SQL Server Database Security Reminders & Resources

Data security is again in the news. The giant retailer Target has reported a data breach that has affected 40 million customers across the U.S. Target has confirmed that the credit and debit card data was stolen from customers who made purchases between Nov. 27 and Dec. 15, 2013.

The data stolen allows thieves to create counterfeit cards by encoding the information onto any card with a magnetic strip. To pull this off, malware was likely installed into Target’s brick-and-mortar retail stores' Point of Sale (POS) systems, which then skimmed credit and debit card information.

According to the New York Times, "To pull it off, security experts said a company insider could have inserted malware into a company machine, or persuaded an unsuspecting employee to click on a malicious link that downloaded malware that gives cybercriminals a foothold into a company’s point-of-sale systems."

Securing Your SQL Server Environment

Check out our top articles for more information about how to protect your SQL Server systems from data breaches.

Securing Credit Card Data Through SQL Server 2008—There’s a lot more to PCI DSS compliance than meets the eye. We show you what’s behind the credit card industry’s data security requirements and explain how SQL Server can help you lock down vulnerable data.

SQL Server Authentication on Internet Facing Servers—If you’ve got a SQL Server that's publicly facing, make sure you've done everything you can to make it as secure as possible.

Securing Your SQL Server Environment—Locking down your database environment can be a difficult task, but it doesn’t have to be. Learn how to protect your databases by using service accounts and encryption to secure your database files and network.

SQL Server Encryption Options—SQL Server 2012 can encrypt data—and has many different encryption capabilities. Let us guide you through which encryption types to use.

SQL Server Encryption—SQL Server provides a variety encryption options, including cell-level encryption, database-level encryption, file-level encryption through Windows, and transport-level encryption.

Using Transparent Data Encryption—With Transparent Data Encryption (TDE), you can encrypt an entire database and have the encryption be completely transparent to the applications that access it.

Hardening SQL Server—You can better protect your SQL Server instances and the data they contain by reducing their surface area and controlling access to them. Here’s how.

Database Encryption Solutions—Database encryption can protect your data from internal and external attacks. When choosing a solution, consider who you are protecting data for and who you are protecting it from, along with any compliance regulations.

Simple String Encryption and Decryption—In SQL Server 2008 and SQL Server 2005, one of the easiest ways to encrypt and decrypt strings is to use T-SQL's ENCRYPTBYPASSPHRASE and DECRYPTBYPASSPHRASE functions.