• Home

  • Documents

  • Database Vulnerability And Encryption Presented By: Priti Talukder
12
Database Vulnerability And Encryption Presented By: Priti Talukder

Database Vulnerability And Encryption Presented By: Priti Talukder

Embed Size (px)

Citation preview

Page 1: Database Vulnerability And Encryption Presented By: Priti Talukder

Database Vulnerability And Encryption

Presented By:

Priti Talukder

Page 2: Database Vulnerability And Encryption Presented By: Priti Talukder

Content

Different types of Threats. How will organization protect sensitive data? What is database encryption, and how does it

work? Is database encryption alone enough to protect

data from compromise? Does encrypting a database impact server

performance?

Page 3: Database Vulnerability And Encryption Presented By: Priti Talukder

Threats External Threats

Hackers breach a software company’s website, stealing credit card information.

Internal ThreatsA disgruntled employee accesses confidential

salary information and distributes it.

Physical threatsThieves strike a data center.

Page 4: Database Vulnerability And Encryption Presented By: Priti Talukder

Example Of Threats

Stolen 55,000 credit card records from the database of CreditCards.com by Mexus. mirror image of Mexus’s web site.

Page 5: Database Vulnerability And Encryption Presented By: Priti Talukder

Database encryption

What is Database encryption? Protect data from compromise and abuse.

How does it work?

Credit Card Number

0111123456779991234567890123456 +

Encrypted Credit Card Number

Encryption Key + Encryption Algorithm

04wØ×1ve

Page 6: Database Vulnerability And Encryption Presented By: Priti Talukder

Encryption Strategy

Inside DBMS Advantages and

Disadvantages Least impact on application Security vulnerability-

encryption key stored in database table.

Performance degradation To separate keys, additional

hardware is required like HSM.

Outside DBMS Advantages and

Disadvantages– Remove computational

overhead from DBMS and application servers.

– Separate encrypted data from encrypted key.

– Communication overhead.

– Must administer more servers.

Page 7: Database Vulnerability And Encryption Presented By: Priti Talukder

Is database encryption enough?

Compromising with web server. Hacking while transfer(MITM)

Solution

Additional security practices such as SSL and proper configuration of firewall.

Page 8: Database Vulnerability And Encryption Presented By: Priti Talukder

Application Spher

Page 9: Database Vulnerability And Encryption Presented By: Priti Talukder

Structure

Firewall

Telnet Http

DPI, IPS

Application Sphere

Sql injection

Buffer overflow

Cookie poisoning

Front Door

Metal Detector

Pick pocket

XSS

Page 10: Database Vulnerability And Encryption Presented By: Priti Talukder

Statistics

Attack Percent vulnerable

Cross-site scripting 80%SQL injection 62%Parameter tampering 60%Cookie poisoning 37%Database server 33%Web Server 23%Buffer overflow 19%

Page 11: Database Vulnerability And Encryption Presented By: Priti Talukder

Application security-essential element

Information Database

Business Logic Application server

Application Web custom

Host OS, Network, System, Memory

Network TCP, UDP, Port over IP

Page 12: Database Vulnerability And Encryption Presented By: Priti Talukder

References

http://www.imperva.com http://databases.about.com/library/weekly/

aa121500b.htm http://www.governmentsecurity.org/articles/

Databasesecurityprotectingsensitiveandcriticalinformation.php

http://techlibrary.wallstreetandtech.com/data/rlist?t=itmgmt_10_50_20_24


PRITI INTERNATIONAL LIMITED - kotak.com · PRESENTATION OF FINANCIAL, ... AOA/ Articles/ Articles of Association Articles of Association of “Priti International Limited”,

PRITI INTERNATIONAL LIMITED - kotak.com · PRESENTATION OF FINANCIAL, ... AOA/ Articles/ Articles of Association Articles of Association of “Priti International Limited”,

Documents
PANKAJ PRITI ASSOCIATES

PANKAJ PRITI ASSOCIATES

Documents
Priti K Rao Assistant Professor, Government First Grade

Priti K Rao Assistant Professor, Government First Grade

Documents
Priti Coles: Soprano; Voice, Speech and Presentation-Coach

Priti Coles: Soprano; Voice, Speech and Presentation-Coach

Documents
Peer-to-Peer Networks & JXTA by Madhurasmitha Chakravarthy & Priti Sabadra

Peer-to-Peer Networks & JXTA by Madhurasmitha Chakravarthy & Priti Sabadra

Documents
Computer FundFundamentals: Pradeep K. Sinha & Priti ...voccomputerscience.orgfree.com/ComputerFundamentals/pdf...Computer Fundamentals: Pradeep K. Sinha & Priti Sinha Ref. Page Chapter

Computer FundFundamentals: Pradeep K. Sinha & Priti ...voccomputerscience.orgfree.com/ComputerFundamentals/pdf...Computer Fundamentals: Pradeep K. Sinha & Priti Sinha Ref. Page Chapter

Documents
Priti Marine

Priti Marine

Documents
Title Dr. First Name Priti Last RanaName Photograph Profiles/Law/Law_Priti_Rana.pdfFirst Name Priti Last RanaName Photograph Designation Assistant Professor Address HNo. 172 Sector

