.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Post New Web Links

Secure key management process using HSM

Posted By:      Posted Date: October 25, 2010    Points: 0   Category :Sql Server
 

Our application currently uses a SQL Symmetric key, protected by a SQL certificate. There is also a master key setup on the database.

 

We have a new requirement to enhance the secure key management process using HSM. We tried a symmetric key protected by HSM and also tried a Symmetric key protected by Asymmetric key that is protected by HSM. However, in comparison with the simple SQL symmetric key without HSM, the HSM based setup is taking at least twice the time on average to perform encryption/decryption.

 

Is there a better way to take advantage of HSM based key management on SQL server, without having to create a symmetric key or asymmetric key that uses HSM for every encryption/decryption call? Is there a way we can just protect the database master key generation process using HSM and then use the simple SQL symmetric key without HSM? We are just looking to provide additional security for managing the key using HSM.


View Complete Post


More Related Resource Links

Best Practices: Fast, Scalable, and Secure Session State Management for Your Web Applications

  

ASP.NET provides a number of ways to maintain user state, the most powerful of which is session state. This article takes an in-depth look at designing and deploying high-performance, scalable, secure session solutions, and presents best practices for both existing and new ASP.NET session state features straight from the ASP.NET feature team.

Mike Volodarsky

MSDN Magazine September 2005


System.Management WMI Remote Process start

  

 

Couple questions here, some of which depends on the answer of other questions.....fun stuff   

 

1) So I have a program that starts a remote process on a PC. When trying to run this program, it's a VBscript it's attempting to run, I get a response code of "8" which is an unknown error. Can you run VBscripts using the System.Management class and WMI?

 

2) This Vbscript is launching iexploer.exe and browsing to a designated webpage. Instead of using the VBscript can I start iexploer.exe [I know I can do this] but pass it arguments so it starts at a certain webpage?

 

3) Even if I can do option 2, which is preferable, I'm having a problem with even launching iexploer.exe. On the remote PC it starts the process, but it never is shown. It appears as if it's running in the background but have no visuals of the application whatsoever. This occurs no matter what I run: notepad.exe, calc.exe, cmd.exe....you name it. Again, I see the process start [task manager] but no visual representation of that program.

ASP.NET Architecture - ASP.NET Worker Process - HTTP Pipleline - Http Modules and Handlers

  
"ASP.NET is a powerful platform for building Web applications, that provides a tremendous amount of flexibility and power for building just about any kind of Web application. Most people are familiar only with the high level frameworks like WebForms and WebServices which sit at the very top level of the ASP.NET hierarchy. In this article I'll describe the lower level aspects of ASP.NET and explain how requests move from Web Server to the ASP.NET runtime and then through the ASP.NET Http Pipeline to process requests.

For Multi-Language website which process is better in asp.net

  

 I want to build multi-language website in asp.net 2008 and asp.net 2010. So, which process is better for building application? Using either Local and Global Resource or New Folder to make separate according to language?

 

Application performance should be good and also easy manageable.

 

Please suggest me in which way I will build the application either using resource or folder. If there is any other better solution then please share.


CLR Inside Out: In-Process Side-by-Side

  

The new .NET Framework 4.0 maintains backward compatibility while allowing core innovations by using a new feature called In-Process Side-by-Side. Learn about how it works and some problems it didn't solve.

Luiz Fernando Santos, Jesse Kaplan

MSDN Magazine December 2009


Team System: Streamline Team Projects With Process Templates

  

See how you can streamline your team projects using Process Templates in Visual Studio Team System (VSTS)

Brian A. Randell

MSDN Magazine December 2008


CLR Inside Out: Thread Management In The CLR

  

Getting the performance you want in concurrent applications is not as straightforward as you might think. See how common threading issues can affect your application.

Erika Fuentes and Eric Eilebrecht

MSDN Magazine December 2008


Security Briefs: Threat Models Improve Your Security Process

  

Using threat models to drive your security engineering process helps prioritize the code review, fuzz testing, and attack surface analysis tasks.

Michael Howard

MSDN Magazine November 2008


Cutting Edge: Building A Secure AJAX Service Layer

  

This month Dino builds a service layer that authenticates users of Silverlight 2 and ASP.NET AJAX services to prevent illegal access to sensitive back-end services.

Dino Esposito

MSDN Magazine September 2008


Security Briefs: Reinvigorate your Threat Modeling Process

  

In this column the author outlines some approaches to threat modeling that can be employed by development teams of any size.

Adam Shostack

MSDN Magazine July 2008


CI Server: Redefine Your Build Process with Continuous Integration

  

Jay Flowers demonstrates how to set up and use a Continuous Integration server using both discrete tools and the more comprehensive CI Factory solution.

Jay Flowers

MSDN Magazine March 2008


Trustworthy Computing: Lessons Learned from Five Years of Building More Secure Software

  

Five years ago, Bill Gates issued a directive to enhance security across the board. Since then, many valuable lessons have been learned about building more secure software.

Michael Howard

MSDN Magazine November 2007


{ End Bracket }: Dependency Management

  

Dependency management, in which one group provides a software component to be utilized by others, can really benefit from some structure and collaborative efforts.

Eric N. Bush

MSDN Magazine August 2007


Data Points: SQL Server Management Objects

  

SQL Server Management Objects offer developers a robust toolset for backing up and restoring databases, and issuing DDL commands, as John Papa explains.

John Papa

MSDN Magazine June 2007


Identity: Secure Your ASP.NET Apps And WCF Services With Windows CardSpace

  

Windows CardSpace replaces traditional authentication with a more consistent and streamlined login process and improves trust between end-users, applications and services. Michèle Leroux Bustamante explains.

Michele Leroux Bustamante

MSDN Magazine April 2007


Secure Habits: 8 Simple Rules For Developing More Secure Code

  

Never trust data, model threats against your code, and other good advice from a security expert.

Michael Howard

MSDN Magazine November 2006


Categories: 
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend