Chapter 15 - Data Security Controls PDF
Document Details
Uploaded by barrejamesteacher
null
Tags
Summary
This chapter discusses various data security controls for SQL server. It describes how to enable encrypted connections and the importance of certificates for server authentication. It also covers components of SSL and steps to enable encrypted connection with SQL server.
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Data Security Enable Encrypted Connections for an Instance of the SQL Server Database Engine...
Certified Cybersecurity Technician Exam 212-82 Data Security Enable Encrypted Connections for an Instance of the SQL Server Database Engine QO Enable TLS encryption to secure the data transmitted “‘ N g. between instances of SQL Server and SQL clients/applications TLS encryption is performed within the protocol layer and is available to all supported SQL Server clients The server computer should contain an installed certificate Portec o bor Pestocon boa ML MR U UPAR IR Prrgamas Progetes The certificate must be issued for server authentication. The oR CoMCN Adeancnd CoUN Asvarced name of the certificate must be the fully qualified domain ot vy [ I“"""’ name (FQDN) of the computer ‘ —— ———— The client machine must be set up to trust the certificate's root authority Using a self-signed certificate for encryption offers only limited protection The version of Microsoft Windows operating system running on the application and database computers decides the level of encryption used by TLS: 40-bit or 128-bit Enable Encrypted Connections for an Instance of the SQL Server Database Engine = Enable TLS encryption to secure the data transmitted between instances of SQL server and SQL clients/applications. = TLS encryption is performed within the protocol layer and is available to all supported SQL server clients. =* The server computer should contain an installed certificate. = The certificate must be issued for server authentication. The name of the certificate must be the fully qualified domain name (FQDN) of the computer. = The client machine must be set up to trust the certificate's root authority. = Using a self-signed certificate for encryption offers only limited protection. = The version of Microsoft Windows operating system running on the application and database computers decides the level of encryption used by TLS: 40-bit or 128-bit. To Enable Encrypted Connections in SQL Server = |nstall the certificate on the SQL server. = Open SQL Server Configuration Manager. = Navigate to SQL Server Network Configuration and Select the required Protocols for SQL server instance. Module 15 Page 1818 Certified Cybersecurity Technician Copyright © by EG-Bouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security [ @ @ File Action View Help o206 o 2Dc=H 48£3 sQL QU Server Server Configuration Manager (Local) Configuration Manager (Local) ||| pyotocols Protocols for for MSSQLSERVER MSSQLSERVER Properties Properties ?? XX ]£l sQL SQL Server Services >» 4 SQL Server Network Configuration fl_ SQL Configuration (32bit (32bit|| Flags Flags Certificate Certificate Advanced Advanced > 32 SQL QL Native Client 11.0 Configuration Configurat (321 (320 | B= M Py M oo o : B General v 4 sQL Server Network Conliquu&lon S Yes - = Protocols i szs for MSSQISERVER L) | Hide Instance No &~ Protocols for YARILO &~ Protocols for MOKOSH H- @- Protocols for SVAROG & > 5% SQL Native Client 11.0 Configuration Force Encryption Turn on or off encryption for selected server instance [o] =one [ [ e Figure 15.64: SQL Server Configuration Manager = Right-click on the Protocols and select the Properties. = (Click on the Certificate tab and select the certificate from the drop-down menu. Protocols for MSSQLSERVER Properties ? X Flags Certificate Advanced Certcate: Certificate: [vew..] cex [vew. ]| Gear |] |Adriristnmr |A¢m'sh'ator vI v I Expiration Date 04/23/2018 Friendly Name Administrator Issued By SLAV Issued To SLAV Expiration Date oK OK Cancel Apply Help Figure 15.65: Selecting the Required certificate for SQL server instance Module 15 Page 1819 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security = C(Click Flags tab and enable Force Encryption. = Click Apply. Protocols for MSSQLSERVER Properties Flags Certificate Advanced B General Force Encryption Yes Hide Instance No Force Encryption Turn on or off encryption for selected server instance || ey || aey Hep Figure 15.66: Turning on Force Encryption * Navigate to SQL Server Services, and choose the running instance which was configured. Then, right-click and select Restart to apply the changes. Module 15 Page 1820 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security Enable SSL/TLS Encryption in Oracle Server O Oracle Advanced Security option implements encryption, and provides public key authentication based on the SSL standard for: I| Configuration Method: [Filo Co‘;\ngumlonrmm'nd: [Fito System ystem | i-:- S— -- [L > Anyclient/ server to one or many Oracle servers ] wallet udethae Diroctory: JursCetverueracianamineseocove] :‘,‘"A"'"""'_"j‘::;l_ o (RN L Configure 881 for. © Client ® Server ~~| [ L= >) AnoOracle An Oracle server to any client 1 e Sulte Configuration :,,,,,,, e Authentication Authantication Encryption Encryption Data Integrity |l AA J Data Integrity RSA IDES_EDE_.. SHA.> Components of SSL in an Oracle Environment |¥ | Add Add | Romove » Certificate: Ensures that the entity's identity is correct > Certificate Authority (CA): A trusted third party which issues digital Require 88LVarsion: [any
