Pro encryption in SQL Server 2022 : provide the highest level of protection for your data / / Matthew McGiffen
(Visualizza in formato marc)
(Visualizza in BIBFRAME)
| Autore: |
McGiffen Matthew
|
| Titolo: |
Pro encryption in SQL Server 2022 : provide the highest level of protection for your data / / Matthew McGiffen
|
| Pubblicazione: | New York, New York : , : Apress L. P., , [2022] |
| ©2022 | |
| Edizione: | [First edition]. |
| Descrizione fisica: | 1 online resource (353 pages) |
| Disciplina: | 943.005 |
| Soggetto topico: | Database management |
| Data encryption (Computer science) | |
| Note generali: | Includes index. |
| Nota di contenuto: | Intro -- Table of Contents -- About the Author -- About the Technical Reviewer -- Acknowledgments -- Introduction -- Part I: Understanding the Landscape -- Chapter 1: Purpose of Encryption and Available Tools -- What Is the Purpose of Encryption? -- Encryption and Data Protection Regulation -- Overview of the Tools Available in SQL Server -- TDE -- Backup Encryption -- Always Encrypted -- TLS -- Hashing and Salting -- Encryption Functions -- EKM -- Recommended Approach to Encryption -- Encryption in the Cloud -- Summary -- Part II: At-Rest Encryption -- Chapter 2: Introducing Transparent Data Encryption -- What Is TDE? -- Understanding Keys and Certificates -- Database Encryption Key (DEK) -- Certificate and Associated Asymmetric Key Pair -- Database Master Key (DMK) -- Service Master Key (SMK) -- Understanding the Need for the Hierarchy -- How Secure Is TDE? -- What Are We Protected From? -- How Easy Is It to Break Down the Encryption? -- Summary -- Chapter 3: Setting Up TDE -- Creating the Keys and Certificate -- Creating the Database Master Key (DMK) -- Creating the Certificate -- Creating the Database Encryption Key (DEK) -- Encrypting the Database -- Securing the Root Keys -- Encrypting Existing Data with TDE -- Benchmarking TDE Performance on Your Server -- Monitoring for Problems -- What If You Run into Any Performance Problems During the Scan? -- What If the Encryption Scan Fails? -- Taking Backups While Encryption Is in Progress -- Summary -- Chapter 4: Managing TDE -- Migrating or Recovering a TDE-Protected Database -- Create a Database Master Key (DMK) If One Doesn't Exist -- Restore the Certificate and Private Key -- Restore the Database -- Recovering a TDE Database Without the Certificate -- Setting Up a New SQL Instance Using the Same Service Account as the Old Instance. |
| Restore Your Backup of Master from the Old Instance onto the New Instance -- Reboot Your New Server: The Whole Server, Not Just SQL -- Backup Your Certificate and Private Key - and Don't Lose Them This Time -- Key Rotation -- Creating a New Certificate -- Rotating the Certificate -- Impact of TDE on Performance -- Where Do We See an Overhead? -- How to Estimate the Performance Impact for Your Server? -- TDE and Backups -- Backup Performance -- Backup Compression -- Backup Compression Issues -- TDE and High Availability -- Summary -- Chapter 5: Backup Encryption -- Setting Up Backup Encryption -- Creating a Test Database -- Create the Database Master Key (DMK) -- Creating the Certificate -- Permissions -- Working with Encrypted Backups -- Taking an Encrypted Backup -- Restoring an Encrypted Backup -- Backup Encryption Performance -- Backup Encryption and Compression -- Summary -- Part III: Column Encryption using Always Encrypted -- Chapter 6: Introducing Always Encrypted -- SQL Server 2016 vs. SQL Server 2019 and Beyond -- How Does Always Encrypted Work? -- Encryption Hierarchy -- Encryption in Practice -- Summary -- Chapter 7: Setting Up Always Encrypted -- Create Keys and Certificates -- Creating the Certificate and Column Master Key -- Creating the Column Encryption Key (CEK) -- Create an Encrypted Column -- Summary -- Chapter 8: Executing Queries Using Always Encrypted -- Performing a Basic Insert and Select -- Connecting to the Database -- Inserting Data -- Reading Data -- Looking at What Happens in the Background -- What Happens with an Insert Query -- What Happens with a Select Query -- Issuing a Query with a Predicate Against an Encrypted Column -- Indexes and Statistics on Encrypted Columns -- Working with Stored Procedures -- Querying Always Encrypted Data from Your Application -- Working with Direct Queries. | |
| Working with Stored Procedures -- Summary -- Chapter 9: Encrypting Existing Data with Always Encrypted -- Encrypting Data Using the Always Encrypted Wizard -- Encrypting Data Using PowerShell -- Encrypting Data Using the Import and Export Wizard -- Summary -- Chapter 10: Limitations with Always Encrypted -- SQL Server Only Ever Sees Encrypted Data -- Strong Encryption Isn't Predictable -- Deterministic vs. Randomized -- Data Types -- Miscellaneous -- Summary -- Chapter 11: Key Rotation with Always Encrypted -- CMK Rotation -- Rotating the CMK Using the SSMS GUI -- Rotating the CMK Using T-SQL -- Rotating the CMK Using PowerShell -- Rotating the CMK Using PowerShell with Role Separation -- Part 1: DBA -- Part 2: Security Administrator -- Part 3: DBA -- Rotating the CEK -- Summary -- Chapter 12: Considerations When Implementing Always Encrypted -- Choosing What Data to Encrypt -- Source Control and Release Management -- ETL -- Performance -- Client Drivers -- Summary -- Part IV: Column Encryption using Always Encrypted with Enclaves -- Chapter 13: Introducing Always Encrypted with Enclaves -- Attestation -- Executing Queries That Use the Enclave -- The Attestation Process -- The Query Execution Process -- Summary -- Chapter 14: Setting Up Always Encrypted with Enclaves -- Setting Up Your VMs -- Setting Up Networking -- Install and Configure Host Guardian Service (HGS) -- Install SQL Server and Configure as a Guarded Host -- Summary -- Chapter 15: In-Place Encryption with Always Encrypted Enclaves -- Setting Up Our Test Database and Keys -- In-Place Encryption and Decryption of Data -- Performance of In-Place Encryption -- CEK Rotation -- Summary -- Chapter 16: Rich Querying with Always Encrypted Enclaves -- Setting Up Your Database and Data -- Rich Querying -- Indexes on Columns with Randomized Encryption -- Reading from an Index. | |
| Updating an Index When Data Is Modified -- Index Rebuilds -- Database Recovery After Failure or Shutdown -- Joins -- Summary -- Chapter 17: Setting Up TPM Attestation -- Prerequisites for Your SQL Server to Support TPM Attestation -- Artifacts That Are Required by Attestation -- TPM Endorsement Key Certificate -- TPM Baseline -- Code Integrity Policy -- Installing and Configuring HGS -- Configuring the SQL Server -- Install the Attestation Client Components -- Making Sure VBS Is Configured Correctly -- Configure the Attestation URL -- Configuring a Code Integrity Policy -- Collect and Register Attestation Artifacts -- Check SQL Server Can Attest Successfully -- Configure the Enclave Type in SQL Server -- Summary -- Part V: Completing the Picture -- Chapter 18: Encryption In Transit Using Transport Layer Security -- How TLS Works -- Obtaining a Certificate to Use for TLS -- Setting Up TLS on Your SQL Server -- Performance -- Summary -- Chapter 19: Hashing and Salting of Passwords -- Hashing -- Salting -- Using the HASHBYTES Function -- Storing Passwords Using HASHBYTES and a Salt Value -- Summary -- Chapter 20: Extensible Key Management (EKM) -- Creating the Required Objects in Azure -- Creating the Resource Group -- Creating the Azure Active Directory App Registration -- Creating the Key Vault -- Setting Up TDE to Use Azure Key Vault -- Creating the Key for TDE -- Setting Up the SQL Server -- Working with Always Encrypted and EKM -- Creating a CMK in Azure Key Vault -- Encrypting Columns and Working with Data -- Working with Azure Key Vault from Your Application -- Summary -- Chapter 21: Other Methods of Column Encryption -- Encryption Using a Symmetric Key -- Your Key Hierarchy -- Working with Automated Key Management -- Creating the Keys -- Encrypting and Decrypting Data -- Using an Authenticator -- Where the DMK Is Not Protected by the SMK. | |
