SQL Server Administration and Maintenance

SQT04 Hacking Expose: Using SSL to Secure SQL Server Connections


11:00am - 12:15pm

Level: Intermediate to Advanced

Chris Bell

Data Platform MVP

Consultant and Speaker

WaterOx Consulting, Inc

You know all the ways to protect your database when it is at rest, but what about when someone connects and starts running some queries? What if they connect and don't do anything? Just how exposed is that data?

In this session, we'll assume the role of a hacker and using a simple technique, we'll sniff packets on a network to reveal what data is being sent. You may be shocked! Then we'll secure our database connections with a simple self-signed SSL certificate.

Once secured, we will resume the role of the hacker once more and look inside the packets once more to see what has changed.

*Warning - Do not try these demos at work without proper permissions as actual hacking techniques are used.

You will learn:

  • What is exposed when using the default, unprotected connections to SQL Server
  • How to configure SQL Server to use an SSL certificate to encrypt connections
  • How, with proper permission, to capture and check network packet to confirm data in transit is protected