Anyone have any cautions using Encrypted File System (EFS) to encrypt DB
files as a security practice? Thanks to eveyone for being there to help."coenzyme" <coenzyme@.discussions.microsoft.com> wrote in message
news:4BE42E6E-CE78-4A2B-B270-F5AEA3292D49@.microsoft.com...
> Anyone have any cautions using Encrypted File System (EFS) to encrypt DB
> files as a security practice? Thanks to eveyone for being there to help.
Don't do it!!! It cripples performance.
The biggest slow down in the database is File I/O. By encrypting the data
files, you are in essence significantly increasing the File I/O.
Follow some networking best practices to secure your server and it's data
files. Use encryption over the network (if you must).
Any of these are far better than encrypting the data files.
Rick Sawtell
MCT, MCSD, MCDBA|||Thanks for the response Rick.
"Rick Sawtell" wrote:
> "coenzyme" <coenzyme@.discussions.microsoft.com> wrote in message
> news:4BE42E6E-CE78-4A2B-B270-F5AEA3292D49@.microsoft.com...
>
> Don't do it!!! It cripples performance.
> The biggest slow down in the database is File I/O. By encrypting the dat
a
> files, you are in essence significantly increasing the File I/O.
>
> Follow some networking best practices to secure your server and it's data
> files. Use encryption over the network (if you must).
> Any of these are far better than encrypting the data files.
> Rick Sawtell
> MCT, MCSD, MCDBA
>
>|||Hi
And once you change the password of the service account, in the AD user
manager, your certificate gets cancelled and your data is no longer
accessible.
If a hacker is on your server, EFS does not help much anymore as he owns
your network already.
Regards
--
Mike Epprecht, Microsoft SQL Server MVP
Zurich, Switzerland
IM: mike@.epprecht.net
MVP Program: http://www.microsoft.com/mvp
Blog: http://www.msmvps.com/epprecht/
"Rick Sawtell" <r_sawtell@.hotmail.com> wrote in message
news:%23eKmvwkhFHA.572@.TK2MSFTNGP15.phx.gbl...
> "coenzyme" <coenzyme@.discussions.microsoft.com> wrote in message
> news:4BE42E6E-CE78-4A2B-B270-F5AEA3292D49@.microsoft.com...
>
> Don't do it!!! It cripples performance.
> The biggest slow down in the database is File I/O. By encrypting the
> data
> files, you are in essence significantly increasing the File I/O.
>
> Follow some networking best practices to secure your server and it's data
> files. Use encryption over the network (if you must).
> Any of these are far better than encrypting the data files.
> Rick Sawtell
> MCT, MCSD, MCDBA
>
>|||What do you think about column level encryption? I'm considering using
column-level encryption on a few columns of particularly sensitive data in a
database.
"Rick Sawtell" <r_sawtell@.hotmail.com> wrote in message
news:%23eKmvwkhFHA.572@.TK2MSFTNGP15.phx.gbl...
> "coenzyme" <coenzyme@.discussions.microsoft.com> wrote in message
> news:4BE42E6E-CE78-4A2B-B270-F5AEA3292D49@.microsoft.com...
>
> Don't do it!!! It cripples performance.
> The biggest slow down in the database is File I/O. By encrypting the
> data
> files, you are in essence significantly increasing the File I/O.
>
> Follow some networking best practices to secure your server and it's data
> files. Use encryption over the network (if you must).
> Any of these are far better than encrypting the data files.
> Rick Sawtell
> MCT, MCSD, MCDBA
>
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment