getting some push back regarding "database to database connections are not secure". When I first heard this I thought they were crazy but I wanted to get some feedback from the community as to how "secure" a linked server or SSIS package is...

    I did read that linked servers can be encrypted and use SSL and of course they would be using integrated security with only the permissions they need.

    So, I wanted to ask the community for those out there that work in government agencies... how do you handle data transfer between agencies? I have already been using linked servers for some of our trading partners but I have 1 last group that we have to manually download data files on a monthly basis and then manually import them into our database. I personally think that in today's age, we should not have to do any sort of manual data movement but I wanted to get some "offical" positions on securing db to db connections and what the "industry standard" was for doing this.

    The data that we are moving is not PII and it is not classified at all... its basically just FOUO data.

    Thanks in advance!

  • Is the physical network layer between the 2 agencies private? Is it a VPN, or some tunnel variant?

    If so, then the encryption layer/privacy layer is in place and I would not worry about it. If its not, then the simplest method is to get a secure link between the 2. I would never advocate having a database engine provide that type of security. that is a networking issue all day long.

  • No they are not on the same network and there is no VPN. When you say get a "secure link between the 2" what are you referring to?

    I think it would work similarly to how I have another connection established. There is another organizations Oracle database that I push/pull from. We have a linked server connection to their Oracle set up in our SQL Server. We just have permissions in place to allow our IP address to access their server. It is using a login that only is used for our connection and the tables we have access to.

    I was just confused when he tried to tell me that database to database is not "secure". He didn't elaborate on what his definition of not secure was. Our Government POC is fine with us pursuing the linked server connection but she wants me to verify that it is secure enough for the standards that the agency has in place (that part I have to research myself) but I wanted to get some other community feedback on how they handle moving data around like this. I'm also fine with doing it in SSIS. I had made the suggestion of using secure FTP but they didn't seem to like that idea.

    The only other option they gave was to create a secure VPN connection which would cost like 35k for each destination.... I'm like why would I make them do that for 35k when I can do it for free in SQL? 😀

  • amy26 (2/26/2013)


    No they are not on the same network and there is no VPN. When you say get a "secure link between the 2" what are you referring to?

    I think it would work similarly to how I have another connection established. There is another organizations Oracle database that I push/pull from. We have a linked server connection to their Oracle set up in our SQL Server. We just have permissions in place to allow our IP address to access their server. It is using a login that only is used for our connection and the tables we have access to.

    I was just confused when he tried to tell me that database to database is not "secure". He didn't elaborate on what his definition of not secure was. Our Government POC is fine with us pursuing the linked server connection but she wants me to verify that it is secure enough for the standards that the agency has in place (that part I have to research myself) but I wanted to get some other community feedback on how they handle moving data around like this. I'm also fine with doing it in SSIS. I had made the suggestion of using secure FTP but they didn't seem to like that idea.

    The only other option they gave was to create a secure VPN connection which would cost like 35k for each destination.... I'm like why would I make them do that for 35k when I can do it for free in SQL? 😀

    Secure VPN for 35k? Seriously? I need to get into the hardware business for the government.

    Ok, moving on, your right, you can do it in SQL Server... but obviously the transport layer and hardware would be more efficient. Its like putting a Ferrari engine in a baby buggy... I mean you can do it, but why? If the linked server is already deemed sufficient and within norm for both parties, then SSIS unencrypted should also be acceptable, since they are both using ADO, or native drivers depending on endpoints.

  • wow save that 35K for bonuses!

    my first link for creating a free VPN between networks:

    http://www.wikihow.com/Set-Up-a-Virtual-Private-Network-with-Windows

    another possibility might include secure FTP to throw files on endpoints accessible to both servers.

    Lowell


    --help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply