Double Trouble: SQL Rootkits and Encryption

Expo Theatre (Hall G) October 21, 2008 - Feedback     

Bookmark and Share

Kevvie Fowler

This is a joint session covering two critical SQL Server risks; SQL Server rootkits and common SQL Server encryption implementation mistakes that result in data exposure.

SQL Server Rootkits: To date there has been no database rootkit research that focused directly on SQL Server, that is until now. Attendees will see first-hand how rootkits can be used to conceal unauthorized SQL Server access and how they can perform logging of both GUI and SQL based activity.

The insecure implementation of secure encryption: Some trusted SQL Server experts and reputable SQL Server web sites provide users with guidance on how to implement native SQL Server data encryption. However, following this advice can result in the unintentional exposure of sensitive plain-text data. Learn the proper way to implement native SQL Server data encryption to avoid this data exposure.

This SQL Server security ‘double-feature’ is a must see for anyone tasked with auditing, securing, investigating or simply using Microsoft SQL Server.