Securing data against theft of the server or hackers

[Nick Gilbert]

Hi,

As part of a website (ASP.NET) we're creating, we need the ability to
store documents with pretty much 'mission critical' security. ie, if the
server is completely compromised (eg a trojan/virus is installed or
someone physically steals the server) they will still not be able to
gain access to the content of the files. I can securely transfer the
files to and from the server, but I am unsure of how best to store them
securely.

What options do I have? I have thought of using public key encryption
like PGP, but the users would then have to be trusted with a private key
which they could leak or lose, and all users would have to have the same
private key so that they could see each others files. So I'm not sure
that idea could be made to work.

I'm wondering if there are any methods that would fit my needs (even if
it involves buying 3rd party hardware or software to achieve it).

If it matters, it will probably be a Win 2003 web server with a separate
box running SQL Server 2000 which could also be used for file storage.

Any advice would be appreciated!

Thanks,

Nick Gilbert

 

[Steve C. Orr [MVP, MCSD]]

If I was in your situation I'd seriously consider storing the files in SQL
Server. It's got built-in, high-quality security and can store files as
easily as any other kind of data.

 

[Nick Gilbert]

Thanks for your reply, but I don't think you've understood my problem.

SQL Server is only secure if you're limited to accessing it via queries.
But if someone has access to the box, they have access to the database
and all the files within it. They could just steal the database files
and restore them to their own server. SQL Server has no encryption on
its database files, so if you have the database, you also have access to
all the information in the files. I need a much more secure solution
than that... What you're suggesting isn't really any more secure than
storing something in a non-passworded ZIP/TAR file (or any other file
format which stores multiple files). If you have the database, you don't
even need to know any passwords to get the files back out again...

Also SQL Server isn't very good for storing lots of large files (eg
gigabytes of them) - I think the files themselves are best kept
seperately from the data.

I was more thinking of some kind of encryption system...

Nick....

 

[Scott Allen]

I've never tried this in an ASP.NET setting, but with server 2003
there is the Encrypting File System:

Encrypting File System in Windows XP and Windows Server 2003
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx

Also, you might want to check out the DPAPI. There are .NET wrappers
for this API.

Windows Data Protection
http://msdn.microsoft.com/security/...-us/dnsecure/html/windataprotection-dpapi.asp


Of course, there is also the "C - 4" chip .... I just dont trust any
company with "cyber" in the name:
http://www.computeruser.com/news/00/07/12/news15.html?&_ref=233393570

HTH,

 

[Paul Drust]

Nick,

I was just looking into a similar issue yesterday.

Check out "NetLib Encryptionizer". I've never used it, but it allows
columns or an entire database to be encrypted.

The feature you might like is that you can set up the security so the
DB server is "linked" (my word) to another computer on the network so
that, even if the DB server is physically stolen the encrypted
database cannot be read because it is no longer connected to the
"linked" system.

Might be what you want.


-- Paul

 

[Steve C. Orr [MVP, MCSD]]

I'd be quite nervous about having a database that is so wide open to the
public as yours seems to be.

In that case, it sounds like you'll be needing some encryption whether you
store your files in SQL Server or elsewhere.
Here's some articles on encrypting files:
http://www.fawcette.com/vsm/2002_08/online/hottips/fergus/default.asp
http://www.devx.com/security/article/7019

 

[Nick Gilbert]

I'd be quite nervous about having a database that is so wide open to the

public as yours seems to be.

It won't be wide open - there are tight logon restrictions and the site
is SSL only. Additionally the SQL Server resides on a seperate box
behind a second firewall. However the database only contains meta-data
about the files.. it's the files I'm concerned about.

Nick...

 

[Steven Cheng[MSFT]]

Hi Nick,

I also think Steve Orr's suggestion on use encryption component is
reasonable and that'll make your resources mantained in not only database
but also anyother persistence. And it seems there isn't any other means on
protecting your resources if the machine is controled by the hacker.


Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx