Endpoint Protection

 View Only

  • 1.  Securing communication with SQL database

    Posted Mar 23, 2010 10:51 AM
    Does anyone know if communication between SEPM and database (assuming it's on a separate server) can be secured via SSL?
    Thanks!


  • 2.  RE: Securing communication with SQL database

    Posted Mar 23, 2010 10:55 AM
    I don't think by default. 

    SSL Support:
     http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009021209400348


  • 3.  RE: Securing communication with SQL database

    Posted Mar 23, 2010 11:00 AM
    This is for client's communication to SEPM, we already have that working. I am wondering if SEPM communication to SQL can be SSLed.


  • 4.  RE: Securing communication with SQL database

    Posted Mar 23, 2010 11:01 AM
    No, to maximize the security posture of remote Microsoft SQL Server communications, collocate both servers in a secure subnet.

    http://seer.entsupport.symantec.com/docs/330750.htm


  • 5.  RE: Securing communication with SQL database

    Posted Mar 23, 2010 11:05 AM
    seems like the communication is already encrypted

    Database administrator name and password are not encrypted during communication.
    Fix ID: 1389362
    Symptom: User is given the option to select Windows authentication to the database in the configuration wizard.
    Solution: The security data is encrypted now.


  • 6.  RE: Securing communication with SQL database

    Posted Mar 23, 2010 11:27 AM
    Thank you, Thomas! I guess this is something we're going submit as enhancement request.


  • 7.  RE: Securing communication with SQL database

    Posted Mar 23, 2010 11:30 AM
    Hi Rafeeq,
    While the login may actually be hashed, actual SQL traffic itself is not encrypted. In SEPM, I created a custom IPS signature based on Metasploit exploit, and our network IPS device that sits between SEPM and SQL cluster picked it up going over the wire in clear text; had the traffic been encrypted, this wouldn't have happened. I confirmed that with a manual pcap capture, as well.

    Dimitri


  • 8.  RE: Securing communication with SQL database

    Posted Jul 23, 2010 01:18 AM
    If anyone still wants to know how to do this, I figured out how to get force protocol encryption/SSL to work with SEPM on SQL.  I won't say step by step how to do it because I'm sure Symantec doesn't want me breaking their product ;)

    The current version of SEPM at this time is 11.6005.562, so this may change depending on what you use.  I also have SQL 2008 at version 10.0.2740.  I replaced jTDS with the latest version from sourceforge and added ssl=require to the URI in the server config file.  Just adding ssl on its own with jTDS 1.1 didn't work.  There are additional options if you want to fall back to unsecure SSL or require strong SSL certificates.

    Like I said, I'd be more descriptive, but I don't want my first post to brand me as that guy devil