Using Encryption with Microsoft SQL Server 2000 Kevin McDonnell Technical Lead SQL Server Support Microsoft Corporation.

Slides:



Advertisements
Similar presentations
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Advertisements

Deploying and Managing Active Directory Certificate Services
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Chapter 9 Deploying IIS and Active Directory Certificate Services
Module 5: Configuring Access to Internal Resources.
Module 5: Configuring Access for Remote Clients and Networks.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 10 Securing Exchange Server 2003.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Network Access Protection Platform Architecture Joseph Davies Technical writer Windows Networking and Device Technologies Microsoft Corporation.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 13: Administering Web Resources.
Chapter 7 HARDENING SERVERS.
Intel Confidential 1 Configure PKI Web Server Certificates for each Management Controller.
Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.
Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.
Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Microsoft Windows XP Remote Desktop Alvin Loh Program Manager Terminal Services Group.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Senior Technical Writer
Configuring Active Directory Certificate Services Lesson 13.
11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.
George Vordenbaum Systems Content Developer Global Support Automation Microsoft Corporation Exploring Windows XP Boot Options and Recovery Console George.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software
Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.
Deploying PKI Inside Microsoft The experience of Microsoft in deploying its own corporate PKI Published: December 2003.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
The Windows NT ® 5.0 Public Key Infrastructure Charlie Chase Program Manager Windows NT Security Microsoft Corporation.
70-411: Administering Windows Server 2012
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
1 Week 6 – NPS and RADIUS Install and Configure a Network Policy Server Configure RADIUS Clients and Servers NPS Authentication Methods Monitor and Troubleshoot.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Microsoft Exchange 2000 Service Pack 2 Features Mark Barringer Support Professional Enterprise Messaging Support Microsoft Corporation.
Project Server 2003: DC340: Security (Part 1 of 2): How to securely deploy Project Server in an enterprise environment Pradeep GanapathyRaj (PM), Karthik.
Home Networking and Internet Connection Sharing in Microsoft Windows XP Curtis Koenig Support Engineer Professional Platform Support Microsoft Corporation.
Module 9: Fundamentals of Securing Network Communication.
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
Module 9: Designing Public Key Infrastructure in Windows Server 2008.
Windows 2000 Certificate Authority By Saunders Roesser.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
Apache Web Server Quick and Dirty for AfNOG 2015 (Originally by Joel Jaeggli for AfNOG 2007) ‏
Welcome Windows Server 2008 安全功能 -NAP. Network Access Protection in Windows Server 2008.
Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.
2. SQL Security Objectives –Learn SQL Server 2000 components Contents –Understanding the Authentication Process –Understanding the Authorization Process.
1 Chapter Overview Planning to Install SQL Server 2000 Deciding SQL Server 2000 Setup Configuration Options Running the SQL Server 2000 Setup Program Using.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Module 7: Implementing Security Using Group Policy.
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring Windows Server 2008 Printing.
Lemon security. Previous security enhancements user lemon: lemon-db-admin-OraMon will create user lemon (Miro). - OraMon switches to user lemon at its.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
Planning Server Deployments Chapter 1. Server Deployment When planning a server deployment for a large enterprise network, the operating system edition.
Introduction to Web Services Srinath Vasireddy Support Professional Developer Support Microsoft Corporation.
ArcGIS for Server Security: Advanced
Agenda Introduction Security flow for a request Authentication
Module Overview Installing and Configuring a Network Policy Server
Introduction to SQL Server 2000 Security
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 13: Administering Web Resources.
Implementing TMG Server Publishing
VCE Dumps
Goals Introduce the Windows Server 2003 family of operating systems
Presentation transcript:

Using Encryption with Microsoft SQL Server 2000 Kevin McDonnell Technical Lead SQL Server Support Microsoft Corporation

2 Presentation Content  We will discuss how to set up Microsoft® SQL Server™ 2000 with SSL encryption  This is not a discussion on Certificate Server, PKI, or an in-depth discussion of SSL

3 Data Encryption SQL Server 7.0 vs. SQL Server 2000  In SQL Server 7.0, we used the Multiprotocol library and enabled the encryption option Not strong encryption Not strong encryption Requires additional protocol MSRPC Requires additional protocol MSRPC Requires additional ports opened on the firewall Requires additional ports opened on the firewall Not supported for named instances Not supported for named instances  SQL Server 2000 Strong encryption Strong encryption Uses only the TCP protocol Uses only the TCP protocol

4 SQL Server 2000 Encryption  There is no wizard to install a certificate  There is no SQL GUI to manage certificates  There is no way to identify which connections are encrypted and which connections are not  There is no SQL GUI to verify a certificate is valid  The certificate is read on the server during SQL Server startup

5 SQL Server 2000 Overview Net-Library Architecture TCPIPX/SPXNet-Library Router Encryption Layer SSNetLib - Server Socket Net-Library SQL Server

6 SQL Server 2000 Client Overview  Requires MDAC 2.6 or later to be installed  Does not require SQL Server 2000 Tools  Programmers can request SSL encryption in their connection string ODBC : Encrypt = Yes ODBC : Encrypt = Yes Oledb : Use Encryption for Data = True Oledb : Use Encryption for Data = True

7 SQL Server 2000 Client Overview Net-Library Architecture Client Application Oledb Provider or ODBC Driver Client Net-Library DBNetlib.dll TCPIPX/SPXNet-Library Router Encryption Layer

8 Certificate Request From a Microsoft Certificate Authority Server Stand-Alone CA Enterprise CA SQL Server 2000 Web request: Use advanced request using a form. MMC request. Virtual SQL Server 2000 Cluster Web request: Use advanced request using a form. Must specify virtual server name. Web request: Use advanced request using a form. Change certificate template to Web Server.

