Databases Reference
In-Depth Information
Figure 10.6
IPSEC Services in
the Windows
Services Panel.
example, open Start
Settings
Control Panel, select Administrative Tools
and then Services to ensure that the IPSec service is running, as shown in
Figure 10.6.
Finally, using the IPSec Policy Management snap-in, you can assign the
appropriate policy—either by using one of the built-in policies or by defin-
ing your own policy; many options are supported here. The default policies
are as follows:
Client—Respond Only
: This is the default mode for clients, meaning
that communications are normally not encrypted unless a server
requests a secure connection, in which case only that connection is
encrypted.
Server—Request Security
: This mode is used for servers and implies
that the server will try to initiate a secure connection with the client.
If the client is not able to accommodate an encrypted connection,
then the server will fall back on an unencrypted connection.
Server—Require Security
: In this mode the server will not fall back to
an unencrypted connection and will only serve clients that can
accommodate a secure connection.
In both server cases the encryption is done by the IPSec layer, and both
database client and database servers send and receive the information unen-
crypted, so there is no setup at the database level.
10.2
Encrypt data-at-rest
The other use of encryption in database environments is the encryption of
the data itself (i.e., encrypting the values that are stored within the database
Search WWH ::
Custom Search