Database Encryption Encryption: overview Encrypting Data-in-transit As it is transmitted between client-server Encrypting Data-at-rest Storing data in the database as encrypted
As it is transmitted between client-server
Storing data in the database as encrypted
Encrypting of Data is another layer of security (security in depth). It does not substitute other DB security techniques such as strong password.
For a Hacker to eavesdrop on a conversation and steal data, two things may occur
1) Physically tap into the communications between
the db client & the db server
2) Hacker must understand the communication stream in order to extract sensitive data.
In order to do this, what does the Hacker need ?
the Hacker needs to have
(like dog sniffing).
Roberta Bragg, Mark Rhodes-Ousley and Keith Strassberg, Network Security; The Complete Reference.
world’s most famous NP Analyzer. Formerly Ethereal (www.ethereal.com).
Fortunately there are also many encryption techniques for data in transit:
Installing IPSec on Windows/XP
Must do it at multiple locations from within app.
Data can only be used from within application
less flexible. Requires you to encrypt everything.
Weak for handling Disk Theft problem.
CryptoAPI through DB_ENCRYPT and DB_DECRYPT within T-SQL (similar to PL/SQL)
Can use DES, Triple DES and AES