1 / 12

Database Vulnerability And Encryption

Database Vulnerability And Encryption. Presented By: Priti Talukder. Content. Different types of Threats. How will organization protect sensitive data? What is database encryption, and how does it work? Is database encryption alone enough to protect data from compromise?

stormy
Download Presentation

Database Vulnerability And Encryption

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Database Vulnerability And Encryption Presented By: Priti Talukder

  2. Content • Different types of Threats. • How will organization protect sensitive data? • What is database encryption, and how does it work? • Is database encryption alone enough to protect data from compromise? • Does encrypting a database impact server performance?

  3. Threats • External Threats • Hackers breach a software company’s website, stealing credit card information. • Internal Threats • A disgruntled employee accesses confidential salary information and distributes it. • Physical threats • Thieves strike a data center.

  4. Example Of Threats • Stolen 55,000 credit card records from the database of CreditCards.com by Mexus. • mirror image of Mexus’s web site.

  5. Database encryption • What is Database encryption? • Protect data from compromise and abuse. • How does it work? Credit Card Number 011112345677999 1234567890123456 Encrypted Credit Card Number + 04wØ×1ve Encryption Algorithm Encryption Key +

  6. Inside DBMS Advantages and Disadvantages Least impact on application Security vulnerability-encryption key stored in database table. Performance degradation To separate keys, additional hardware is required like HSM. Outside DBMS Advantages and Disadvantages Remove computational overhead from DBMS and application servers. Separate encrypted data from encrypted key. Communication overhead. Must administer more servers. Encryption Strategy

  7. Is database encryption enough? • Compromising with web server. • Hacking while transfer(MITM) • Solution Additional security practices such as SSL and proper configuration of firewall.

  8. Application Spher

  9. Structure Http Telnet Firewall Front Door DPI, IPS Metal Detector Sql injection Application Sphere Pick pocket Buffer overflow Cookie poisoning XSS

  10. Statistics Attack Percent vulnerable Cross-site scripting 80% SQL injection 62% Parameter tampering 60% Cookie poisoning 37% Database server 33% Web Server 23% Buffer overflow 19%

  11. Application security-essential element

  12. References • http://www.imperva.com • http://databases.about.com/library/weekly/aa121500b.htm • http://www.governmentsecurity.org/articles/Databasesecurityprotectingsensitiveandcriticalinformation.php • http://techlibrary.wallstreetandtech.com/data/rlist?t=itmgmt_10_50_20_24

More Related