I'm a bit understand that TDE encryption protect the database from being stolen and read by a hacker. However, I don't understand if it can help me in this scenario: If a hacker got into my server and he got the Administrator privilege. Now he want to access the database to stolen information. He won't need to copy the entire database file which being encrypted. But he can reset the SQL SA password or read the connection string from a website .config file , and use tool like SQL Server Management Studio to access the database from that user and password, finally he use few SQL query to view the data or export it to disk. Is that possible?
SQL Server TDE Encryption – Will TDE Protect My Database from Hackers?
sql serversql-server-2008-r2transparent-data-encryption
Related Question
- Moving TDE Database to New SQL Server – Certificate Problems
- SharePoint 2013 – Database Encryption with SQL Server 2012
- SQL Server 2012 – Encrypt and Decrypt String Methods
- SQL Server – How Database Encryption Key for TDE is Linked to Certificate
- Sql-server – Is network traffic encrypted when writing remote backups using SQL Server TDE
- SQL Server TDE – Database Backups and Post Restore Behavior
Best Answer
Yes. The scenario where a server is compromised is not what is being targeted by TDE. TDE is targeting data at rest scenarios such as lost/stolen backups, hard drives that were discarded and not scrubbed, etc., but not entire server compromises.
In this case I'd advocate for you to upgrade off of 2008R2 (which only has <6 months of support left) and onto something much newer. There you have options such as column level encryption through HSMs and Always Encrypted (which can also use HSMs) which would be two main scenarios that can potentially (depending on external factors) stop the attack you've specified from being able to steal any extra information not already on the server and unencrypted.