Cryptography in the Database: The Last Line of Defense
Protect Your Enterprise Data with Rock-Solid Database Encryption
If hackers compromise your critical information, the results can be catastrophic. You're under unprecedented pressure—from your customers, your partners, your stockholders, and now, the government—to keep your data secure. But what if hackers evade your sophisticated security mechanisms? When all else fails, you have one last powerful line of defense: database cryptography. In this book, a leading crypto expert at Symantec demonstrates exactly how to use encryption with your own enterprise databases and applications.
Kevin Kenan presents a start-to-finish blueprint and execution plan for designing and building—or selecting and integrating—a complete database cryptosystem. Kenan systematically shows how to eliminate weaknesses, overcome pitfalls, and defend against attacks that can compromise data even if it's been protected by strong encryption.
This book's 3,000 lines of downloadable code examples let you explore every component of a live database cryptosystem, including key vaults and managers, manifests, engines, and providers.
This book's coverage includes
Understanding your legal obligations to protect data
Constructing a realistic database security threat model and ensuring that you address critical threats
Designing robust database cryptographic infrastructure around today's most effective security patterns
Hardening your database security requirements
Classifying the sensitivity of your data
Writing database applications that interact securely with your cryptosystem
Avoiding the common vulnerabilities that compromise database applications
Managing cryptographic projects in your enterprise database environment
Testing, deploying, defending, and decommissioning secure database applications
Cryptography in the Database is an indispensable resource for every professional who must protect enterprise data: database architects, administrators, and developers; system and security analysts; and many others.
About the Author.
I. DATABASE SECURITY.
1: The Case for Database Security.
2: Securing Databases with Cryptography.
II. A CRYPTOGRAPHIC INFRASTRUCTURE.
3. An Overview of Cryptographic Infrastructure.
4. Cryptographic Engines and Algorithms.
5. Keys: Vaults, Manifests, and Managers.
6. Cryptographic Providers and Consumers.
III. THE CRYPTOGRAPHIC PROJECT.
7. Managing the Cryptographic Project.
8. Requirements Hardening.
9. Design Hardening.
10. Secure Development.
12. Deployment, Defense, and Decommissioning.
IV. EXAMPLE CODE.
13. About the Examples.
14. A Key Vault.
15. The Manifest.
16. The Key Manager.
17. The Engine.
18. Receipts and Provider.
19. The Consumer.
21. The System at Work.