469,934 Members | 1,873 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,934 developers. It's quick & easy.

Securing data against theft of the server or hackers

Hi,

As part of a website (ASP.NET) we're creating, we need the ability to
store documents with pretty much 'mission critical' security. ie, if the
server is completely compromised (eg a trojan/virus is installed or
someone physically steals the server) they will still not be able to
gain access to the content of the files. I can securely transfer the
files to and from the server, but I am unsure of how best to store them
securely.

What options do I have? I have thought of using public key encryption
like PGP, but the users would then have to be trusted with a private key
which they could leak or lose, and all users would have to have the same
private key so that they could see each others files. So I'm not sure
that idea could be made to work.

I'm wondering if there are any methods that would fit my needs (even if
it involves buying 3rd party hardware or software to achieve it).

If it matters, it will probably be a Win 2003 web server with a separate
box running SQL Server 2000 which could also be used for file storage.

Any advice would be appreciated!

Thanks,

Nick Gilbert
Nov 18 '05 #1
7 1188
If I was in your situation I'd seriously consider storing the files in SQL
Server. It's got built-in, high-quality security and can store files as
easily as any other kind of data.

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://Steve.Orr.net
"Nick Gilbert" <ne**@nickgilbert.com> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl...
Hi,

As part of a website (ASP.NET) we're creating, we need the ability to
store documents with pretty much 'mission critical' security. ie, if the
server is completely compromised (eg a trojan/virus is installed or
someone physically steals the server) they will still not be able to
gain access to the content of the files. I can securely transfer the
files to and from the server, but I am unsure of how best to store them
securely.

What options do I have? I have thought of using public key encryption
like PGP, but the users would then have to be trusted with a private key
which they could leak or lose, and all users would have to have the same
private key so that they could see each others files. So I'm not sure
that idea could be made to work.

I'm wondering if there are any methods that would fit my needs (even if
it involves buying 3rd party hardware or software to achieve it).

If it matters, it will probably be a Win 2003 web server with a separate
box running SQL Server 2000 which could also be used for file storage.

Any advice would be appreciated!

Thanks,

Nick Gilbert

Nov 18 '05 #2
Thanks for your reply, but I don't think you've understood my problem.

SQL Server is only secure if you're limited to accessing it via queries.
But if someone has access to the box, they have access to the database
and all the files within it. They could just steal the database files
and restore them to their own server. SQL Server has no encryption on
its database files, so if you have the database, you also have access to
all the information in the files. I need a much more secure solution
than that... What you're suggesting isn't really any more secure than
storing something in a non-passworded ZIP/TAR file (or any other file
format which stores multiple files). If you have the database, you don't
even need to know any passwords to get the files back out again...

Also SQL Server isn't very good for storing lots of large files (eg
gigabytes of them) - I think the files themselves are best kept
seperately from the data.

I was more thinking of some kind of encryption system...

Nick....

Steve C. Orr [MVP, MCSD] wrote:
If I was in your situation I'd seriously consider storing the files in SQL
Server. It's got built-in, high-quality security and can store files as
easily as any other kind of data.

Nov 18 '05 #3
I've never tried this in an ASP.NET setting, but with server 2003
there is the Encrypting File System:

Encrypting File System in Windows XP and Windows Server 2003
http://www.microsoft.com/technet/pro...y/cryptfs.mspx

Also, you might want to check out the DPAPI. There are .NET wrappers
for this API.

Windows Data Protection
http://msdn.microsoft.com/security/s...tion-dpapi.asp
Of course, there is also the "C - 4" chip .... I just dont trust any
company with "cyber" in the name:
http://www.computeruser.com/news/00/..._ref=233393570

HTH,

--
Scott
http://www.OdeToCode.com

On Thu, 27 May 2004 09:47:31 +0100, Nick Gilbert
<ne**@nickgilbert.com> wrote:
Hi,

As part of a website (ASP.NET) we're creating, we need the ability to
store documents with pretty much 'mission critical' security. ie, if the
server is completely compromised (eg a trojan/virus is installed or
someone physically steals the server) they will still not be able to
gain access to the content of the files. I can securely transfer the
files to and from the server, but I am unsure of how best to store them
securely.

What options do I have? I have thought of using public key encryption
like PGP, but the users would then have to be trusted with a private key
which they could leak or lose, and all users would have to have the same
private key so that they could see each others files. So I'm not sure
that idea could be made to work.

I'm wondering if there are any methods that would fit my needs (even if
it involves buying 3rd party hardware or software to achieve it).

If it matters, it will probably be a Win 2003 web server with a separate
box running SQL Server 2000 which could also be used for file storage.

Any advice would be appreciated!

Thanks,

Nick Gilbert


Nov 18 '05 #4
Nick,

I was just looking into a similar issue yesterday.

Check out "NetLib Encryptionizer". I've never used it, but it allows
columns or an entire database to be encrypted.

The feature you might like is that you can set up the security so the
DB server is "linked" (my word) to another computer on the network so
that, even if the DB server is physically stolen the encrypted
database cannot be read because it is no longer connected to the
"linked" system.

Might be what you want.
-- Paul
Nick Gilbert <ne**@nickgilbert.com> wrote in message news:<ec**************@tk2msftngp13.phx.gbl>...
Thanks for your reply, but I don't think you've understood my problem.

SQL Server is only secure if you're limited to accessing it via queries.
But if someone has access to the box, they have access to the database
and all the files within it. They could just steal the database files
and restore them to their own server. SQL Server has no encryption on
its database files, so if you have the database, you also have access to
all the information in the files. I need a much more secure solution
than that... What you're suggesting isn't really any more secure than
storing something in a non-passworded ZIP/TAR file (or any other file
format which stores multiple files). If you have the database, you don't
even need to know any passwords to get the files back out again...

Also SQL Server isn't very good for storing lots of large files (eg
gigabytes of them) - I think the files themselves are best kept
seperately from the data.

I was more thinking of some kind of encryption system...

Nick....

Steve C. Orr [MVP, MCSD] wrote:
If I was in your situation I'd seriously consider storing the files in SQL
Server. It's got built-in, high-quality security and can store files as
easily as any other kind of data.

Nov 18 '05 #5
I'd be quite nervous about having a database that is so wide open to the
public as yours seems to be.

In that case, it sounds like you'll be needing some encryption whether you
store your files in SQL Server or elsewhere.
Here's some articles on encrypting files:
http://www.fawcette.com/vsm/2002_08/...us/default.asp
http://www.devx.com/security/article/7019

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://Steve.Orr.net
"Nick Gilbert" <ne**@nickgilbert.com> wrote in message
news:ec**************@tk2msftngp13.phx.gbl...
Thanks for your reply, but I don't think you've understood my problem.

SQL Server is only secure if you're limited to accessing it via queries.
But if someone has access to the box, they have access to the database
and all the files within it. They could just steal the database files
and restore them to their own server. SQL Server has no encryption on
its database files, so if you have the database, you also have access to
all the information in the files. I need a much more secure solution
than that... What you're suggesting isn't really any more secure than
storing something in a non-passworded ZIP/TAR file (or any other file
format which stores multiple files). If you have the database, you don't
even need to know any passwords to get the files back out again...

Also SQL Server isn't very good for storing lots of large files (eg
gigabytes of them) - I think the files themselves are best kept
seperately from the data.

I was more thinking of some kind of encryption system...

Nick....

Steve C. Orr [MVP, MCSD] wrote:
If I was in your situation I'd seriously consider storing the files in SQL Server. It's got built-in, high-quality security and can store files as
easily as any other kind of data.

Nov 18 '05 #6
> I'd be quite nervous about having a database that is so wide open to the
public as yours seems to be.


It won't be wide open - there are tight logon restrictions and the site
is SSL only. Additionally the SQL Server resides on a seperate box
behind a second firewall. However the database only contains meta-data
about the files.. it's the files I'm concerned about.

Nick...
Nov 18 '05 #7
Hi Nick,

I also think Steve Orr's suggestion on use encryption component is
reasonable and that'll make your resources mantained in not only database
but also anyother persistence. And it seems there isn't any other means on
protecting your resources if the machine is controled by the hacker.:)
Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

Nov 18 '05 #8

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

30 posts views Thread by Robert Tweed | last post: by
17 posts views Thread by David McNab | last post: by
3 posts views Thread by Juan | last post: by
11 posts views Thread by Wm. Scott Miller | last post: by
3 posts views Thread by Mark Ingram | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.