or
Sign in to turn on 1-Click ordering.
 
 
More Buying Choices
37 used & new from $0.81

Have one to sell? Sell yours here
 
   
Express Checkout with PayPhrase
What's this? | Create PayPhrase
Sorry!
Cryptography in the Database: The Last Line of Defense
 
See larger image
 
Tell the Publisher!
I’d like to read this book on Kindle

Don’t have a Kindle? Get your Kindle here.
 
  

Cryptography in the Database: The Last Line of Defense (Paperback)

~ (Author)
4.3 out of 5 stars  See all reviews (7 customer reviews)

List Price: $49.99
Price: $38.89 & this item ships for FREE with Super Saver Shipping. Details
You Save: $11.10 (22%)
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
In Stock.
Ships from and sold by Amazon.com. Gift-wrap available.

Only 2 left in stock--order soon (more on the way).

Want it delivered Tuesday, November 10? Choose One-Day Shipping at checkout. Details
23 new from $2.77 14 used from $0.81

Frequently Bought Together

Cryptography in the Database: The Last Line of Defense + The Database Hacker's Handbook: Defending Database Servers + Implementing Database Security and Auditing: Includes Examples for Oracle, SQL Server, DB2 UDB, Sybase
Price For All Three: $113.84

Show availability and shipping details


Customers Who Bought This Item Also Bought

Implementing Database Security and Auditing: Includes Examples for Oracle, SQL Server, DB2 UDB, Sybase

Implementing Database Security and Auditing: Includes Examples for Oracle, SQL Server, DB2 UDB, Sybase

by Ron Ben Natan
4.9 out of 5 stars (11)  $43.45
Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition

Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition

by Bruce Schneier
4.6 out of 5 stars (102)  $29.80
Security Engineering: A Guide to Building Dependable Distributed Systems

Security Engineering: A Guide to Building Dependable Distributed Systems

by Ross J. Anderson
4.7 out of 5 stars (32)  $56.00
Cryptography for Internet & Database Applications

Cryptography for Internet & Database Applications

by Nick Galbreath
5.0 out of 5 stars (1)  $26.40
The Art of  Computer Virus Research and Defense

The Art of Computer Virus Research and Defense

by Peter Szor
4.4 out of 5 stars (24)  $34.64
Explore similar items

Editorial Reviews

Product Description

Protect Your Enterprise Data with Rock-Solid Database Encryption If hackers compromise your critical information, the results can be catastrophic. You're under unprecedented pressure--from your customers, your partners, your stockholders, and now, the government--to keep your data secure. But what if hackers evade your sophisticated security mechanisms? When all else fails, you have one last powerful line of defense: database cryptography. In this book, a leading crypto expert at Symantec demonstrates exactly how to use encryption with your own enterprise databases and applications. Kevin Kenan presents a start-to-finish blueprint and execution plan for designing and building--or selecting and integrating--a complete database cryptosystem. Kenan systematically shows how to eliminate weaknesses, overcome pitfalls, and defend against attacks that can compromise data even if it's been protected by strong encryption. This book's 3,000 lines of downloadable code examples let you explore every component of a live database cryptosystem, including key vaults and managers, manifests, engines, and providers.This book's coverage includes * Understanding your legal obligations to protect data * Constructing a realistic database security threat model and ensuring that you address critical threats * Designing robust database cryptographic infrastructure around today's most effective security patterns * Hardening your database security requirements * Classifying the sensitivity of your data * Writing database applications that interact securely with your cryptosystem * Avoiding the common vulnerabilities that compromise database applications * Managing cryptographic projects in your enterprise database environment * Testing, deploying, defending, and decommissioning secure database applications Cryptography in the Database is an indispensable resource for every professional who must protect enterprise data: database architects, administrators, and developers; system and security analysts; and many others. A(c) Copyright Pearson Education. All rights reserved.


From the Back Cover

Protect Your Enterprise Data with Rock-Solid Database Encryption

If hackers compromise your critical information, the results can be catastrophic. You're under unprecedented pressure—from your customers, your partners, your stockholders, and now, the government—to keep your data secure. But what if hackers evade your sophisticated security mechanisms? When all else fails, you have one last powerful line of defense: database cryptography. In this book, a leading crypto expert at Symantec demonstrates exactly how to use encryption with your own enterprise databases and applications.

Kevin Kenan presents a start-to-finish blueprint and execution plan for designing and building—or selecting and integrating—a complete database cryptosystem. Kenan systematically shows how to eliminate weaknesses, overcome pitfalls, and defend against attacks that can compromise data even if it's been protected by strong encryption.

This book's 3,000 lines of downloadable code examples let you explore every component of a live database cryptosystem, including key vaults and managers, manifests, engines, and providers.

