Download eBook (PDF) - Red Gate Software

More documents

Recommendations

Info

7 – One-Way EncryptionEXECUTE AS USER = 'KELLEYWB';GOExec dbo.Search_Borrower_Identification '0143';GOREVERT;GO-- execute as a user who is a member of Sensitive_low roleEXECUTE AS USER = 'JONESBF';GOExec dbo.Search_Borrower_Identification '0143';GOREVERT;GOListing 7-15: Verifying permissions.The result of this verification will reflect that rows were returned for thequeries for the Sensitive_high and Sensitive_medium members; butsince permissions did not exist for the Sensitive_low members the actualrows will not be returned. Instead the following will appear:(1 row(s) affected)(1 row(s) affected)Msg 229, Level 14, State 5, Line 1The EXECUTE permission was denied on the object'Search_Borrower_Identification', database'HomeLending', schema 'dbo'.To view the actual rows returned, execute each batch in this script individually.SummaryThrough this demonstration we have successfully implemented one-wayencryption for the Borrower_Identification table of ourHomeLending database. This addresses only the plain text in a single columnof a single table. Within the database there are many more columns that may begood candidates for one-way encryption.Through our exploration of the various attacks that can be waged against datathat is protected with one-way encryption, and our better understanding of thepotential for hash collisions, we have a better understanding of when the optionto apply one-way encryption is valid and when it is not.169
7 – One-Way EncryptionThe addition of a salt through the use of the GetHashSalt user definedfunction provided additional strength to our hash values and mitigated itsvulnerabilities to attack; widening the opportunity to use this valuable featureto protect our sensitive data while maintaining functionality that is lost withother encryption methods.Now that we have a cell-level encryption, transparent data encryption and onewayencryption available to us in our sensitive data protection efforts, let'sproceed in considering other obfuscation methods that do not requireencryption.170
Page 1:
High Performance SQL ServerProtecti
Page 4 and 5:
Table of ContentsAbout the Author .
Page 6 and 7:
Protection via Normalization ......
Page 8 and 9:
Views and Stored Procedures .......
Page 10 and 11:
Numeric Variance ..................
Page 12 and 13:
Key_ID ............................
Page 14 and 15:
ACKNOWLEDGEMENTSBooks are not writt
Page 16 and 17:
IntroductionIn all cases, the conse
Page 18 and 19:
Introduction"lost key" displaced by
Page 20 and 21:
CHAPTER 1: UNDERSTANDINGSENSITIVE D
Page 22 and 23:
1 - Understanding Sensitive DataSen
Page 24 and 25:
1 - Understanding Sensitive Datatyp
Page 26 and 27:
1 - Understanding Sensitive DataFor
Page 28 and 29:
1 - Understanding Sensitive DataAcc
Page 30 and 31:
1 - Understanding Sensitive DataThi
Page 32 and 33:
1 - Understanding Sensitive Datarep
Page 34 and 35:
1 - Understanding Sensitive DataThe
Page 36 and 37:
1 - Understanding Sensitive Datathe
Page 38 and 39:
CHAPTER 2: DATACLASSIFICATION AND R
Page 40 and 41:
2 - Data Classification and Rolespr
Page 42 and 43:
2 - Data Classification and RolesDe
Page 44 and 45:
2 - Data Classification and RolesCr
Page 46 and 47:
2 - Data Classification and RolesLi
Page 48 and 49:
2 - Data Classification and Roles--
Page 50 and 51:
2 - Data Classification and RolesAl
Page 52 and 53:
2 - Data Classification and Rolesdo
Page 54 and 55:
2 - Data Classification and RolesTo
Page 56 and 57:
2 - Data Classification and Rolesaf
Page 58 and 59:
2 - Data Classification and RolesTh
Page 60 and 61:
2 - Data Classification and RolesSe
Page 62 and 63:
2 - Data Classification and RolesWi
Page 64 and 65:
3 - Schema Architecture StrategiesF
Page 66 and 67:
3 - Schema Architecture Strategiesp
Page 68 and 69:
