Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd."— Presentation transcript:

1 Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

2 Database Vulnerabilities Growth of eBusiness results in more and more sensitive data stored in corporate databases. Credit card number Account number Password User profile

3 Data is exposed to Internal Intruders Complete set of data Sensitive data are stored in clear text Logically related data are physically stored together Easy to correlate sensitive data with public data without knowledge of data storage format

4 Database security cannot protect sensitive data against: Attacks that bypass the database engine Unauthorized access to data files Abusive use of shared password Dictionary attack on user password DBA access Problems of Basic Database Security

5 Ways to Secure Data Storage Application level Encryption, use of security APIs to encrypt data before saving to database Database Encryption – software that tightly integrate with database to provide encryption, transparent to application

6 Overview of Data Storage Protection with Database Encryption Transform existing schema to two layers: Logical view Physical table View -- encrypt data  Table View  decrypt data -- Table Data encrypted at rest in data files Intruders only see unintelligible text

7 Applications View Database Table Public DataPrivate Data Public DataPrivate Data Authenticate SQL Queries Authentication Authorization Server Encrypt Decrypt

8 Advantages of Using Database Encryption Software Application Transparent Preserves logical schema Existing SQL queries continue to run No re-coding required for legacy applications Access control can be based on existing database security No need to set up and maintain a separate security policy Existing users continue to have the same data access rights

9 Considerations – Index Searching Support for Index Searching Building index on encrypted data Unable to do wildcard search, comparison since ciphered text cannot preserve order It is important to select software that can solve the searching problem

10 Considerations - Key Management Fine Grain Security Control Key Diversification Different encryption key for different users, tables, columns Data copied through illegal means to another schema cannot be decrypted Reduce risk exposure if encryption key is compromised

11 Considerations - Key Management Flexible Key Management Key Rollover Multiple Key versions can co-exist Decryption uses the key version with which the data was encrypted Encryption always uses the latest version Data can be re-encrypted over time

12 Considerations - Encryption Methods Software Based Encryption Hardware Based Encryption Use tamper resistant hardware Hardware Security Module (HSM) Secure Token Smart card USB token Store digital certificate Hardware Accelerator to speed up cryptographic operations RSA private key not exposed outside hardware Encryption keys protected even Database stolen

13 Question & Answer

14 Thank you for your time.

Download ppt "Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd."

Similar presentations

1 Identification Who are you? How do I know you are who you say you are?

1 Identification Who are you? How do I know you are who you say you are?
Beyond Compliance: Advanced SmartGrid Authentication Paul Miller Uniloc.

Beyond Compliance: Advanced SmartGrid Authentication Paul Miller Uniloc.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Database Administration and Security Transparencies 1.

Database Administration and Security Transparencies 1.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
2003 1 Increased Security, while protecting Privacy ? True or False ? Christer Bergman, President and CEO, Precise Biometrics.

Increased Security, while protecting Privacy ? True or False ? Christer Bergman, President and CEO, Precise Biometrics.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
About PKI Key Stores Dartmouth College PKI Lab. Key Store Defined Protected “vault” to hold user’s private key with their copy of their x.509 certificate.

About PKI Key Stores Dartmouth College PKI Lab. Key Store Defined Protected “vault” to hold user’s private key with their copy of their x.509 certificate.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Chapter 5 Database Application Security Models

Chapter 5 Database Application Security Models

Similar presentations

Ads by Google