CHAPTER 11 SECURING REPORTS
level of protection, including financial, HR, and many more. We’ll start with the first of the three main
challenges we defined as crucial to a successful, secure deployment of SSRS; namely, data encryption.Introducing Encryption
In today’s mixed-technology networked environment, data encryption comes in many varieties.
However, regardless of the technology, the encryption algorithms must meet a high standard for
complexity and reliability. Fortunately, many applications provide built-in levels of encryption. SSRS
natively supports encrypting the sensitive data it stores in the ReportServer database and configuration
files. Companies may have the following other technologies in place that can be used in conjunction
with SSRS encryption:- Wireless: Uses Wireless Encryption Protocol (WEP), with shared keys to encrypt
data transmitted through wireless access points. - HTTPS: Uses a server certificate, generally from a trusted authority such as
VeriSign, to provide encryption over Secure Sockets Layer (SSL). SSL is used when
transmitting data with HTTPS instead of HTTP. - Terminal Services: Uses Remote Desktop Protocol (RDP) for connecting remotely
from a client workstation to a terminal server. This provides four levels of data
encryption in Windows: Low, Client Compatible, High, and FIPS Compliant. - VPNs: Allows accessibility to internal networks from VPN client systems.
Encapsulates and encrypts Point-to-Point Tunneling Protocol (PPTP) and Layer 2
Tunneling Protocol (L2TP). - IPSec: Is the standard security protocol for Transmission Control
Protocol/Internet Protocol (TCP/IP) traffic. This adds several layers of security,
including data encryption.
Securing Network Traffic Using SSL
In the following sections, we will show how to set up the SSRS server to use SSL. By having an SSL server
certificate installed on the server, all data transferred between the client application (which can be a
browser or custom application) and the report server will be encrypted. This is essential when
transmitting confidential data such as PI information over the Internet. Having a certificate from a
trusted authority such as VeriSign or Thawte also ensures that the registered domain name used to
access the Web server has been validated and can be trusted to be from the legitimate company that it
claims to be from.
Before we show how to install the certificate on the SSRS server, we will cover what data are being
transmitted at the packet level to your SSRS server through HTTP requests. In this way, when you do
actually install the certificate, you will be able to compare the data packets before and after installation
to verify that the certificate is working as it should. To begin, we will show how to use a tool that is
available for Windows: Network Monitor.Analyzing HTTP Traffic
Network Monitor is a packet analysis utility that allows you to capture all of the data packets transferred
to and from the target server and client. The version of Network Monitor that comes with Windows is
unlike other network capture tools, such as the version of the same tool included in Systems