Slashdot Mirror
Cryptography in the Database
Ben Rothke writes "Noted security guru Marcus Ranum has observed that "these days, with the kind of plug-ins that come in your typical browser, combined with all the bizarre undocumented protocols used by new Internet applications; makes it highly unlikely that a firewall is doing anything more complex than a thin layer of policy atop routing. As such, the applications behind the firewall are now more critical to security than the firewall itself. Which should scare the holey moley out of you."" Read on for Ben's review.
Cryptography in the Database : The Last Line of Defense
author
Kevin Kenan
pages
312
publisher
Addison-Wesley
rating
9
reviewer
Ben Rothke
ISBN
0321320735
summary
Excellent reference for those that are serious about securing their corporate databases
Taking Ranum's observation to the next level, it is not only the applications that need to be secured, but databases also. The theme of Cryptography in the Database - The Last Line of Defense is that databases, being the main repository for critical consumer and business data, are often not given the adequate level of security that they deserve.
Large databases often contain terabytes of data. This data often contains R&D, client, customer data and more, that if compromised, could wreak havoc on an organization; both from a public relations perspective, in addition to a regulatory perspective. In a large customer driven organization, a database breach can wreak havoc on tens of thousands of customer records. With all of that, companies will spend large amounts of money on the security appliance of the month, but often let their databases sit unprotected.
Cryptography in the Database is a valuable book in that it shows how a formal methodology is required to adequately protect large corporate databases. The emphasis of the book is on designing and integrating a cryptosystem into the database to protect it against the various threats that are specifically launched against corporate database systems.
The books 4 parts contain 21 chapters. Part one is brief overview of the need for database security, along with related threats to database, and also covers the basic concepts of cryptography and encryption.
Part two provides a comprehensive synopsis on the cryptographic infrastructure necessary to secure corporate databases. Chapter 3 goes into details on how to set up an effective key management scheme. Such a scheme is crucial as the author notes that all it takes is the loss of a single 128-bit key, and gigabytes of data can become inaccessible.
Part two also creates a sample cryptographic architecture that is flexible and modular so that it is easily adaptable to various situations. The author notes that such systems can be difficult to manage if they become overly complex, and the challenge is to find the right balance between security and complexity on one side, and usability on the other. Creating an effective cryptographic database infrastructure. is not an elementary task given the different requirements of security and functionality.
Chapter 3 details the various entities that go into a complete cryptographic architecture, including the cryptographic engine, and the various controls around the crypto keys. The chapter provides a good overview of the key life cycle. Historically, controls around the key life cycle are crucial. One of the ways the Allies were able to break the German Enigma cipher machine during World War II was that the German's reused their crypto keys, which obviates much of the security that cryptography can provide. Had the German's not done that, the outcome of the war may have been dramatically different.
Part 3 details the issues that need to go into the entire cryptography project. Kenan notes that for security to be effective, it must be dealt with at the commencement of a project and must permeate the overall design and seep into every line of code. Also, in the long term, developing a culture of security depends on looking at security as an opportunity to provide extra value. Where security fails is when it is viewed merely as a series of checklists that are meant to get in the way.
Chapter 9 shows how data flow diagrams can be used by a database analyst to better understand how a system works. These data flow diagrams are valuable as that they show the various inputs into the system and where potential failures can crop up.
Part 4 provides various Java code examples of the cryptographic infrastructure that were detailed in the previous 12 chapters. The example code is meant to show how to implement the primary functionality of the various components that the book describes.
One of the popular terms in security today is data at rest, which refers to all data in storage. Businesses, government agencies, and others need to deal with attacks on data at rest, which more often then not will be found on databases.
After reading Cryptography in the Database, the reader can understand why database cryptography must be implemented in a methodological fashion, since incorrectly implemented cryptography can often be worse than no cryptography at all. With that, database administrators, architects and others who have input into the design of database security are highly advised to read Cryptography in the Database.
Databases are far too critical to an organization to be left unsecured, or incorrectly secured. The database is indeed the last line of defense in an organization. Books such as this are thusly vital to ensure that the last line of defense is not easily breached.
