Apply an MS SQL Key to the ExtraHop System

The following procedures explain how to apply an MS SQL key to an ExtraHop Discover or Command appliance. After completing this procedure, you will be able to view all users associated with your databases and you will be able to monitor their activity through the ExtraHop Web UI.

To complete this procedure, Windows Server 2008 R2 or later and Microsoft SQL Server 2008 R2 or later are required.

You should have experience administering the Internet Information Services (IIS) Manager and MS SQL server to complete these procedures.

Export the certificate to PFX format

Before you begin

To complete the procedures in the following sections, you must first generate a server certificate. For more information, see Configuring Server Certificates in IIS 7 on the Microsoft website.
  1. Open the Internet Information Services (IIS) Manager.
  2. From the left panel, select the host that contains the server certificate.
  3. Click the Server Certificates icon.
  4. Select the certificate for the SQL server that the ExtraHop system will perform decryption on.
  5. From the right panel, click Export and browse to a location on your computer to store the PFX file.
  6. Set a password and save the PFX file.
    Note:You will need this password for a later procedure in this guide.

Load the PFX file to the SQL server

  1. Open the SQL Server Configuration Manager.
  2. From the left panel, expand SQL Server Network Configuration.
  3. Click Protocols for MSSQLSERVER.
  4. On the Flags tab, ensure that the Force Encryption field is set to No.
  5. Click the Certificate tab.
  6. From the Certificate drop-down list, select the server certificate.
  7. Click OK.
  8. Restart the MSSQLSERVER service.

Apply a key to the ExtraHop system

  1. From the ExtraHop Admin UI, in the System Settings section, click License.
  2. In the Features section, verify that SSL decryption is enabled.
    If SSL decryption is disabled, contact ExtraHop Support (support@extrahop.com) for a license.
  3. Return to the main Admin UI page.
  4. In the System Configuration section, click Capture.
  5. Click SSL Decryption.
  6. Click Add Keys.
  7. Required: In the Add PKCS#12/PFX File with Password section, type a description in the Description field.
  8. Click Choose File and navigate to the PFX file.
  9. Type the password for the PFX file that you set earlier.
  10. From the Admin UI, type the password again in the Password field.
  11. Click Add.
  12. Verify the information and click OK.
  13. Optional: If this key is only for MS SQL decryption, you can delete the entry for HTTP in the Encrypted Protocols section on the SSL Decryption Keys page.
    Removing the HTTP entry will remove unnecessary CPU overhead to the ExtraHop system.
  14. Open the SQL Server Configuration Manager.
  15. In the left panel, expand SQL Server Network Configuration, and select Protocols for MSSQLSERVER.
  16. Select TCP/IP.
  17. In the TCP/IP Properties window, note the TCP port, and then click OK. The default TCP port is 1433.
    Note:If you want to configure a different TCP port number, specify that number in this step. You must also complete the following procedure: (Optional) Configure a non-standard TCP port.
  18. From the ExtraHop Admin UI, in the Encrypted Protocols section of the SSL Decryption Keys page, click Add Protocol.
  19. On the Add Encrypted Protocol page, from the Protocol drop-down list, select MS SQL Protocol (tds).
  20. From the Key drop-down list, select the key that you created.
  21. In the Port field, type the TCP port number you noted in step 17.
  22. Click Add.

(Optional) Configure a non-standard TCP port

Complete the steps in this procedure if you modified the default TCP port in the previous procedure.
  1. From the ExtraHop Admin UI, in the System Configuration section, click Capture.
  2. Click Protocol Classification.
  3. Click Add Protocol.
  4. From the Name drop-down list, select MS SQL Server (tds).
  5. From the Protocol drop-down list, select TCP.
  6. In the Destination field, type the port number you configured earlier.
  7. Click Add.

View the SQL database on the ExtraHop system

  1. From the ExtraHop Web UI, click Metrics.
  2. In the left panel, under Sources, click Devices.
  3. On the All Devices page, select the MS SQL server that you added SSL decryption for.
  4. In the left panel, select Database.
  5. Hover your cursor over any top-level metric value (such as Responses), and select By Database from the drop-down list.
You can now view metrics for the SQL database that were previously obscured by SSL encryption.
Published 2017-09-22 19:13