9 Encryption Planning for SQL Server 2000 Enabling SSL Encryption from the Server  Use the SQL Server Network Utility  Forces all incoming connections to be encrypted  Install server certificate only  All or nothing — the server will not start if the certificate is not found or is invalid

10 Encryption Planning for SQL Server 2000 (2) Enabling Encryption from the Client Using the Client Network Utility  Use the SQL Server Client Network Utility  Forces all client connections to be encrypted  Can no longer connect to SQL Server 7.0  Install server certificate — client requires updated Trusted Root Authority

11 Certificate Request From a Stand-Alone CA

12 Certificate Request Change the Intended Purpose

13 Certificate Request Certificate Store Location

14 Certificate Request Submit Certificate Request to CA

15 Certificate Request Pending CA Approval

16 Certificate Request Check on a Pending Certificate

17 Certificate Request Select the Certificate Request You Want To Check

18 Certificate Request Install the Certificate

19 View Certificate in MMC

20 Certificate General Information

21 SQL Server 2000 Server Network Utility  Select the “Force protocol encryption” check box to enable SSL encryption

22 SQL 2000 Server Registry  The registry that shows server-enabled encryption is: HKLM\Software\Microsoft\MSSQLServer\MSS QLServer\SuperSocketNetLib

23 Certificate Request From an Enterprise CA

24 Certificate Request Using MMC

25 Certificate Request (2) Using MMC

26 Certificate Request (3) Using MMC

27 Certificate Request (4) Using MMC

28 Certificate Request (5) Using MMC

29 Client Request for Encryption  The SQL Server must have the certificate installed  The client computer must update the Trusted Root Authority  Export the Trusted Root Authority from the server and import it on the client computer  Enable “Force protocol encryption” from the SQL Client Network Utility or use the appropriate connection string  Recommended for SQL Server cluster

30 SQL Server 2000 Client Network Utility  Enabling the “Force protocol encryption” option

31 SQL Client Registry  Client registry: HKLM\Software\Microsoft\MSSQLServer\Clie nt\SuperSocketNetLib

32 Sample ODBC Connection

33 Knowledge Base Articles  Q309398, “PRB: SQL Server 2000 Installation Fails with "SSL Security error :ConnectionOpen (SECDoClientHandshake())" Error Message”  Q302409, “FIX: Unable to Connect to SQL Server 2000 When Certificate Authority Name Is the Same As the Host Name of the Windows 2000 Computer”  Q318605, “INF: How SQL Server Uses a Certificate When the Force Protocol Encryption Option is Set On”  Q316898, “HOW TO: Enable SSL Encryption for SQL Server 2000 with Microsoft Management Console”  Q276553, “HOW TO: Enable SSL Encryption for SQL Server 2000 with Certificate Server ”

34 Known Issues  Microsoft® Visual Studio®.NET installs the Microsoft SQL Server Desktop Edition of SQL Server. If there are certificates on the computer that are not used for SQL Server, setup may fail.  See Q309398, “PRB: SQL Server 2000 Installation Fails with "SSL Security error :ConnectionOpen (SECDoClientHandshake())" Error Message.”  The SQL Server 2000 release required the certificate’s intended purpose to be client authentication.  Local store versus current user.

35 SetCert Utility  Included with the SQL Server 2000 resource kit  Permits you to control the certificate used for SQL Server

36 CAPICOM  Cryptographic COM component  Permits you to write scripts to manage certificate stores Microsoft (R) Windows Script Host Version 5.6 Copyright (C) Microsoft Corporation All rights reserved. Subject Name: CN=myserver.cherryhill.corp.widget.com SHA-1 Thumbprint: 791B74BFD698B477F D44FE78BCEF9D Valid To: 3/12/2003 2:34:49 PM Extended Key Usage: Server Authentication( )

37 Summary  SQL Server 2000 encryption can be implemented from the server or client  The certificate must be installed on the server and the intended purpose must be server authentication  The SQL Server service account must be the same account that requested the certificate  If the client requests an encrypted connection, the Trusted Root Authority must be updated on the client computer  Certificates on a SQL Server cluster must be issued to the virtual SQL Server name

38 Thank you for joining us for today’s Microsoft Support WebCast. For information about all upcoming Support WebCasts and access to the archived content (streaming media files, PowerPoint® slides, and transcripts), please visit: We sincerely appreciate your feedback. Please send any comments or suggestions regarding the Support WebCasts to and include “Support WebCasts” in the subject line.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.