Level: Intermediate to Advanced
Chris Bell
Data Platform MVP
Consultant and Speaker
WaterOx Consulting, Inc
You know all the ways to protect your database when it is at rest, but what about when someone connects and starts running some queries? What if they connect and don't do anything? Just how exposed is that data?
In this session, we'll assume the role of a hacker and using a simple technique, we'll sniff packets on a network to reveal what data is being sent. You may be shocked! Then we'll secure our database connections with a simple self-signed SSL certificate.
Once secured, we will resume the role of the hacker once more and look inside the packets once more to see what has changed.
*Warning - Do not try these demos at work without proper permissions as actual hacking techniques are used.
You will learn:
- What is exposed when using the default, unprotected connections to SQL Server
- How to configure SQL Server to use an SSL certificate to encrypt connections
- How, with proper permission, to capture and check network packet to confirm data in transit is protected