SQL Backup v5 -- PCI Compliance

colbycolby Posts: 30
edited July 16, 2008 8:52AM in SQL Backup Previous Versions
Need to know if the Red Gate Backup version 5.x is PCI compliant with version 1.1 of the Payment Card Industry (PCI) Data Security Standard document.

We use your backup tool to compress and encrypt all our backups. Are there any best practices you can share?

Thanks

Colby

Comments

  • Eddie DEddie D Posts: 1,666 Rose Gold 5
    Thank you for your post into the forum.

    Can you please reply with further information and a link to the PCI Data Security Standard document. We have not seen or read the document you are referring to.

    What best practises documentation are you looking for? Are you looking for backup and recovery advice?

    Many Thanks
    Eddie

    Eddie Davis
    Product Support Engineer
    Red Gate Software Ltd
    e-mail: [email protected]
    Eddie Davis
    Product Support Engineer
    Redgate Software Ltd
    Email: [email protected]
  • For your review, the attached is a PDF of version 1.1 of the PCI document. Start with section 3.4 and see if anything applies.


    https://www.pcisecuritystandards.org/pd ... s_v1-1.pdf


    Thanks

    Colby
  • Eddie DEddie D Posts: 1,666 Rose Gold 5
    Thank you for your reply.

    I have read through the PCI Data Security Standard pdf. I have the following advice you need to aware off with regards to the use of SQL Backup:

    - Protect the storage location of the encrypted backup file from unauthorised access.

    - Protect the password used to encrypt the backup file.

    - Protection of any SQL Backup scripts created. In particular restore scripts, as the password is in plain text. This forum post contains further advice: http://www.red-gate.com/messageboard/vi ... php?t=6374

    - User permissions to Enterprise Manager for SQL 2000 and SQL Server Management Studio for SQL Server 2005. If you have scheduled restore jobs, for example Log Shipping restore, an unauthorised user may gain access to the restore job and script.

    - Secure the script contained within the msdb database.

    - Limit user rights to run SQL Profiler.

    - Limit user rights to run the SQL Backup GUI. When using the backup and restore wizards in the SQL Backup GUI. The logged in user, their permissions are checked with SQL Server, to see if they have rights to perform a backup or restore task.

    I hope the above helps.

    Many Thanks
    Eddie
    Eddie Davis
    Product Support Engineer
    Redgate Software Ltd
    Email: [email protected]
Sign In or Register to comment.