locked
Encrypting data transmitted between SQL 2K and Access 2003 on a LAN RRS feed

  • Question

  • Hi all.  I'm working to bring my office in compliance with HIPAA data security requirements and am in a quandary on which direction to go re: securing data in transit.

    HIPAA requires that data transmitted between client PCs and the SQL Server be encrypted.  We're on a Windows 2003 AD with client computers are running WinXP Pro.  Our SQL 2K SP4 is on a Win2k3 box, and each workstation/user uses Access 2003 databases on the front end.

    My question:  is there any way to configure SQL2K and the client computers natively to transmit encrypted data between them?  If not, what are is the best solution in your opinion to this issue?

    I'm currently researching a possible VPN switch to isolate our SQL Server to only allow connections through that VPN, but it seems like overkill.  Perhaps it's the bet solution, but if there's a better one I'm ALL ears. :)

    Monday, July 27, 2009 7:52 PM

All replies

  • Yes, you can encrypt the data across the network. For SQL Server 2000: http://support.microsoft. com/kb/276553. A nicer write up in SQL Server 2008 BOL: http:// technet.microsoft.com/en-us/library/ms189067.aspx
     
    Hope this helps,
    Bob Beauchemin
    SQLskills
    "Clinton Finch" wrote in message news:084ed70c-9e36-4a3 b-9f0d-20b0c20aa422...
    Hi all.  I'm working to bring my office in compliance with HIPAA data security requirements and am in a quandary on which direction to go re: securing data in transit.

    HIPAA requires that data transmitted between client PCs and the SQL Server be encrypted.  We're on a Windows 2003 AD with client computers are running WinXP Pro.  Our SQL 2K SP4 is on a Win2k3 box, and each workstation/user uses Access 2003 databases on the front end.

    My question:  is there any way to configure SQL2K and the client computers natively to transmit encrypted data between them?  If not, what are is the best solution in your opinion to this issue?

    I'm currently researching a possible VPN switch to isolate our SQL Server to only allow connections through that VPN, but it seems like overkill.  Perhaps it's the bet solution, but if there's a better one I'm ALL ears. :)

    Monday, July 27, 2009 8:31 PM
  • Thank you Bob!  I'll give this a look over tonight!

    If anyone else has suggestions as well, I'd love to hear them.
    Monday, July 27, 2009 9:28 PM
  • BTW, for compliance and SQL Server information, check out the SQL Server 2008 compliance website and whitepaper at ht tp://www.microsoft.com/sqlserver/2008/en/us/compliance.aspx. You might consider upgrading to SQL Server 2008, they added some nice features that help with compliance.
     
    Cheers,
    Bob
    Monday, July 27, 2009 9:57 PM