Secure communication between linked SQL Servers

sql-server sql-server-2005 encryption
10,976

Encrypt Via SQL Server

  1. Provision a certificate on both machines.

  2. Configure any non-server clients to trust the certificate's root signing authority. See How to enable SSL encryption for an instance of SQL Server by using Microsoft Management Console.

  3. Configure the server(s) to force all incoming connections to use SSL so that any clients that do not support this will fail to connect. In SQL Server Configuration Manager, set the ForceEncryption parameter to "Yes" in the Protocols section.

  4. OR, instead of the prior step, you can add Encrypted=yes to the provider/connection string for the connection/linked server. If, for example, you register the linked server using sp_addlinkedserver it might look something like this:

    EXEC master.dbo.sp_addlinkedserver
   @server = N'LinkedServerName',
   @srvproduct = N'',
   @provider = N'SQLNCLI',
   @datasrc = N'Server\InstanceName',
   @provstr = N'Encrypt=yes;',
   @catalog = 'DatabaseName'
;

    I do NOT recommend that you use the option TrustServerCertificate=True because this will disable the client from validating the identity of the server it is connected to.

    Also, if using ODBC, the encryption property can be specified in a DSN.

Note that while servers don't require certificates to be installed since you can configure them to automatically create and sign their own certificates, it is best to manually install them, because you can run into problems with the self-created certificates since they change on each restart.

The best security is when the client specifically requests channel encryption, because this not only encrypts the data but the client also attempts to validate the identity of the server via the certificate, helping to mitigate a man-in-the-middle attack.

Encrypt Via The Network

Another option is to set up a secure tunnel (such as a VPN) between the two servers' networks, and ensure that the routing for traffic between them is entirely through said tunnel. This is 100% secure as well, as long as you are sure the traffic goes over the right route.

Share:
10,976
Admin
Author by

Admin

Updated on June 11, 2022

Comments

  • Admin
    Admin almost 2 years

    Is the data transferred between two SQL Servers protected (encrypted) by default? If not, is there a way to accomplish this?

    I have two SQL Server 2005 databases running on separate servers, separate machines, separate networks. How can I ensure that data transmitted from one server to another is secure? I have tried researching the subject but am unable to find anything.

    Many thanks, Sebastian

  • bilmuhfk
    bilmuhfk over 7 years
    Thanks for the great answer. But @provstr = N'Encrypted=yes;' is incorrect. It should be @provstr = N'Encrypt=yes;'
  • Rask
    Rask almost 3 years
    Many thanks for really good answer. Just a headsup to anyone who needs to set TrustServerCertificate that it may need to be added to the provider string as TrustServerCertificate=yes. (That was at least the case in my situation.)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Difference between a inline function and a view
Setting up a linked server from SQL Server 2005 to PostgreSQL
SQL Server 2005: Attach database using sp_attach_db with full text catalog
Incorrect syntax near the keyword 'Distinct'
Is there any way/tool to identify estimate query run time in SQL sERVER
Get number of weekends between two dates in SQL
How to encrypt columns in SQL Server 2008 R2
SqlServer and nvarchar(max)
Connecting to SQL server from Virtual PC
Why precision is decreasing when multiply sum to other number