Cryptography in the Database: The Last Line of Defense / Edition 1
  • Alternative view 1 of Cryptography in the Database: The Last Line of Defense / Edition 1
  • Alternative view 2 of Cryptography in the Database: The Last Line of Defense / Edition 1

Cryptography in the Database: The Last Line of Defense / Edition 1

5.0 1
by Kevin Kenan
     
 

ISBN-10: 0321320735

ISBN-13: 9780321320735

Pub. Date: 11/02/2005

Publisher: Addison-Wesley

Protect Your Enterprise Data with Rock-Solid Database Encryption

If hackers compromise your critical information, the results can be catastrophic. You're under unprecedented pressure—from your customers, your partners, your stockholders, and now, the government—to keep your data secure. But what if hackers evade your sophisticated security

See more details below

Overview

Protect Your Enterprise Data with Rock-Solid Database Encryption

If hackers compromise your critical information, the results can be catastrophic. You're under unprecedented pressure—from your customers, your partners, your stockholders, and now, the government—to keep your data secure. But what if hackers evade your sophisticated security mechanisms? When all else fails, you have one last powerful line of defense: database cryptography. In this book, a leading crypto expert at Symantec demonstrates exactly how to use encryption with your own enterprise databases and applications.

Kevin Kenan presents a start-to-finish blueprint and execution plan for designing and building—or selecting and integrating—a complete database cryptosystem. Kenan systematically shows how to eliminate weaknesses, overcome pitfalls, and defend against attacks that can compromise data even if it's been protected by strong encryption.

This book's 3,000 lines of downloadable code examples let you explore every component of a live database cryptosystem, including key vaults and managers, manifests, engines, and providers.

This book's coverage includes

  • Understanding your legal obligations to protect data

  • Constructing a realistic database security threat model and ensuring that you address critical threats

  • Designing robust database cryptographic infrastructure around today's most effective security patterns

  • Hardening your database security requirements

  • Classifying the sensitivity of your data

  • Writing database applications that interact securely with your cryptosystem

  • Avoiding the common vulnerabilities that compromise database applications

  • Managing cryptographic projects in your enterprise database environment

  • Testing, deploying, defending, and decommissioning secure database applications

Cryptography in the Database is an indispensable resource for every professional who must protect enterprise data: database architects, administrators, and developers; system and security analysts; and many others.

Product Details

ISBN-13:
9780321320735
Publisher:
Addison-Wesley
Publication date:
11/02/2005
Series:
Symantec Press Series
Pages:
312
Product dimensions:
7.00(w) x 9.20(h) x 0.80(d)

Table of Contents

Acknowledgments.

About the Author.

Preface.

I. DATABASE SECURITY.

1: The Case for Database Security.

2: Securing Databases with Cryptography.

II. A CRYPTOGRAPHIC INFRASTRUCTURE.

3. An Overview of Cryptographic Infrastructure.

4. Cryptographic Engines and Algorithms.

5. Keys: Vaults, Manifests, and Managers.

6. Cryptographic Providers and Consumers.

III. THE CRYPTOGRAPHIC PROJECT.

7. Managing the Cryptographic Project.

8. Requirements Hardening.

9. Design Hardening.

10. Secure Development.

11. Testing.

12. Deployment, Defense, and Decommissioning.

IV. EXAMPLE CODE.

13. About the Examples.

14. A Key Vault.

15. The Manifest.

16. The Key Manager.

17. The Engine.

18. Receipts and Provider.

19. The Consumer.

20. Exceptions.

21. The System at Work.

Bibliography.

Glossary.

Index.

Customer Reviews

Average Review:

Write a Review

and post it to your social network

     

Most Helpful Customer Reviews

See all customer reviews >

Cryptography in the Database: The Last Line of Defense 5 out of 5 based on 0 ratings. 1 reviews.
Guest More than 1 year ago
Much attention has been focused on network attacks by crackers, and how to stop these. So powerful software like Snort and Nessus have emerged, with books dedicated to them. But Kenan describes a relatively overlooked situation, where you might have to encrypt your database. The main reason is confidentiality. You don't want unauthorised usage. Either for copying or changing. Here, you still have to defend against network attacks, possibly by using the above tools. But now there is the chance that your users or sysadmins might have nefarious intent. So the book shows how to design a system such that various columns in a SQL table can be encrypted. Different keys could be used for different columns, though a given key might apply over several columns if you wish. The book uses a symmetric key cryptosystem. It downplays a PKI system. Those are slower. Plus their forte might be for distributed systems. Here, the scenario is more likely to be a central data centre. There are several excellent system diagrams that nicely describe the data flow, and the various software (and perhaps hardware) players that make up the system. In essence, there needs to be an entire key management system along with a cryptographic engine. The former handles requests for a key by generating one and an alias for the key. Plus it stashes away the keys, preferably in a separate computer. There is even the necessity for a key to encrypt the keys! Code examples for a simple system implementation are given in Java. Though if you are considering this book, you are likely no tyro in whatever language you use. The Java code is straightforward enough to be understandable and recoded.