| Where the Symmetric Key Is Just Protected by a Password -- Working with and Indexing Encrypted Columns -- Migrating or Restoring a Database with Column Encryption -- Temporary Keys -- Encryption by Passphrase -- Protection of Key Passwords Being Sent to SQL Server -- Summary -- Appendix A: Glossary of Terms -- A -- Advanced Encryption Standard -- AES -- Always Encrypted -- Always Encrypted Wizard -- Asymmetric Encryption -- Asymmetric Key -- At-Rest Data -- Attestation -- Authenticator -- Automated Key Management -- Azure Key Vault -- B -- Backup Encryption -- C -- CA -- CEK -- Certificate -- Certification Authority -- Certificate Store -- CMK -- Code Integrity Policy -- Column Encryption Key -- Column Master Key -- D -- Data Encryption Standard -- Database Encryption Key -- Database Master Key -- DEK -- DES -- Deterministic Encryption -- Diffie Hellman -- DMA Protection -- DMK -- DPAPI -- E -- EKM -- Enclave -- Encryption Scan -- Extensible Key Management -- H -- Hardware Security Module -- Hash -- HGS -- Host Guardian Service -- Host Health Certificate -- Host Key -- HSM -- I -- In-Transit Encryption -- K -- Key Rotation -- P -- Parameterization for Always Encrypted -- Private Key -- Public Key -- R -- Randomized Encryption -- S -- Salt -- Secure Boot -- Secure Hashing Algorithm -- Service Master Key -- SHA -- SMK -- Symmetric Encryption -- Symmetric Key -- T -- TDE -- TDS -- Temporary Key -- Thumbprint -- TLS -- TPM -- TPM Baseline -- TPM Endorsement Key -- Transport Layer Security -- Transparent Data Encryption -- Trusted Platform Module -- V -- VBS -- Virtualization Based Security -- W -- Windows Data Protection API -- Appendix B: Encryption in the Cloud -- Azure VM -- Azure SQL Database or Managed Instance -- TDE -- Backup Encryption -- Always Encrypted with Secure Enclaves -- TLS -- AWS VM (EC2) -- EKM -- Always Encrypted with Secure Enclaves. | |
| AWS RDS. | |
| Sommario/riassunto: | This in-depth look at the encryption tools available in SQL Server shows you how to protect data by encrypting it at rest with Transparent Data Encryption (TDE) and in transit with Transport Level Security (TLS). You will know how to add the highest levels of protection for sensitive data using Always Encrypted to encrypt data also in memory and be protected even from users with the highest levels of access to the database. The book demonstrates actions you can take today to start protecting your data without changing any code in your applications, and the steps you can subsequently take to modify your applications to support implementing a gold standard in data protection. The book highlights work that Microsoft has been doing since 2016 to make encryption more accessible, by making TDE available in the standard edition, and the introduction of Always Encrypted that requires minimal work on your part to implement powerful and effective encryption, protecting your data and meeting regulatory requirements. The book teaches you how to work with the encryption technologies in SQL Server with the express goal of helping you understand those technologies on an intuitive level. You'll come away with a deep level of understanding that allows you to answer questions and speak as an expert. The book's aim is to make you as comfortable in deploying encryption in SQL Server as you would be in driving your car to buy groceries. Those with a data security mindset will appreciate the discussion of how each feature protects you and what it protects you from, as well as how to implement things in the most secure manner. Database administrators will appreciate the high level of detail around managing encryption over time and the effect of encryption on database performance. All readers will appreciate the advice on how to avoid common pitfalls, ensuring that your projects to implement encryption run smoothly. What You Will Learn Architect an effective encryption strategy for new applications Retrofit encryption into your existing applications Encrypt data at rest, in memory, and in transit Manage key and certificate life cycles, including backup and restore Recover encrypted databases in case of server failure Work with encryption in cloud-based scenarios Who This Book Is For Database developers, architects, and administrators who want to work with encryption in SQL Server; those who want to maintain encryption whether data is at rest or being transmitted over the network; and those who wish to encrypt their data even when in the server's own memory. Readers should be familiar with SQL Server, but no existing knowledge of encryption is assumed. |
| Titolo autorizzato: | Pro Encryption in SQL Server 2022 |
| ISBN: | 1-4842-8664-2 |
| Formato: | Materiale a stampa  |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione: | Inglese |
| Record Nr.: | 9910631086203321 |
| Lo trovi qui: | Univ. Federico II |
| Opac: | Controlla la disponibilità qui |