Database Encryption.


87 views
Uploaded on:
Category: Business / Finance
Description
For a Hacker to spy on a discussion and take information, two things may happen ... 2) Hacker must comprehend the correspondence stream with a specific end goal to concentrate touchy ...
Transcripts
Slide 1

Database Encryption

Slide 2

Encryption: review Encrypting Data-in-travel As it is transmitted between customer server Encrypting Data very still Storing information in the database as encoded Encrypting of Data is another layer of (security top to bottom). It doesn\'t substitute other DB security procedures, for example, solid watchword.

Slide 3

Encrypting Data-in-travel For a Hacker to spy on a discussion and take information, two things may happen 1) Physically take advantage of the interchanges between the db customer & the db server 2) Hacker must comprehend the correspondence stream to concentrate delicate information. With a specific end goal to do this, what does the Hacker need ?

Slide 4

Tools for bundle sniffing the Hacker needs With a base comprehension of TCP/IP + Use one of numerous system convention analyzer that are uninhibitedly accessible. Parcel (organized square of information transmitted by a Network). Sniffing: catching and investigating bundle (like pooch sniffing).

Slide 5

Minimum Understanding of TCP/IP Network Security book. Illustration: Roberta Bragg, Mark Rhodes-Ousley and Keith Strassberg, Network Security; The Complete Reference. TCP/IP is all around archived everywhere throughout the web. Documentation portrays the headers of the bundle.

Slide 6

Where to run Network Analyzer Packet ? Customer Machine that has admittance to the Database server Database Server

Slide 7

Network Protocol Analyzer: cases Tcpdump : utility accessible as a major aspect of establishment on most UNIX frameworks. Can be downloaded from http://www.tcpdump.org ( windump ). Windows partner. Accessible on a few frameworks. Can be downloaded from http://windump.polito.it Wireshark ( http://www.wireshark.org/download.html ): world\'s most celebrated NP Analyzer. Once in the past Ethereal (www.ethereal.com).

Slide 8

Implement Encryption,data-in-travel Fortunately there are likewise numerous encryption procedures for information in travel: Database-particular elements, for example, Oracle Advanced Security Connection-based metods, (for example, SSL) Secure passages, (for example, SSH) Relying on the working Systems (IPSec Encryption)

Slide 9

OAS Oracle Advanced Security (beforehand Advanced Network Option), contains system encryption apparatuses. Contingent upon the adaptation of Oracle, it is accessible for no additional expense. It is for the endeavor release. Best writing for OAS is Oracle Security Handbook by Marlene Theriault and Aaron Newman, McGraw-Hill.

Slide 10

Secure Socket Layer (SSL) cryptographic conventions that give secure interchanges on the Internet for such things as web scanning, email, Internet faxing, texting and other information exchanges. You may empower SSL from inside a DBMS. SQL-Server for instance: Programs - > Microsoft SQL Server - > Server Network Utility, check the Force convention Encryption checkbox. At that point Stop and begin SQL Server. Server additionally should be educated how it will infer encryption keys Note: ensure that your adaptation of SSL is perfect with your form of MySQL (like in ODBC or JDBC).

Slide 11

SSH Tunnels SSH utilized as a part of numerous applications. Case: Substitute for FTP with encryption. From most DBMSs, you can set up SSH passages to encode database activity by port sending (Encrypted session amongst customer and server). Case: to interface Linux customer machine of IP CCC.CCC.C.CCC to a MySQL occurrence introduced on a server with IP location of SSS.SSS.S.SS listening in on port 3306 (default MySQL port). Ssh –L 1000:localhost:3306 SSS.SSS.S.SS –l mylogin –I ~/.ssh id –N - g - L=port sending, Any association endeavored on port 1000 on the neighborhood machine ought to be sent to port 3306 on the server. Along these lines any association on port 1000 will experience encryption.

Slide 12

IPSec Another Infrastructure alternative that secures the DB with encryption instruments. IPSec is finished by the OS so you have to encode all correspondences (can\'t be particular). It works at layer 3 of the OSI system (lower level). Introducing IPSec on Windows/XP introduce IP Security Policy administrator. At that point from Control Panel - > Administrative Tools, select IPSec

Slide 13

Encrypting Data very still There are two motivations to do this Protect it from DBAs. Shield from File or Disk Theft.

Slide 14

Encrypting Data very still Encrypting at Application Layer Must do it at different areas from inside application. Information must be utilized from inside application Encrypting at File System/Operating System Layer less adaptable. Obliges you to encode everything. Execution corrupts Weak for taking care of Disk Theft issue. Scrambling inside Database Usually, most handy choice

Slide 15

Encrypting at Application Layer Application Developers utilize a cryptographic library to encode, for example, Java Cryptographic Extensions (JCE) – set of APIs in the java.security and java.crypto bundles

Slide 16

Encryption at OS layer Windows executes the Encrypted File System (EFS) and you can utilize it for MS-SQL Server. Hindrances ?

Slide 17

Encryption inside Database SQL Server 2005 you can get to Windows CryptoAPI through DB_ENCRYPT and DB_DECRYPT inside T-SQL (like PL/SQL) Can use DES, Triple DES and AES (symmetric keys) In ORACLE, you can get to DBMS_OBFUSCATION_TOOLKIT bundle that executes DES and Triple DES

Slide 18

Summary DB Encryption can be partitioned into Data-in-travel and Data very still Encryption is valuable as a last layer of safeguard (protection top to bottom). Should never be utilized as an option arrangement Encryption ought to be utilized just when required Key Management is Key

Slide 19

End of Lecture End Of Today\'s Lecture.

Recommended
View more...