Re: 2005 Express how to encrypt db
- From: "Brian" <s@y>
- Date: Wed, 23 Dec 2009 20:14:54 -0400
Thanks for the reply.
I need to start looking for another dbms to use for small clients.
Brian
"Rick Byham, MSFT" <rickbyh@xxxxxxxxxxxxx> wrote in message
news:%23h5Cgo%23gKHA.5644@xxxxxxxxxxxxxxxxxxxxxxx
Essentially no. You must secure the backup files.
From Books Online topic:
Security Considerations for Backup and Restore (SQL Server)
To help protect your backup disk files, we recommend that you back up only
to disk files that are protected by restrictive access control lists
(ACLs). The ACLs should be set on the directory root under which the
backups are created. In some cases, you might want to further protect
disk-based backups by using NTFS encrypting file system (EFS).
Additionally, we recommend that you use Windows backup to back up your SQL
Server disk backups onto tapes that you then store in a secure, off-site
location. For more information, see the Windows documentation.
Also, you mention that "At installation builtin\administrators are locked
out". Removing the administrators can be useful but isn't an iron clad
security measure. See: Troubleshooting: Connecting to SQL Server When
System Administrators Are Locked Out
http://msdn.microsoft.com/en-us/library/dd207004.aspx
And another risk, is stopping the Database Engine and then attaching the
data (mdf) file to another instance of SQL Server.
Encrypting sensitive data (such as encrypting credit card numbers before
they are stored) can help mitigate these risks. And if you upgrade to SQL
Server 2008, consider Transparent Data Encryption.
http://msdn.microsoft.com/en-us/library/bb934049.aspx
--
Rick Byham, MSFT
(Implies no warranty or rights)
<softcom> wrote in message news:OK2%23Rs2gKHA.4872@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
I have a small app that is sometimes deployed in small offices that just
use workgroup networking ie no domain. The SQL Server Express runs on a
'main pc' - XP or Vista, so there is not a lot of external security. The
backups are done to a folder and then backed up to tape or cd. At
installation builtin\administrators are locked out and a special windows
user is created for backup and restore other than that only SQL logins
are allowed.
Is there a way to prevent someone from taking a backup file and restoring
it to another server to get at the data? It just is too easy to do.
At least with an Access mdb you are able to secure it with an mdw with
permissions and passwords so it did take quite a bit of effort for
someone to get at the data if they get a copy of the files.
Thanks
Brian
.
- References:
- 2005 Express how to encrypt db
- From: softcom
- Re: 2005 Express how to encrypt db
- From: Rick Byham, MSFT
- 2005 Express how to encrypt db
- Prev by Date: Re: 2005 Express how to encrypt db
- Next by Date: Re: hello how to change a password in easy cafe server?
- Previous by thread: Re: 2005 Express how to encrypt db
- Next by thread: Sysadmin Error
- Index(es):
Relevant Pages
|