Title Dr. First Name Priti Last RanaName Photograph Profiles/Law/Law_Priti_Rana.pdfFirst Name Priti Last RanaName Photograph Designation Assistant Professor Address HNo. 172 Sector

Documents
Chapter 7 Encryption controls. Overview Encryption technologies Combining encryption technologies for practice Using encryption technologies for

Chapter 7 Encryption controls. Overview Encryption technologies Combining encryption technologies for practice Using encryption technologies for

Documents
Chapter 2 – Classical Encryption Techniques Symmetric encryption Secret key encryption Shared key encryption

Chapter 2 – Classical Encryption Techniques Symmetric encryption Secret key encryption Shared key encryption

Documents
Priti Ambani - CSW - A New Age Company, CSWGlobal14

Priti Ambani - CSW - A New Age Company, CSWGlobal14

Business
Who will test_your_tests_yahya poonawala- priti biyani

Who will test_your_tests_yahya poonawala- priti biyani

Technology
Priti%Phukan - Umberg/Zipser€¦ · Priti%Phukan! 1920MainStreet,!Suite750Irvine,!California 92614!:!949.679.0052 pphukan@UmbergZipser.com! EDUCATION%! University!of!San!Diego,!J.D.,!2015!

Priti%Phukan - Umberg/Zipser€¦ · Priti%Phukan! 1920MainStreet,!Suite750Irvine,!California 92614!:!949.679.0052 [email protected]! EDUCATION%! University!of!San!Diego,!J.D.,!2015!

Documents
Delivery Challenges Priti Rao

Delivery Challenges Priti Rao

Documents
Introduction to java by priti sajja

Introduction to java by priti sajja

Technology
Priti˜Srinivas˜Sajja Essence of Systems Analysis and Design

Priti˜Srinivas˜Sajja Essence of Systems Analysis and Design

Documents
PANKAJ PRITI & ASSOCIATES CharTERED ACCOUNTANTS

PANKAJ PRITI & ASSOCIATES CharTERED ACCOUNTANTS

Documents
Report on warid telecom international by Arifuzzaman Talukder

Report on warid telecom international by Arifuzzaman Talukder

Documents
The Lessons of the Govardhana- lila, Priti-Lakshanam

The Lessons of the Govardhana- lila, Priti-Lakshanam

Documents
Stem education by priti vats

Stem education by priti vats

Education
Analytical Chemistry Ane Books · 2019-07-07 · Analytical Chemistry Analytical Chemistry Basic Concepts Priti Malhotra About the Author: Dr. Priti Malhotra is an Associate Professor

Analytical Chemistry Ane Books · 2019-07-07 · Analytical Chemistry Analytical Chemistry Basic Concepts Priti Malhotra About the Author: Dr. Priti Malhotra is an Associate Professor

Documents
Intelligent Applications for Web Priti Srinivas Sajja Associate Professor Department of Computer Science Sardar Patel University Visit priti sajja.info

Intelligent Applications for Web Priti Srinivas Sajja Associate Professor Department of Computer Science Sardar Patel University Visit priti sajja.info

Documents
Configuring Wire Encryption - Cloudera · 2020-07-16 · HDP Security Configuring Wire Encryption Wire Encryption Wire Encryption Encryption is applied to electronic information to

Configuring Wire Encryption - Cloudera · 2020-07-16 · HDP Security Configuring Wire Encryption Wire Encryption Wire Encryption Encryption is applied to electronic information to

Documents
Distribution Priti

Distribution Priti

Documents
LG COMPANY PRESENTED BY Priti Pandey 12DF007 PGDM-FC

LG COMPANY PRESENTED BY Priti Pandey 12DF007 PGDM-FC

Documents
Security fundamentals Topic 4 Encryption. Agenda Using encryption Cryptography Symmetric encryption Hash functions Public key encryption Applying cryptography

Security fundamentals Topic 4 Encryption. Agenda Using encryption Cryptography Symmetric encryption Hash functions Public key encryption Applying cryptography

Documents
Enable SSL Encryption - datapipebomb.comdatapipebomb.com/docs/DPB-Enable-Encryption-001.pdf · Enable SSL Encryption PIPEBOMB SSL ENCRYPTION This device offers strong SSL encryption

Enable SSL Encryption - datapipebomb.comdatapipebomb.com/docs/DPB-Enable-Encryption-001.pdf · Enable SSL Encryption PIPEBOMB SSL ENCRYPTION This device offers strong SSL encryption

Documents
Priti Rao and Soul/About... · 2019. 7. 31. · Priti Rao Priti Rao is a Bangalore based eco-entrepreneur. She is the founder of Soil and Soul, an organization that is engaged in

Priti Rao and Soul/About... · 2019. 7. 31. · Priti Rao Priti Rao is a Bangalore based eco-entrepreneur. She is the founder of Soil and Soul, an organization that is engaged in

Documents
General Certi cateless Encryption and Timed-Release Encryption · General Certi cateless Encryption and Timed-Release Encryption ... General Certi cateless Encryption and ... a Type-I

General Certi cateless Encryption and Timed-Release Encryption · General Certi cateless Encryption and Timed-Release Encryption ... General Certi cateless Encryption and ... a Type-I

Documents
Management of natural resources priti

Management of natural resources priti

Documents