Presentation is loading. Please wait.

Presentation is loading. Please wait.

Database Vulnerability And Encryption Presented By: Priti Talukder.

Published bySybil Lucas Modified over 8 years ago

Similar presentations

Presentation on theme: "Database Vulnerability And Encryption Presented By: Priti Talukder."— Presentation transcript:

1 Database Vulnerability And Encryption Presented By: Priti Talukder

2 Content  Different types of Threats.  How will organization protect sensitive data?  What is database encryption, and how does it work?  Is database encryption alone enough to protect data from compromise?  Does encrypting a database impact server performance?

3 Threats  External Threats Hackers breach a software company’s website, stealing credit card information.  Internal Threats A disgruntled employee accesses confidential salary information and distributes it.  Physical threats Thieves strike a data center.

4 Example Of Threats  Stolen 55,000 credit card records from the database of CreditCards.com by Mexus. mirror image of Mexus’s web site.mirror image of

5 Database encryption  What is Database encryption? Protect data from compromise and abuse.  How does it work? Credit Card Number 011112345677999 1234567890123456 + Encrypted Credit Card Number Encryption Key + Encryption Algorithm 04wØ×1ve

6 Encryption Strategy  Inside DBMS  Advantages and Disadvantages Least impact on application Security vulnerability- encryption key stored in database table. Performance degradation To separate keys, additional hardware is required like HSM.  Outside DBMS  Advantages and Disadvantages –Remove computational overhead from DBMS and application servers. –Separate encrypted data from encrypted key. –Communication overhead. –Must administer more servers.

7 Is database encryption enough?  Compromising with web server.  Hacking while transfer(MITM)  Solution Additional security practices such as SSL and proper configuration of firewall.

8 Application Spher

9 Structure Firewall Telnet Http DPI, IPS Application Sphere Sql injection Buffer overflow Cookie poisoning Front Door Metal Detector Pick pocket XSS

10 Statistics AttackPercent vulnerable Cross-site scripting 80% SQL injection62% Parameter tampering60% Cookie poisoning37% Database server33% Web Server23% Buffer overflow19%

11 Application security-essential element InformationDatabase Business LogicApplication server ApplicationWeb custom HostOS, Network, System, Memory NetworkTCP, UDP, Port over IP

12 References  http://www.imperva.com http://www.imperva.com  http://databases.about.com/library/weekly/aa1215 00b.htm http://databases.about.com/library/weekly/aa1215 00b.htm  http://www.governmentsecurity.org/articles/Datab asesecurityprotectingsensitiveandcriticalinformati on.php http://www.governmentsecurity.org/articles/Datab asesecurityprotectingsensitiveandcriticalinformati on.php  http://techlibrary.wallstreetandtech.com/data/rlist? t=itmgmt_10_50_20_24 http://techlibrary.wallstreetandtech.com/data/rlist? t=itmgmt_10_50_20_24

Download ppt "Database Vulnerability And Encryption Presented By: Priti Talukder."

Similar presentations

Penetration Testing Biometric System

Penetration Testing Biometric System
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Split Databases. What is a split database? Two databases Back-end database –Contains tables (data) only –Resides on server Front-end database –Contains.

Split Databases. What is a split database? Two databases Back-end database –Contains tables (data) only –Resides on server Front-end database –Contains.
Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
Hands on Demonstration for Testing Security in Web Applications

Hands on Demonstration for Testing Security in Web Applications
Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)

Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)
1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.

1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Internet, Intranet and Extranets

Internet, Intranet and Extranets
-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.

-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
Barracuda Web Application Firewall

Barracuda Web Application Firewall
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Database Software File Management Systems Database Management Systems.

Database Software File Management Systems Database Management Systems.
Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA © Abdou Illia.
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.
Application Security Chapter 8 Copyright Pearson Prentice Hall 2013.

Application Security Chapter 8 Copyright Pearson Prentice Hall 2013.
Dec 13 th CS555 presentation1 Yiwen Wang --“Securing the DB may be the single biggest action an organization can take to protect its assets” David C. Knox.

Dec 13 th CS555 presentation1 Yiwen Wang --“Securing the DB may be the single biggest action an organization can take to protect its assets” David C. Knox.
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Similar presentations

Ads by Google