SQL Server Administration and Maintenance

SQH13 Hacking Expose - Using SSL to Secure SQL Server Connections

12/08/2016

3:00pm - 4:15pm

Level: Intermediate

Chris Bell

Data Platform MVP

Consultant and Speaker

WaterOx Consulting, Inc

You know all the ways to protect your database when it is at rest, but what about when someone connects and starts running some queries? What if they connect and don't do anything? Just how exposed is that data? You'll assume the role of a hacker and using a simple technique, you'll sniff packets on a network to reveal what data is being sent. You may be shocked. Then you'll secure our database connections with a simple self-signed SSL certificate. Once secured, you'll resume the role of the hacker and look inside the packets to see what has changed.

*Warning: Do not try these demos at work without proper permissions as actual hacking techniques are used.

You will learn:

• What is exposed when using the default, unprotected connections to SQL Server • How to configure SQL Serve to use an SSL certificate to encrypt connections • Ways, with proper permission, to capture and check network packet to confirm data in transit is protectedr