You are previewing Protecting SQL Server Data.
O'Reilly logo
Protecting SQL Server Data

Book Description

This book holds the key to "encryption without fear". In it, John Magnabosco sweeps away some of the misconceptions surrounding SQL Server's encryption technologies, and demonstrates that, when properly planned and implemented, they are an essential tool in the DBA's fight to safeguard sensitive data.

Table of Contents

  1. Copyright
  2. ABOUT THE AUTHOR
  3. ACKNOWLEDGMENTS
  4. INTRODUCTION
  5. UNDERSTANDING SENSITIVE DATA
    1. What Makes Data Sensitive?
    2. Types of Sensitive Data
    3. Group Dynamics of Sensitive Data
    4. Data at Rest and Data in Transit
    5. Shields and Swords
    6. Summary
  6. DATA CLASSIFICATION AND ROLES
    1. Introducing the HomeLending Database
    2. Defining Classes of Sensitivity
    3. Data Classification Based on Data Sensitivity
    4. Defining Roles According to Classification
    5. Evaluating Data for Classification
    6. Using Extended Properties to Document Classification
    7. Refining the Sensitivity Classes
    8. Defining Policies According to Classification
    9. Summary
  7. SCHEMA ARCHITECTURE STRATEGIES
    1. Overview of HomeLending Schema Architecture
    2. Protection via Normalization
    3. Using Database Object Schemas
    4. Using Views
    5. Harnessing Linked Servers
    6. Summary
  8. ENCRYPTION BASICS FOR SQL SERVER
    1. Cryptographic Keys
    2. Key Maintenance
    3. Key Algorithms
    4. Built-In Cryptographic Functions
    5. Encryption Catalog Views
    6. Summary
  9. CELL-LEVEL ENCRYPTION
    1. Granularity of Cell-level Encryption
    2. Benefits and Disadvantages of Cell-Level Encryption
    3. Special Considerations
    4. Preparing for Cell-Level Encryption
    5. Implementing Cell-Level Encryption
    6. Views and Stored Procedures
    7. Summary
  10. TRANSPARENT DATA ENCRYPTION
    1. How TDE Works
    2. Benefits and Disadvantages of TDE
    3. Considerations when Implementing TDE
    4. Implementing TDE
    5. Verifying TDE
    6. Reversing the Implementation of TDE
    7. Summary
  11. ONE-WAY ENCRYPTION
    1. How One-Way Encryption Works
    2. Benefits and Disadvantages of One-Way Encryption
    3. Known Vulnerabilities
    4. Reducing Vulnerability: Salting a Hash
    5. Implementing One-Way Encryption
    6. Creating the Interface
    7. Summary
  12. OBFUSCATION
    1. Development Environment Considerations
    2. Obfuscation Methods
    3. Artificial Data Generation
    4. Summary
  13. HONEYCOMBING A DATABASE
    1. Implementing a Honeycomb Table
    2. Creating a Server Audit
    3. Creating a Database Audit Specification
    4. Reviewing the Windows Application Log
    5. Creating an Operator for Notification
    6. Creating an Alert for Notification
    7. Creating a Notification
    8. Summary
  14. LAYERING SOLUTIONS
    1. View from the Top Floor
    2. Design for Protection
    3. Applied Permissions and Database Objects
    4. Cell-Level and One-Way Encryption
    5. Obfuscation
    6. Eyes in the Back of the Head
    7. Good Habits
    8. Educate, Educate, Educate
    9. Conclusion
  15. VIEWS AND FUNCTIONS REFERENCE
    1. Encryption Catalog Views Reference
    2. Built-In Cryptographic Functions Reference
    3. String Manipulation Function Reference
  16. THE HOMELENDING DATABASE
    1. Database Creation Scripts
    2. Database Roles, Users and Schema Scripts
    3. Encryption Scripts
    4. Obfuscation and Honeycombing Scripts
    5. Creating the HomeLending Database
    6. Creating the HomeLending Database Tables
    7. Executing Subsequent Scripts
  17. Index