|
Home > Archive > MS SQL Server > July 2005 > Encrypted File System
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Encrypted File System
|
|
| coenzyme 2005-07-11, 8:23 pm |
| Anyone have any cautions using Encrypted File System (EFS) to encrypt DB
files as a security practice? Thanks to eveyone for being there to help.
| |
| Rick Sawtell 2005-07-11, 8:23 pm |
|
"coenzyme" < coenzyme@discussions
.microsoft.com> wrote in message
news:4BE42E6E-CE78-4A2B-B270- F5AEA3292D49@microso
ft.com...
> Anyone have any cautions using Encrypted File System (EFS) to encrypt DB
> files as a security practice? Thanks to eveyone for being there to help.
Don't do it!!! It cripples performance.
The biggest slow down in the database is File I/O. By encrypting the data
files, you are in essence significantly increasing the File I/O.
Follow some networking best practices to secure your server and it's data
files. Use encryption over the network (if you must).
Any of these are far better than encrypting the data files.
Rick Sawtell
MCT, MCSD, MCDBA
| |
| coenzyme 2005-07-11, 8:23 pm |
| Thanks for the response Rick.
"Rick Sawtell" wrote:
>
> "coenzyme" < coenzyme@discussions
.microsoft.com> wrote in message
> news:4BE42E6E-CE78-4A2B-B270- F5AEA3292D49@microso
ft.com...
>
>
> Don't do it!!! It cripples performance.
>
> The biggest slow down in the database is File I/O. By encrypting the data
> files, you are in essence significantly increasing the File I/O.
>
>
> Follow some networking best practices to secure your server and it's data
> files. Use encryption over the network (if you must).
>
> Any of these are far better than encrypting the data files.
>
> Rick Sawtell
> MCT, MCSD, MCDBA
>
>
>
>
| |
| Mike Epprecht \(SQL MVP\) 2005-07-11, 8:23 pm |
| Hi
And once you change the password of the service account, in the AD user
manager, your certificate gets cancelled and your data is no longer
accessible.
If a hacker is on your server, EFS does not help much anymore as he owns
your network already.
Regards
--------------------------------
Mike Epprecht, Microsoft SQL Server MVP
Zurich, Switzerland
IM: mike@epprecht.net
MVP Program: http://www.microsoft.com/mvp
Blog: http://www.msmvps.com/epprecht/
"Rick Sawtell" <r_sawtell@hotmail.com> wrote in message
news:%23eKmvwkhFHA.572@TK2MSFTNGP15.phx.gbl...
>
> "coenzyme" < coenzyme@discussions
.microsoft.com> wrote in message
> news:4BE42E6E-CE78-4A2B-B270- F5AEA3292D49@microso
ft.com...
>
>
> Don't do it!!! It cripples performance.
>
> The biggest slow down in the database is File I/O. By encrypting the
> data
> files, you are in essence significantly increasing the File I/O.
>
>
> Follow some networking best practices to secure your server and it's data
> files. Use encryption over the network (if you must).
>
> Any of these are far better than encrypting the data files.
>
> Rick Sawtell
> MCT, MCSD, MCDBA
>
>
>
| |
| Michael C# 2005-07-11, 8:23 pm |
| What do you think about column level encryption? I'm considering using
column-level encryption on a few columns of particularly sensitive data in a
database.
"Rick Sawtell" <r_sawtell@hotmail.com> wrote in message
news:%23eKmvwkhFHA.572@TK2MSFTNGP15.phx.gbl...
>
> "coenzyme" < coenzyme@discussions
.microsoft.com> wrote in message
> news:4BE42E6E-CE78-4A2B-B270- F5AEA3292D49@microso
ft.com...
>
>
> Don't do it!!! It cripples performance.
>
> The biggest slow down in the database is File I/O. By encrypting the
> data
> files, you are in essence significantly increasing the File I/O.
>
>
> Follow some networking best practices to secure your server and it's data
> files. Use encryption over the network (if you must).
>
> Any of these are far better than encrypting the data files.
>
> Rick Sawtell
> MCT, MCSD, MCDBA
>
>
>
|
|
|
|
|