Database Vulnerability And Encryption - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

Database Vulnerability And Encryption

Description:

Database Vulnerability And Encryption Presented By: Priti Talukder Content Different types of Threats. How will organization protect sensitive data? – PowerPoint PPT presentation

Number of Views:130
Avg rating:3.0/5.0
Slides: 13
Provided by: sceUhclE
Category:

less

Transcript and Presenter's Notes

Title: Database Vulnerability And Encryption


1
Database Vulnerability And Encryption
  • Presented By
  • Priti Talukder

2
Content
  • Different types of Threats.
  • How will organization protect sensitive data?
  • What is database encryption, and how does it
    work?
  • Is database encryption alone enough to protect
    data from compromise?
  • Does encrypting a database impact server
    performance?

3
Threats
  • External Threats
  • Hackers breach a software companys website,
    stealing credit card information.
  • Internal Threats
  • A disgruntled employee accesses confidential
    salary information and distributes it.
  • Physical threats
  • Thieves strike a data center.

4
Example Of Threats
  • Stolen 55,000 credit card records from the
    database of CreditCards.com by Mexus.
  • mirror image of Mexuss web site.

5
Database encryption
  • What is Database encryption?
  • Protect data from compromise and abuse.
  • How does it work?

Credit Card Number 011112345677999
1234567890123456
Encrypted Credit Card Number

04wØ1ve
Encryption Key
Encryption Algorithm

6
Encryption Strategy
  • Inside DBMS
  • Advantages and Disadvantages
  • Least impact on application
  • Security vulnerability-encryption key stored in
    database table.
  • Performance degradation
  • To separate keys, additional hardware is required
    like HSM.
  • Outside DBMS
  • Advantages and Disadvantages
  • Remove computational overhead from DBMS and
    application servers.
  • Separate encrypted data from encrypted key.
  • Communication overhead.
  • Must administer more servers.

7
Is database encryption enough?
  • Compromising with web server.
  • Hacking while transfer(MITM)
  • Solution
  • Additional security practices such as SSL and
    proper configuration of firewall.

8
Application Spher
9
Structure
Http
Telnet
Firewall
Front Door
DPI, IPS
Metal Detector
Sql injection
Application Sphere
Pick pocket
Buffer overflow
Cookie poisoning
XSS
10
Statistics
  • Attack Percent vulnerable
  • Cross-site scripting 80
  • SQL injection 62
  • Parameter tampering 60
  • Cookie poisoning 37
  • Database server 33
  • Web Server 23
  • Buffer overflow 19

11
Application security-essential element
12
References
  • http//www.imperva.com
  • http//databases.about.com/library/weekly/aa121500
    b.htm
  • http//www.governmentsecurity.org/articles/Databas
    esecurityprotectingsensitiveandcriticalinformation
    .php
  • http//techlibrary.wallstreetandtech.com/data/rlis
    t?titmgmt_10_50_20_24
Write a Comment
User Comments (0)
About PowerShow.com