File Encryption, Database Encryption

 
 
By Lisa Vaas  |  Posted 2004-09-02 Email Print this article Print
 
 
 
 
 
 
 


Once deployed, you have to get databases up to standard levels. Sounds basic, doesnt it? "Its astonishing how few people have figured this out for databases," Julian told me. Everybody knows what server software theyre running with xyz patches, what password policies are, etc. But if youre not auditing databases on an ongoing basis, and making sure theyre up to whatever level of update your enterprise has defined as being its baseline, you dont know how secure your database is, even if youre encrypting the entire database. Next step, pre-encryption, is to harden systems so that they have secure configurations. That means securing default passwords and IDs to administrator and listener accounts, lest you leave the database wide open.
Some DBAs say theyll spend Labor Day weekend applying Oracles latest, critical patch. Click here to read more.
Intrusion detection comes into play next, to provide real-time protection while youre busy patching all of those databases, serving to alert and shut down an attack before it can cause damage. Thats why its deployed on the network, and thats why it should be deployed on the database. Encryption is your last line of defense, when theres no patch yet available and theres no signature for identity detection. It will keep somebody whos about to gain root access to your database from actually getting your customers credit card numbers or Social Security numbers, for example. This is where you get into the question of what to encrypt, and theres no easy answer to that.
Is standard file encryption required with database encryption? When a file system is encrypted, whatever lives inside it—be it database table or text file—is encrypted. Database encryption experts will assure you that theres certainly overhead implied in either case, whether theres the abstraction layer of file encryption or not. CERT/CCs Manion says they both imply different kinds and different amounts of overhead, depending on what file system youre talking about, what database youre using and what type of database encryption youre using. In other words, the question is impossible to answer without knowing the specifics of a given system setup. But one way to avoid overhead is to encrypt at the column level in a database table, rather than encrypting anything and everything on a file system. Securing directories versus securing the database. Depending on whats stored in there, it might make sense to encrypt a directory, Manion says. If youre talking about an internal server that contains internal phone and contact information for an internal staff, and its not exposed to the outside world, it might not be worth the effort to encrypt it. Bear in mind, once you do choose to encrypt, youre adding another layer of logging on and/or passwords. These things dont come free. Next Page: The tough question of estimating damages post-breach.



 
 
 
 
Lisa Vaas is News Editor/Operations for eWEEK.com and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on eWEEK.com, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel