Atjaunināt sīkdatņu piekrišanu

Pro Encryption in SQL Server 2022: Provide the Highest Level of Protection for Your Data 1st ed. [Mīkstie vāki]

5.00/5 (2 ratings by Goodreads)
  • Formāts: Paperback / softback, 351 pages, height x width: 254x178 mm, weight: 714 g, 104 Illustrations, black and white; XXIV, 351 p. 104 illus., 1 Paperback / softback
  • Izdošanas datums: 18-Nov-2022
  • Izdevniecība: APress
  • ISBN-10: 1484286634
  • ISBN-13: 9781484286630
Citas grāmatas par šo tēmu:
  • Mīkstie vāki
  • Cena: 55,83 €*
  • * ši ir gala cena, t.i., netiek piemērotas nekādas papildus atlaides
  • Standarta cena: 65,69 €
  • Ietaupiet 15%
  • Grāmatu piegādes laiks ir 3-4 nedēļas, ja grāmata ir uz vietas izdevniecības noliktavā. Ja izdevējam nepieciešams publicēt jaunu tirāžu, grāmatas piegāde var aizkavēties.
  • Daudzums:
  • Ielikt grozā
  • Piegādes laiks - 4-6 nedēļas
  • Pievienot vēlmju sarakstam
Pro Encryption in SQL Server 2022: Provide the Highest Level of Protection for Your Data 1st ed.Palielināt
  • Formāts: Paperback / softback, 351 pages, height x width: 254x178 mm, weight: 714 g, 104 Illustrations, black and white; XXIV, 351 p. 104 illus., 1 Paperback / softback
  • Izdošanas datums: 18-Nov-2022
  • Izdevniecība: APress
  • ISBN-10: 1484286634
  • ISBN-13: 9781484286630
Citas grāmatas par šo tēmu:
Permanent link: https://www.kriso.lv/db/9781484286630.html
Keywords:

This in-depth look at the encryption tools available in SQL Server shows you how to protect data by encrypting it at rest with Transparent Data Encryption (TDE) and in transit with Transport Level Security (TLS). You will know how to add the highest levels of protection for sensitive data using Always Encrypted to encrypt data also in memory and be protected even from users with the highest levels of access to the database. The book demonstrates actions you can take today to start protecting your data without changing any code in your applications, and the steps you can subsequently take to modify your applications to support implementing a gold standard in data protection.

The book highlights work that Microsoft has been doing since 2016 to make encryption more accessible, by making TDE available in the standard edition, and the introduction of Always Encrypted that requires minimal work on your part to implement powerful and effective encryption, protecting your data and meeting regulatory requirements. The book teaches you how to work with the encryption technologies in SQL Server with the express goal of helping you understand those technologies on an intuitive level. You’ll come away with a deep level of understanding that allows you to answer questions and speak as an expert. The book’s aim is to make you as comfortable in deploying encryption in SQL Server as you would be in driving your car to buy groceries. 

Those with a data security mindset will appreciate the discussion of how each feature protects you and what it protects you from, as well as how to implement things in the most secure manner. Database administrators will appreciate the high level of detail around managing encryption over time and the effect of encryption on database performance. All readers will appreciate the advice on how to avoid common pitfalls, ensuring that your projects to implement encryption run smoothly.


What You Will Learn
  • Architect an effective encryption strategy for new applications
  • Retrofit encryption into your existing applications
  • Encrypt data at rest, in memory, and in transit
  • Manage key and certificate life cycles, including backup and restore
  • Recover encrypted databases in case of server failure
  • Work with encryption in cloud-based scenarios


Who This Book Is For

Database developers, architects, and administrators who want to work with encryption in SQL Server; those who want to maintain encryption whether data is at rest or being transmitted over the network; and those who wish to encrypt their data even when in the server’s own memory. Readers should be familiar with SQL Server, but no existing knowledge of encryption is assumed.


Intermediate-Advanced user level
About the Author xiii
About the Technical Reviewer xv
Acknowledgments xvii
Introduction xix
Part I Understanding the Landscape
1(14)
Chapter 1 Purpose of Encryption and Available Tools
3(12)
What Is the Purpose of Encryption?
4(1)
Encryption and Data Protection Regulation
5(2)
Overview of the Tools Available in SQL Server
7(4)
TDE
8(1)
Backup Encryption
9(1)
Always Encrypted
9(1)
TLS
9(1)
Hashing and Salting
10(1)
Encryption Functions
10(1)
EKM
10(1)
Recommended Approach to Encryption
11(1)
Encryption in the Cloud
12(1)
Summary
13(2)
Part II At-Rest Encryption
15(60)
Chapter 2 Introducing Transparent Data Encryption
17(14)
What Is TDE?
17(5)
Understanding Keys and Certificates
22(3)
Database Encryption Key (DEK)
24(1)
Certificate and Associated Asymmetric Key Pair
24(1)
Database Master Key (DMK)
24(1)
Service Master Key (SMK)
25(1)
Understanding the Need for the Hierarchy
25(2)
How Secure Is TDE?
27(2)
What Are We Protected From?
28(1)
How Easy Is It to Break Down the Encryption?
28(1)
Summary
29(2)
Chapter 3 Setting Up TDE
31(16)
Creating the Keys and Certificate
31(4)
Creating the Database Master Key (DMK)
32(1)
Creating the Certificate
33(1)
Creating the Database Encryption Key (DEK)
34(1)
Encrypting the Database
35(2)
Securing the Root Keys
37(2)
Encrypting Existing Data with TDE
39(6)
Benchmarking TDE Performance on Your Server
39(3)
Monitoring for Problems
42(1)
What If You Run into Any Performance Problems During the Scan?
43(1)
What If the Encryption Scan Fails?
44(1)
Taking Backups While Encryption Is in Progress
45(1)
Summary
45(2)
Chapter 4 Managing TDE
47(18)
Migrating or Recovering a TDE-Protected Database
47(3)
Create a Database Master Key (DMK) If One Doesn't Exist
48(1)
Restore the Certificate and Private Key
48(1)
Restore the Database
49(1)
Recovering a TDE Database Without the Certificate
50(3)
Setting Up a New SQL Instance Using the Same Service Account as the Old Instance
51(1)
Restore Your Backup of Master from the Old Instance onto the New Instance
51(1)
Reboot Your New Server: The Whole Server, Not Just SQL
52(1)
Backup Your Certificate and Private Key - and Don't Lose Them This Time
52(1)
Key Rotation
53(2)
Creating a New Certificate
54(1)
Rotating the Certificate
55(1)
Impact of TDE on Performance
55(5)
Where Do We See an Overhead?
56(1)
How to Estimate the Performance Impact for Your Server?
56(4)
TDE and Backups
60(2)
Backup Performance
60(1)
Backup Compression
61(1)
Backup Compression Issues
62(1)
TDE and High Availability
62(1)
Summary
63(2)
Chapter 5 Backup Encryption
65(10)
Setting Up Backup Encryption
66(2)
Creating a Test Database
66(1)
Create the Database Master Key (DMK)
66(1)
Creating the Certificate
67(1)
Permissions
67(1)
Working with Encrypted Backups
68(2)
Taking an Encrypted Backup
68(1)
Restoring an Encrypted Backup
69(1)
Backup Encryption Performance
70(2)
Backup Encryption and Compression
72(1)
Summary
73(2)
Part III Column Encryption using Always Encrypted
75(106)
Chapter 6 Introducing Always Encrypted
77(8)
SQL Server 2016 vs. SQL Server 2019 and Beyond
78(1)
How Does Always Encrypted Work?
78(4)
Encryption Hierarchy
79(1)
Encryption in Practice
79(3)
Summary
82(3)
Chapter 7 Setting Up Always Encrypted
85(12)
Create Keys and Certificates
85(7)
Creating the Certificate and Column Master Key
85(4)
Creating the Column Encryption Key (CEK)
89(3)
Create an Encrypted Column
92(2)
Summary
94(3)
Chapter 8 Executing Queries Using Always Encrypted
97(26)
Performing a Basic Insert and Select
97(6)
Connecting to the Database
97(2)
Inserting Data
99(3)
Reading Data
102(1)
Looking at What Happens in the Background
103(5)
What Happens with an Insert Query
103(5)
What Happens with a Select Query
108(1)
Issuing a Query with a Predicate Against an Encrypted Column
108(4)
Indexes and Statistics on Encrypted Columns
112(1)
Working with Stored Procedures
113(3)
Querying Always Encrypted Data from Your Application
116(5)
Working with Direct Queries
117(2)
Working with Stored Procedures
119(2)
Summary
121(2)
Chapter 9 Encrypting Existing Data with Always Encrypted
123(22)
Encrypting Data Using the Always Encrypted Wizard
124(5)
Encrypting Data Using PowerShell
129(4)
Encrypting Data Using the Import and Export Wizard
133(9)
Summary
142(3)
Chapter 10 Limitations with Always Encrypted
145(6)
SQL Server Only Ever Sees Encrypted Data
145(2)
Strong Encryption Isn't Predictable
147(1)
Deterministic vs. Randomized
147(1)
Data Types
148(1)
Miscellaneous
149(1)
Summary
149(2)
Chapter 11 Key Rotation with Always Encrypted
151(18)
CMK Rotation
151(13)
Rotating the CMK Using the SSMS GUI
153(5)
Rotating the CMK Using T-SQL
158(2)
Rotating the CMK Using PowerShell
160(2)
Rotating the CMK Using PowerShell with Role Separation
162(2)
Rotating the CEK
164(3)
Summary
167(2)
Chapter 12 Considerations When Implementing Always Encrypted
169(12)
Choosing What Data to Encrypt
169(1)
Source Control and Release Management
170(5)
ETL
175(1)
Performance
176(1)
Client Drivers
177(1)
Summary
178(3)
Part IV Column Encryption using Always Encrypted with Enclaves
181(76)
Chapter 13 Introducing Always Encrypted with Enclaves
183(8)
Attestation
184(1)
Executing Queries That Use the Enclave
185(5)
The Attestation Process
185(3)
The Query Execution Process
188(2)
Summary
190(1)
Chapter 14 Setting Up Always Encrypted with Enclaves
191(16)
Setting Up Your VMs
192(8)
Setting Up Networking
200(3)
Install and Configure Host Guardian Service (HGS)
203(1)
Install SQL Server and Configure as a Guarded Host
203(2)
Summary
205(2)
Chapter 15 In-Place Encryption with Always Encrypted Enclaves
207(12)
Setting Up Our Test Database and Keys
208(3)
In-Place Encryption and Decryption of Data
211(3)
Performance of In-Place Encryption
214(1)
CEK Rotation
215(2)
Summary
217(2)
Chapter 16 Rich Querying with Always Encrypted Enclaves
219(26)
Setting Up Your Database and Data
221(1)
Rich Querying
222(5)
Indexes on Columns with Randomized Encryption
227(8)
Reading from an Index
228(3)
Updating an Index When Data Is Modified
231(1)
Index Rebuilds
232(1)
Database Recovery After Failure or Shutdown
233(2)
Joins
235(7)
Summary
242(3)
Chapter 17 Setting Up TPM Attestation
245(12)
Prerequisites for Your SQL Server to Support TPM Attestation
246(1)
Artifacts That Are Required by Attestation
246(1)
TPM Endorsement Key Certificate
247(1)
TPM Baseline
247(1)
Code Integrity Policy
247(1)
Installing and Configuring HGS
247(1)
Configuring the SQL Server
248(8)
Install the Attestation Client Components
249(1)
Making Sure VBS Is Configured Correctly
249(1)
Configure the Attestation URL
250(1)
Configuring a Code Integrity Policy
251(1)
Collect and Register Attestation Artifacts
252(1)
Check SQL Server Can Attest Successfully
253(2)
Configure the Enclave Type in SQL Server
255(1)
Summary
256(1)
Part V Completing the Picture
257(60)
Chapter 18 Encryption In Transit Using Transport Layer Security
259(10)
How TLS Works
260(1)
Obtaining a Certificate to Use for TLS
260(3)
Setting Up TLS on Your SQL Server
263(5)
Performance
268(1)
Summary
268(1)
Chapter 19 Hashing and Salting of Passwords
269(8)
Hashing
269(1)
Salting
270(1)
Using the HASHBYTES Function
271(1)
Storing Passwords Using HASHBYTES and a Salt Value
272(3)
Summary
275(2)
Chapter 20 Extensible Key Management (EKM)
277(20)
Creating the Required Objects in Azure
278(8)
Creating the Resource Group
278(2)
Creating the Azure Active Directory App Registration
280(3)
Creating the Key Vault
283(3)
Setting Up TDE to Use Azure Key Vault
286(4)
Creating the Key for TDE
286(1)
Setting Up the SQL Server
287(3)
Working with Always Encrypted and EKM
290(5)
Creating a CMK in Azure Key Vault
290(3)
Encrypting Columns and Working with Data
293(2)
Working with Azure Key Vault from Your Application
295(1)
Summary
295(2)
Chapter 21 Other Methods of Column Encryption
297(20)
Encryption Using a Symmetric Key
298(2)
Your Key Hierarchy
298(2)
Working with Automated Key Management
300(6)
Creating the Keys
300(1)
Encrypting and Decrypting Data
301(2)
Using an Authenticator
303(3)
Where the DMK Is Not Protected by the SMK
306(1)
Where the Symmetric Key Is Just Protected by a Password
307(1)
Working with and Indexing Encrypted Columns
308(2)
Migrating or Restoring a Database with Column Encryption
310(2)
Temporary Keys
312(1)
Encryption by Passphrase
313(1)
Protection of Key Passwords Being Sent to SQL Server
314(1)
Summary
315(2)
Appendix A Glossary of Terms 317(14)
Appendix B Encryption in the Cloud 331(4)
Appendix C Encryption Algorithms 335(8)
Index 343
Matthew McGiffen is a Data Architect with over 20 years experience working on SQL Server and associated technologies. Matthew has also had the opportunity to collaborate with Microsoft during the development of some of the latest enhancements in encryption. He is the author of a popular blog on SQL Server and has written articles for SQL Server Central. In his spare time, Matthew is an amateur chess player and pianist.