You can purchase Cryptography in the Database from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Taking Ranum's observation to the next level, it is not only the applications that need to be secured, but databases also. The theme of Cryptography in the Database - The Last Line of Defense is that databases, being the main repository for critical consumer and business data, are often not given the adequate level of security that they deserve.
Large databases often contain terabytes of data. This data often contains R&D, client, customer data and more, that if compromised, could wreak havoc on an organization; both from a public relations perspective, in addition to a regulatory perspective. In a large customer driven organization, a database breach can wreak havoc on tens of thousands of customer records. With all of that, companies will spend large amounts of money on the security appliance of the month, but often let their databases sit unprotected.
Cryptography in the Database is a valuable book in that it shows how a formal methodology is required to adequately protect large corporate databases. The emphasis of the book is on designing and integrating a cryptosystem into the database to protect it against the various threats that are specifically launched against corporate database systems.
The books 4 parts contain 21 chapters. Part one is brief overview of the need for database security, along with related threats to database, and also covers the basic concepts of cryptography and encryption.
Part two provides a comprehensive synopsis on the cryptographic infrastructure necessary to secure corporate databases. Chapter 3 goes into details on how to set up an effective key management scheme. Such a scheme is crucial as the author notes that all it takes is the loss of a single 128-bit key, and gigabytes of data can become inaccessible.
Part two also creates a sample cryptographic architecture that is flexible and modular so that it is easily adaptable to various situations. The author notes that such systems can be difficult to manage if they become overly complex, and the challenge is to find the right balance between security and complexity on one side, and usability on the other. Creating an effective cryptographic database infrastructure. is not an elementary task given the different requirements of security and functionality.
Chapter 3 details the various entities that go into a complete cryptographic architecture, including the cryptographic engine, and the various controls around the crypto keys. The chapter provides a good overview of the key life cycle. Historically, controls around the key life cycle are crucial. One of the ways the Allies were able to break the German Enigma cipher machine during World War II was that the German's reused their crypto keys, which obviates much of the security that cryptography can provide. Had the German's not done that, the outcome of the war may have been dramatically different.
Part 3 details the issues that need to go into the entire cryptography project. Kenan notes that for security to be effective, it must be dealt with at the commencement of a project and must permeate the overall design and seep into every line of code. Also, in the long term, developing a culture of security depends on looking at security as an opportunity to provide extra value. Where security fails is when it is viewed merely as a series of checklists that are meant to get in the way.
Chapter 9 shows how data flow diagrams can be used by a database analyst to better understand how a system works. These data flow diagrams are valuable as that they show the various inputs into the system and where potential failures can crop up.
Part 4 provides various Java code examples of the cryptographic infrastructure that were detailed in the previous 12 chapters. The example code is meant to show how to implement the primary functionality of the various components that the book describes.
One of the popular terms in security today is data at rest, which refers to all data in storage. Businesses, government agencies, and others need to deal with attacks on data at rest, which more often then not will be found on databases.
After reading Cryptography in the Database, the reader can understand why database cryptography must be implemented in a methodological fashion, since incorrectly implemented cryptography can often be worse than no cryptography at all. With that, database administrators, architects and others who have input into the design of database security are highly advised to read Cryptography in the Database.
Databases are far too critical to an organization to be left unsecured, or incorrectly secured. The database is indeed the last line of defense in an organization. Books such as this are thusly vital to ensure that the last line of defense is not easily breached.
You can purchase Cryptography in the Database from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
I think most companies know the importance of security on firewall, server, application and database, but trying to get a budget for such measures is another matter.
So maybe to most companies, extreme-security is a gamble they are willing to take, or they simply don't value customer data as much as customers do.
We have seen so many cases of stolen university data, or even credit card details, but when have we heard a Press Release saying "no worries, the data is crypto-protected with this how-many-bit technology".
Rock that crushes, Paper & Scissors that don't matter.
While you and I would love to beat the skull of the programmers involved, I shamefully admit I was part of several projects in the same situation you just stated. The problem was, though, the same problem IT deals with everyday... it is a bad decision forced on by management. I remember one day getting REEEEEEEEEMED and practically fired because I "voiced concern" about such. Within the screaming and yelling was reasoning like "No one can get the password", "Even if they did, how would they know what to do with it?", "Nobody wants to remember another password", and my favorite "If you knew what you were doing, this wouldn't BE a security issue". You can't make this crap up. So like everyone else in the world, I did was I was told....
