Connection encryptyion

  • Hi All

    Does anyone here have real life experience with encryption of SQL server connections, in regards to the performance hit that such a configuration might have on a system?

    I guess the CPU server side is hit the hardest, because client side sends less traffic per client.

    Thanks in advance for any input.

    //SUN

  • Hi,

    I think you'll find that all client/server communications are encrypted by default.

    Check out "Native Encryption" in the product overview article: http://www.microsoft.com/technet/prodtechnol/sql/2005/overview.mspx

    Cheers,

    NathanM

  • Hi,

    When I was approached by a developer on this issue, I had same opinion until I researched the matter. And the only thing that is encrypted by default in sql server 2005, is the login handshake, with sql generedated and self signed certificate. have a look at this link:

    http://blogs.msdn.com/sql_protocols/archive/2005/11/10/491563.aspx

    To encrypt the entire communication on the wire, you have to enable it server side as well as client side. Plus have the used certificate distributed to all you clients.

    This only covers the communication layer, if the data inside the db needs to be encrypted, the new encryption functions within sql server 2005 can be used with advantage, but also here one would probably see servere performance degredation especially when working with asymetric certificate keys.

    //SUN

  • that's the eternal trade off isn't it - security vs performance...

    You can set encryption per protocol from

    Go to Configuration Tools -> SQL Server Configuration Manager

    Go to Network Configuration

    Right Click Protocols for [instance name] and set Force Encryption to on.

    You will need a valid certificate for this.

    Refer to the "How SQL Server verifies that a certificate is valid"

    via this link: http://support.microsoft.com/default.aspx?scid=kb;en-us;318605

  • Hi Nathan

    Thanks for the link, I just wonder if no one really are using the protocol encryption and have some experiences to share?

    //SUN

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply