120 likes | 292 Views
Database Vulnerability And Encryption. Presented By: Priti Talukder. Content. Different types of Threats. How will organization protect sensitive data? What is database encryption, and how does it work? Is database encryption alone enough to protect data from compromise?
E N D
Database Vulnerability And Encryption Presented By: Priti Talukder
Content • Different types of Threats. • How will organization protect sensitive data? • What is database encryption, and how does it work? • Is database encryption alone enough to protect data from compromise? • Does encrypting a database impact server performance?
Threats • External Threats • Hackers breach a software company’s website, stealing credit card information. • Internal Threats • A disgruntled employee accesses confidential salary information and distributes it. • Physical threats • Thieves strike a data center.
Example Of Threats • Stolen 55,000 credit card records from the database of CreditCards.com by Mexus. • mirror image of Mexus’s web site.
Database encryption • What is Database encryption? • Protect data from compromise and abuse. • How does it work? Credit Card Number 011112345677999 1234567890123456 Encrypted Credit Card Number + 04wØ×1ve Encryption Algorithm Encryption Key +
Inside DBMS Advantages and Disadvantages Least impact on application Security vulnerability-encryption key stored in database table. Performance degradation To separate keys, additional hardware is required like HSM. Outside DBMS Advantages and Disadvantages Remove computational overhead from DBMS and application servers. Separate encrypted data from encrypted key. Communication overhead. Must administer more servers. Encryption Strategy
Is database encryption enough? • Compromising with web server. • Hacking while transfer(MITM) • Solution Additional security practices such as SSL and proper configuration of firewall.
Structure Http Telnet Firewall Front Door DPI, IPS Metal Detector Sql injection Application Sphere Pick pocket Buffer overflow Cookie poisoning XSS
Statistics Attack Percent vulnerable Cross-site scripting 80% SQL injection 62% Parameter tampering 60% Cookie poisoning 37% Database server 33% Web Server 23% Buffer overflow 19%
References • http://www.imperva.com • http://databases.about.com/library/weekly/aa121500b.htm • http://www.governmentsecurity.org/articles/Databasesecurityprotectingsensitiveandcriticalinformation.php • http://techlibrary.wallstreetandtech.com/data/rlist?t=itmgmt_10_50_20_24