Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to protect a database from the Server Administrator in Sql Server

Tags:

security

sql-server

We have a requirement from a client to protect the database our application uses, even from their local administrators (Auditors just gave them that requirement).

In their requirement, protecting the data means that the Sql Server admin cannot read, nor modify sensitive data stored in tables.

We could do that with Encryption in Sql Server 2005, but that would interfere with our third party ORM, and it has other cons, like indexing, etc.

In Sql Server 2008 we could use TDE, but I understand that this solution doesn't protect against a user with Sql Server admin rights to query the database.

Is there any best practice or known solution to this problem?

This problem could be similar to the one of having an application hosted by a host provider, and you want to protect the data from the host admins.

We can use Sql Server 2005 or 2008.

like image 944
julio.g Avatar asked Jun 09 '09 14:06

julio.g

2 Answers

This has been asked a lot in the last few weeks. The answers usually boil down to:

(

a) If you don't control the application you are doomed to trust the DBA

or

b) If you do control the application you can encrypt everything with a key only known to the application, and decrypt on the way out. It'll hurt performance a bit (or a lot) though, that's why TDE exists. A variant of this to prevent tampering is to use a cryptographic hash of the values in the column, checking them upon application access.

)

and

c) Do extensive auditing, so you can control what are your admins doing.

like image 173
Vinko Vrsalovic Avatar answered Sep 26 '22 02:09

Vinko Vrsalovic

I might have salary information in my tables, and I don't want my trusted dba's to see. Faced with the same problem we have narrowed are options to:

1- Encrypt outside SQLServer, before inserts and updates and decrypt after selects. ie: Using .net encryption. Downside: You loose some indexing and searching capabilities, cannot use like and betweens.

2- Use third party tools (at io level) that block crud to the database unless a password is provided. ie: www.Blockkk.com Downside: You will need to trust a third party tool installed in your server. It might not keep up with SQL Server patches, etc...

3- Use an Auditing Solution that will keep track of selects, inserts, deletes, etc... And will notify (by email or event log)if violations occurred. A sample violation could be a dba running a select on your Salaries table. then fire the dba and change everyone salaries.

like image 35
AlejandroR Avatar answered Sep 23 '22 02:09

AlejandroR
Sign in to Comment

Related questions

SQL Completely Empty Database
SSIS timestamps
Query on multiple databases (SQL server)
sp_who2 BlkBy Sleeping Process Awaiting Command
SQL Server: Why do use SMO?
How do I use transactions over multiple stored procedures?
How to write a file to disk and insert a database record in a single transaction?
Does altering a stored procedure expire cached execution plans?
NVARCHAR(?) for Email addresses in SQL Server
How to write a (MySQL) "LIMIT" in SQL Server?
TSQL - MERGE statement with composite key
How to union data from different databases?
Are Dapper QueryMultiple/Query/Execute methods thread safe?
Case sensitivity and database projects
SQL Server : recursive update statement
SQL Server not working after upgrading windows8.1 to windows 10
CAST/CONVERT empty string to INT in SQL Server
What is the data type for barcodes?
.NET Core can´t connect to SQL DB
Convert UTF-8 varbinary(max) to varchar(max)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!