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
Point of fact, you don't implement crypto yourself. That is the most horrid mis take that anyone can make. Let the security professionals implement it, and just use it. They are far more paranoid that you are and are far better to do this specialised way of coding.
Security is a feild in which you must have a good level of mastery of many different areas otherwise you are a liability. If you don't got that, then don't implement a system. Use one that someone else has written.
IMO, this book will make too many people think that they are good enough to do what they can't do. I can only imagine how many insecure system will be developed because of it.
You can't just encrypt your data and share keys. If you do, then the compromise of a key provides access to that data. If someone hacks into your network, maybe that key will be found somewhere on a system that they compromise. Then, they can actually evesdrop on the database connections and pull data as it is being sent across the wire without authenticating.
A better solution (and one that PostgreSQL uses) is to use SSL to secure the connection and thus encrypt the traffic to and from the server. Yes, if you compromise the database server, you get the data anyway, but in the other approach, if you compromise the key management server, you might get far more than the data. Note that PostgreSQL also supports client-side certificates which, while not perfect, provide an added layer of security (cient-side SSL is a host authentication mechanism, not a user authentication mechanism so normal login requirements still apply-- basically now you have 2-factor authentication).
The second vital area is that of access control. Encrypting your data doesn't do you any good if you don't adequately lock down access. Shared database accounts? No. Use one account per *user* and use groups/roles for access control.
Finally, encrypting some data in the database might be required by some applications (for example, if you store credit card transactions in your database so you can later reverse a charge, the PCI-DSS requires that the number is encrypted in storage). But encrypting most data will simply prevent your relational model from working properly.
LedgerSMB: Open source Accounting/ERP
... but it sure is now, and here's two giant reasons why:
HIPAA
PCIDSS
Both specify, more or less, that sensitive information must be encrypted within the database. That means the data at rest on disk must be encrypted. Encrypting customer-sensitive information in the database will prevent exposure of customer sensitive information from:
Disk-scraping attacks (such as if the storage rep who replaces a failed drive in the SAN is ethically challenged)
Backup attacks (where a complete database backup can be restored and hacked)
What doesn't it save you from?
Users who have rights they don't need looking at data they don't need.
Users who don't need access to the system but have it anyway.
Poor security standards (not changing default passwords, insufficient password strength, etc).
The DBA, who can always log in and see whatever the heck he wants(I almost said he or she, but who am I kidding).
The SysAdmin, who can become the DBA, and can scrape the disks himself.
What are the costs of encryption?
1. It will cost you CPU cycles. (Don't even think about sending all the crypto calls over the wire to a hardware module -- it'll cut application througput in half).
2. You won't be able to have queries like "Select name from patients where ssn between '5030000000' and '503999999'" use indexes, as the ordering of crypto is gone forever.
What's being done about this?
Enterprise vendors are busy rolling out encryption solutions (the other security holes already have support around them, but often aren't implemented in applications.) DB2 lets you encrypt the file system, or tables, or values within tables.
Oracle lets you encrypt columns within tables with AES128, AES192, AES256, or 3DES. (You can also set it up so that the same value in 2 columns has the same ciphertext, which is a good thing.)
SQL Server's got... something, but I don't support it, so I don't care.
(PostgreSQL and MySQL users, I left you out on purpose. I said enterprise vendors, and I meant it.)
You know, where you _review_ the book? As in whether the book is high-quality, or not. As in whether the author is a good writer, or not. As in whether the contents are relevant, or not. As in whether I should buy the book rather than some other book.
Instead, we get a synopsis of what the book covers, plus a blurb for why the topic is important. Yes, securing databases is important! Yes, Part 4 provides Java examples! But why do I want to buy THIS book about securing databases? Why do I want to buy THIS book with Java examples?
They should have some sort of guidelines to follow. They could call them "Slashdot Book Review Guidelines". The guidelines could include points like "Is the book readable as well as technically accurate?" and "How gracefully do you expect the content to age?" That would be amazing.