Database security

How can sql server ensure that the data that is P&C cannot be accessed even by the dba? Is there a way to encrypt these data without comprising on the flexibility of sql?Man, that's a big question. Here's a good place to start reading:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adminsql/ad_security_93u6.asp|||It should be possible to set up a role for your DBA that allows them to do basic maintenance, such as backups and restores, but does not allow them to access tables or procedures. Can't say I've done this, though.

If your DBA logs in as sa or dbo, then there is no way to hide anything that you don't encrypt yourself. DBO is database god (small g), and SA is server God (big g).

blindman|||hmm... in that case anybody that gotten hold of any of my full backup files too can just restore it and definately he/she will have sa authority and be able to view everything....|||Where are you leaving your backups? Shouldn't they enjoy the same security (file system, locked cabinet for tapes, etc) as your live database files? It's like leaving photocopies of you credit card statements around.

Did you read the article on encryption? It does provide a method of protecting your data from direct viewing, but it needs to be set up that way initially.|||bpdWork,

I don't see where in the article it talks about protecting your data from viewing within the database, just from viewing intercepted transmissions across the network. Have you done this?

debcwong,

The BACKUP command allows to supply a password that is then required in order to restore the file, although the sqlmaint Utility (used by the Maintenance Plan wizard) does not.

blindman|||No, I haven't. In fact, you can probably tell just how lazy I am by the fact that I didn't read the whole article.

Though, the second sentence says: "Encryption ensures that data remains secure by keeping the information hidden from everyone, even if the encrypted data is viewed directly," I cannot find any way of actually doing this.

I am able to encrypt Stored rocedures and Views so that their definitions are encrypted, but that doesn't help much.

In the past, I have always written an encryption routine that things such as Credit Card numbers were passed through on their way into and out of the database. .NET has an encryption class that makes that approach a lot easier, and more secure.

Sorry for being misleading there. I guess I'm the naked, following blindman around... ;-)|||..that makes me feel a little nervous... :rolleyes:|||yeah, it scares the heck out of me.|||err guys..or gals...there's always the icq or msn for those kind of thing i believe ;)

neway sometimes it's not perfectly true in the sense that most of the software developed might be for customers and usually customers will DEMAND for the rights to access to everything and also to restore it.
That's was the whole reason y I asked the question in the first place =)

Neway am thinking of the payroll system that is currrently under development stage... I'm sure you might be a bit interested to know the pay your superior's getting ...|||Sorry. Just a little crazy from the workload.

I do unserstand what you are trying to accomplish. If you use your front-end application (or middleware) to perform the encryption, that would solve your data visibility problem. If you ultimately find a way for SQL to do it for you, I would love to know about it.

Also, as for blindman's idea to password protect the backups, you could let the end-users control the backup password protection. You can even impliment code in your front end to perform the backup and restores.|||thanks to both of you.

will try that bit on the backup thingy at work tomorrow|||As far as sensitive data is concerned (such as salaries), tell your people that the same confidentiality rules apply to DBAs as to priests.

...except that the celibacy is implied rather than enforced...|||Hey guys I have been looking into this lately myself for a db that needs to be secured. I ran across this plugin, but I haven't actually tested it.

http://www.appsecinc.com/products/dbencrypt/mssql/

When I looked over the info on this product it does exactly what you are looking for. You select the users that should get access to the information, and you can set it to encrypt only a specific column.

Do you guys know of a good way to send data from one remote computer to another? I need to send credit info from an online server to the companies internal server in the most secure way possible. These two servers will have a vpn link and the online db will have an SSL cert attached to it as well. Any thoughts?

Thanks for you help...|||Thanks for the link, 6SC.

blindman|||We implemented this slightly differently:

- Put your payroll system on a separate server
- Install SQLLiteSpeed with Encryption
- Create scheduled jobs to run custom backup
- Create alerts on vital system counters
- Setup email notification
- Create notification job
- Remove Builtin Admins and Domain/Enterprise admins from sysadmin server role
- Ask your accounting boss to change SA password, because even you should not have routine access to this server
- Make sure your accounting boss shares SA password with your CIO.|||thanks rdjabarov


Probably I'll propose to have it in another database but without additional software such as sqllitespeed. Will try to implement the database backup. Probably dts can help in schedulling it since the maintainence plan doesn't have this password feature.|||You can use T-SQL fired by a SQL Server Agent job to perform your backups, and specify passwords. See the following link on MSDN (yes, I've read this one and use it quite a bit!):

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/tsqlref/ts_ba-bz_35ww.asp

Using T-SQL will allow you to be more dynamic in your code. Also, you won't be going out of process (running DTSRUN.exe) which can cause it's own problems with production reliability.