3 - Schema Architecture StrategiesN
Page 70 and 71:
3 - Schema Architecture StrategiesA
Page 72 and 73:
3 - Schema Architecture StrategiesD
Page 74 and 75:
3 - Schema Architecture StrategiesU
Page 76 and 77:
3 - Schema Architecture Strategiesb
Page 78 and 79:
3 - Schema Architecture StrategiesU
Page 80 and 81:
3 - Schema Architecture StrategiesF
Page 82 and 83:
3 - Schema Architecture Strategies
Page 84 and 85:
3 - Schema Architecture StrategiesS
Page 86 and 87:
4 - Encryption Basics for SQL Serve
Page 88 and 89:
Page 90 and 91:
Page 92 and 93:
Page 94 and 95:
Page 96 and 97:
Page 98 and 99:
Page 100 and 101:
Page 102 and 103:
5 - Cell-Level Encryptionthe encryp
Page 104 and 105:
5 - Cell-Level EncryptionSearching
Page 106 and 107:
5 - Cell-Level EncryptionPreparing
Page 108 and 109:
5 - Cell-Level EncryptionUSE HomeLe
Page 110 and 111:
5 - Cell-Level Encryptionself-signe
Page 112 and 113:
5 - Cell-Level Encryptionwithin SQL
Page 114 and 115:
5 - Cell-Level EncryptionTesting th
Page 116 and 117:
5 - Cell-Level Encryptioncolumn. Cu
Page 118 and 119:
5 - Cell-Level EncryptionFROMdbo.Bo
Page 120 and 121: 5 - Cell-Level Encryptioncolumn con
Page 122 and 123: 5 - Cell-Level Encryptionthat is a
Page 124 and 125: 5 - Cell-Level EncryptionBEGIN TRY-
Page 126 and 127: 5 - Cell-Level Encryption);)@Identi
Page 128 and 129: 5 - Cell-Level Encryption• The sc
Page 130 and 131: 6 - Transparent Data EncryptionHow
Page 132 and 133: 6 - Transparent Data EncryptionCons
Page 134 and 135: 6 - Transparent Data Encryptionand
Page 136 and 137: 6 - Transparent Data EncryptionNoti
Page 138 and 139: 6 - Transparent Data EncryptionUSE
Page 140 and 141: 6 - Transparent Data EncryptionThe
Page 142 and 143: 6 - Transparent Data EncryptionGONO
Page 144 and 145: 6 - Transparent Data Encryptionand
Page 146 and 147: 6 - Transparent Data EncryptionUSE
Page 148 and 149: CHAPTER 7: ONE-WAYENCRYPTIONAs a ch
Page 150 and 151: 7 - One-Way EncryptionBenefits and
Page 152 and 153: 7 - One-Way Encryption• A match i
Page 154 and 155: 7 - One-Way EncryptionPlain TextEnd
Page 156 and 157: 7 - One-Way EncryptionReducing Vuln
Page 158 and 159: 7 - One-Way EncryptionUse HomeLendi
Page 160 and 161: 7 - One-Way EncryptionEXEC sp_addex
Page 162 and 163: 7 - One-Way EncryptionLater in this
Page 164 and 165: 7 - One-Way EncryptionUSE HomeLendi
Page 166 and 167: 7 - One-Way EncryptionWHEREBorrower
Page 168 and 169: 7 - One-Way Encryption-- Return Sea
Page 172 and 173: CHAPTER 8: OBFUSCATIONHalloween is
Page 174 and 175: 8 - Obfuscation• Artificial Data
Page 176 and 177: 8 - ObfuscationHowever, not all val
Page 178 and 179: 8 - ObfuscationRepeating Character
Page 180 and 181: 8 - ObfuscationASSELECTdbo.Characte
Page 182 and 183: 8 - ObfuscationGO181
Page 184 and 185: 8 - ObfuscationSET Identification_V
Page 186 and 187: 8 - ObfuscationThe Purpose_Type_ID
Page 188 and 189: 8 - ObfuscationArtificial Data Gene
Page 190 and 191: 9 - Honeycombing a DatabaseUse Home
Page 192 and 193: 9 - Honeycombing a DatabaseUSE Mast
Page 194 and 195: 9 - Honeycombing a DatabaseLog Item
Page 196 and 197: 9 - Honeycombing a Databaseto 127.
Page 198 and 199: 9 - Honeycombing a Databaseavailabl
Page 200 and 201: 9 - Honeycombing a DatabaseAvoid SQ
Page 202 and 203: 10 - Layering SolutionsDesign for P
Page 204 and 205: 10 - Layering SolutionsObfuscationU
Page 206 and 207: 10 - Layering SolutionsThe completi
Page 208 and 209: APPENDIX A: VIEWS ANDFUNCTIONS REFE
Page 210 and 211: Appendix A - Views and Functions Re
Page 220 and 221:
Appendix A - Views and Functions Re
Page 222 and 223:
Page 224 and 225:
Page 226 and 227:
Page 228 and 229:
APPENDIX B: THE HOMELENDINGDATABASE
Page 230 and 231:
Appendix B - The HomeLending databa
Page 232:
About Red GateYou know those annoyi
show all

Download eBook (PDF) - Red Gate Software

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?