Quick Introduction into transparent encryption with DbDefence
This quick demo will offer a brief explanation on how DbDefence
works while highlighting some of the useful features the software
has to offer. Let's start by encrypting a demo database entitled
"GoldMine" from GoldMine CRM. The name and the level of complexity
to a database is irrelevant to DbDefence. The program's encryption
algorithms function the same way no matter how complex the
structure of the database is.
In the example below, we are using SQL Server 2012, however, server versions also play no role on the functionality of DbDefence. All versions of SQL Servers released from 2005 to 2012 are compatible with DbDefence. Below you will see a basic overlay of what to expect when you log into DbDefence as a super user. We have highlighted the fact that other users typically have access to the database schema (table structures).
Now that you see the problem, the first step to properly encrypting a database using DbDefence is to log off the SSMS so it does not have access to the SQL database. Encryption attempt will fail if there are any connections to the database during the process.
Second step is to start the Encryptor and select SQL Server instance. Only local available instances are listed. It is not possible to encrypt a database remotely.
Once that is done, enter a password. It is very important that you remember the password! It will be used to get access to the database later or to decrypt (revert) the database.
Please note, that with the free version of DbDefence you can only encrypt databases up to 200 MB. Assuming there are no errors in the above entry fields, the software will then encrypt your database to the requested specifications. The process is very quick. We use highly optimized AES encryption routines that utilize all the advantages of modern day computer processors.
Important: If you only want to encrypt database files without restricting access to an existing applications please scroll down to the end
After the encryption process is completed, the software then runs diagnostic tests to make sure the data is healthy and functional. You should see a success message in the dialog box.
Now, take a look at the difference between an encrypted database and an unencrypted database. Even if an attacker somehow got unauthorized access to this data somehow, they would still be completely unable to read it!
Now that you have successfully encrypted your database, go back to SQL Server Management Studio and try to access your database as the most privileged account. Look! The database structure is now completely hidden! Trying to select any data from the protect table now returns as an error, but the data is still there, completely intact! And the best part is, this level of database protection works for ALL network applications, not just SSMS.
Now lets briefly go through the steps to decrypt a database. First thing you need to do is type in the following SQL statement:
OPEN SYMMETRIC KEY DBDX DECRYPTION BY PASSWORD='yourpassword'
After supplying your database key password you are now able to work with the database. Note that by default, access is granted only to connections running an open symmetric key statement. SSMS uses another connection to retrieve the database structure. That is why logged in administrators accessing SSMS do not have access to the database.
If you would like to modify these settings for whole SSMS process, there are several ways to do so. One such solution is to run:
For more information regarding specific settings, please read the included documentation.
That's all for DbDefence basics!
If you only want to encrypt database files.
Some customers have requirements to encrypt data and do not restrict access for any applications. Just let everything run as before but with encrypted files on the disk. In this case, set extra option before encrypting the database:
The proceed with encryption. You do not need to apply password in any way to select data.