Post reply

Connection encryptyion

  • December 17, 2007 at 11:33 pm

    #181384

    Hi All

    Does anyone here have real life experience with encryption of SQL server connections, in regards to the performance hit that such a configuration might have on a system?

    I guess the CPU server side is hit the hardest, because client side sends less traffic per client.

    Thanks in advance for any input.

    //SUN

  • December 19, 2007 at 5:17 pm

    #761636

    Hi,

    I think you'll find that all client/server communications are encrypted by default.

    Check out "Native Encryption" in the product overview article: http://www.microsoft.com/technet/prodtechnol/sql/2005/overview.mspx

    Cheers,

    NathanM

  • December 20, 2007 at 2:42 pm

    #761917

    Hi,

    When I was approached by a developer on this issue, I had same opinion until I researched the matter. And the only thing that is encrypted by default in sql server 2005, is the login handshake, with sql generedated and self signed certificate. have a look at this link:

    http://blogs.msdn.com/sql_protocols/archive/2005/11/10/491563.aspx

    To encrypt the entire communication on the wire, you have to enable it server side as well as client side. Plus have the used certificate distributed to all you clients.

    This only covers the communication layer, if the data inside the db needs to be encrypted, the new encryption functions within sql server 2005 can be used with advantage, but also here one would probably see servere performance degredation especially when working with asymetric certificate keys.

    //SUN

  • December 20, 2007 at 3:40 pm

    #761937

    that's the eternal trade off isn't it - security vs performance...

    You can set encryption per protocol from

    Go to Configuration Tools -> SQL Server Configuration Manager

    Go to Network Configuration

    Right Click Protocols for [instance name] and set Force Encryption to on.

    You will need a valid certificate for this.

    Refer to the "How SQL Server verifies that a certificate is valid"

    via this link: http://support.microsoft.com/default.aspx?scid=kb;en-us;318605

  • December 21, 2007 at 2:26 pm

    #762343

    Hi Nathan

    Thanks for the link, I just wonder if no one really are using the protocol encryption and have some experiences to share?

    //SUN

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply