Talking about: Win2008 Server System Data Security

Data security is a key requirement in any data service solution, and Windows Server 2008 and SQL Server 2008 combine to provide an end-to-end data protection through a powerful collection based on encryption technology.

Windows Server 2008 relies on built-in IP Security (IPSec) support to provide encrypted data transfer over a network connection.

Windows Server 2008 provides an enhanced IPSec implementation that simplifies configuration and reduces administrative overhead.

NTFS:

NTFS is a disk format designed specifically for the management security features of network and disk quotas, file encryption, etc. supported by the Microsoft Windows NT kernel family of operating systems.

Why use NTFS?

Compression: Includes the ability to compress or decompress drives, folders, or specific files.

File Encryption: It greatly enhances security.

Better scalability: Partitioning NTFS partitions is much larger than FAT partitions. When partition size increases, NTFS performance does not decrease, and in this case FAT performance is degraded.

Recover log activity for disk activity; it allows NTFS to recover information as soon as possible after a power outage or other system problem.

Installing NTFS is required to install domain controllers and ActiveDirectory.

Remote Storage: Extends disk space by making removable media (such as tape) more accessible.

Disk Quota: Can be used to monitor and control the amount of disk space used by a single user.

Windows Server 2008, NTFS for transactions, allows all operations in the NTFS file system to be controlled in a single transaction, allowing the operating system services to join a transaction through the new kernel transaction manager.

The Server2008FILESTREAM data type allows large binary data, such as documents and images, to be stored directly into an NTFS file system; documents and images are still a major part of the database and maintain transactional consistency.

FILESTREAM allows traditional large database-managed binary data to be stored as separate files outside of the database, which can be accessed using an NTFS streaming API. Use the NTFS Streaming API to enable normal file operations to be performed efficiently, while providing all the rich database services, including security and backup.

NTFS for transactions can also communicate with MSDTC (DistributedTransactionCenter). In this way, the application can be composed of database calls, as well as file system operations (such as document management systems). This transaction function is built on the SMB 2.0 (Server Message Module) protocol, so a distributed file operation can be included in a transaction.

TDE:

Transparent Data Encryption (TDE) in SQL Server 2008, you can choose to use cell-level encryption as in SQL Server 2005, or use TDE for full database-level encryption, or Windows File level encryption provided.

It is designed to provide static protection for the entire database without affecting existing applications. Encrypting a database has traditionally involved complex application changes, such as modifying table schemas, removing functions, and significant performance degradation.

TDE simply encrypts everything, all data types, keys, indexes, and so on, all of which can be used without sacrificing security or leaking information on the disk.

TDE is file-level and is similar to two Windows features: File Encryption System (EFS) and Drive Disk Encryption.

TDE does not replace cell-level encryption, EFS or BitLocker. TDE is suitable for large amounts of encryption, and it can meet regulatory compliance or public data security standards.

TDE protects data when data files or backup files are accessed and copied. When combined with hardware security module support, TDE provides an effective way to protect data stored in a database on a desktop computer. This encryption ensures that when the computer is lost or stolen, the database cannot be opened without the corresponding secure hardware module. To better protect data, Windows Server 2008 provides enhanced Microsoft BitLocker driver encryption technology that can be used to encrypt all hardware disks in a computer.

SQL Server 2008 further extends this capability by providing support for encrypted database connections, protecting data as it travels over the network, and providing new, powerful Display Data Encryption (TDE) capabilities. TDE encrypts the data in the database and backup files without having to make any changes to the client application that accesses this data.

Summary:

SQL Server 2008 and Windows Server 2008 combine to provide a compelling solution for security, compliance and high availability through a powerful authentication mechanism. A secure platform that integrates Windows authentication with SQL Server.