Is encryption of SQL Server necessary or even recommended
From: Bob Clark (anonymous_at_discussions.microsoft.com)
Date: 10/30/03
- Previous message: supernova: "Re: more service pack question"
- Next in thread: Adam Machanic: "Re: Is encryption of SQL Server necessary or even recommended"
- Reply: Adam Machanic: "Re: Is encryption of SQL Server necessary or even recommended"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 29 Oct 2003 19:40:36 -0800
I saw a couple threads on here covering how to encrypt
traffic between the client and the server. My question is
a little different:
We were recently gigged on a Vulnerability Assessment
because none of our network traffic is encrypted. I'm
looking at knocking out the low hanging fruit quickly so I
though at encrypting SQL Server traffic. I know it can be
done, I'd just like to know if it is necessary.
Most of our DBs contain sensitive data which could cost us
a lot of money if it were compromised. However, one of
our application vendors told us we didn't need to encrypt
the SQL Server communication because we were using it in
an Intranet environment.
My first thought is that an Intranet environment can
quickly become compromised with the inadvertant
installation of a trojan on the network.
What does everyone else think?
- Previous message: supernova: "Re: more service pack question"
- Next in thread: Adam Machanic: "Re: Is encryption of SQL Server necessary or even recommended"
- Reply: Adam Machanic: "Re: Is encryption of SQL Server necessary or even recommended"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