This book's coverage includes

  • Understanding your legal obligations to protect data

  • Constructing a realistic database security threat model and ensuring that you address critical threats

  • Designing robust database cryptographic infrastructure around today's most effective security patterns

  • Hardening your database security requirements

  • Classifying the sensitivity of your data

  • Writing database applications that interact securely with your cryptosystem

  • Avoiding the common vulnerabilities that compromise database applications

  • Managing cryptographic projects in your enterprise database environment

  • Testing, deploying, defending, and decommissioning secure database applications

Cryptography in the Database is an indispensable resource for every professional who must protect enterprise data: database architects, administrators, and developers; system and security analysts; and many others.


© Copyright Pearson Education. All rights reserved.


Product Details

  • Paperback: 312 pages
  • Publisher: Addison-Wesley Professional (October 29, 2005)
  • Language: English
  • ISBN-10: 0321320735
  • ISBN-13: 978-0321320735
  • Product Dimensions: 9.1 x 7 x 0.9 inches
  • Shipping Weight: 1.3 pounds (View shipping rates and policies)
  • Average Customer Review: 4.3 out of 5 stars  See all reviews (7 customer reviews)
  • Amazon.com Sales Rank: #989,406 in Books (See Bestsellers in Books)

More About the Author

Kevin Kenan
Discover books, learn about writers, read author blogs, and more.

Visit Amazon's Kevin Kenan Page

What Do Customers Ultimately Buy After Viewing This Item?


Tags Customers Associate with This Product

 (What's this?)
Click on a tag to find related items, discussions, and people.
 

Your tags: Add your first tag
 

Sell a Digital Version of This Book in the Kindle Store

If you are a publisher or author and hold the digital rights to a book, you can sell a digital version of it in our Kindle Store. Learn more

 

Customer Reviews

7 Reviews
5 star:
 (3)
4 star:
 (3)
3 star:
 (1)
2 star:    (0)
1 star:    (0)
 
 
 
 
 
Average Customer Review
4.3 out of 5 stars (7 customer reviews)
 
 
 
 
Share your thoughts with other customers:
Most Helpful Customer Reviews

 
15 of 16 people found the following review helpful:
4.0 out of 5 stars In a year of high profile data tape loss, this is just right, November 2, 2005
By Stephen Northcutt (Kauai, HI USA) - See all my reviews
(REAL NAME)   
Iorn mountain, UPS both had very drastic failures this year, backup tapes with thousands of customer records were lost. Everybody in the industry is scrambling to figure out how to encrypt the backup tapes. Most of us feel the option of simply making a backup of already encrypted data is a better choice than piping the backup through an encryption process. This book arrives in our hour of need and it has the feel of a been there, done that author.

The code examples are MySQL and Java 1.4.2 and really helped me understand just what needs to happen. The majority of the book is platform agnostic, so if you run a different platform it will still be valuable.

The book is well written, well edited, well laid out, what you expect to see from Addison-Wesley and Symantec Press.

The only thing that drove me crazy about the book is on page 163, the author recommends HSMs ( Hardware Security Model) for storing the keys to the kingdom, yup, yup, I agree, we all agree. And then he goes on to say, Java 1.4.2 does not support this -- ouch! However, his code examples are a nice work around using AES on the local engine which is good'nuff.

Got sensitive data? Then get this book!
Comment Comment | Permalink | Was this review helpful to you? Yes No (Report this)



 
13 of 14 people found the following review helpful:
4.0 out of 5 stars Good for developers, March 9, 2006
To be honest, when picking up this book, I was not interested in implementation details and internals of database cryptography (part II), but more in enabling database security by means of encryption (part I). Therefore, I was coming more from the user vs developer perspective. I was even less interested in managing the database cryptographic project.

As a result, I enjoyed the part I on database security with motivations, attacks against databases, threat models and a primer on securing databases with cryptography. If you are "doing security" read part I, if you are implementing database encryption or record hashing - read the rest of the book.

Dr Anton Chuvakin, GCIA, GCIH, GCFA is a recognized security expert and book author. A frequent conference speaker, he also participates in various security industry initiatives and standard organizations. He is an author of a book "Security Warrior" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and the upcoming "Hacker's Challenge 3". He also published numerous papers on a broad range of security subjects. In his spare time he maintains his security portal http://www.info-secure.org and a blog at http://chuvakin.blogspot.com
Comment Comment | Permalink | Was this review helpful to you? Yes No (Report this)



 
9 of 10 people found the following review helpful:
5.0 out of 5 stars An Excellent Reference for Database Security and Encryption, November 11, 2005
When I pick up a Symantec Press book, I will either love them or dislike them. I never have mixed emotions about them. This book I love. His book should be titled, Database Security. While the primary focus is on encryption, the author dives into several topics I wish some of my past DBAs had known.

The book is divided into four major parts: Database Security, A Crpytographic Infrastructure, The Cryptographic project, and Example Code. I however would calssify the book into two major parts. The first part is reading and understanding some fundamentals that are very important. Throughout this first part, there are many graphical presentations to help the reader understand, in a graphical way, what the author is discussing. This is most visible in the third chapter entitled An overview of Cryptographic Infrastructure.

The second part of the book is actual code written in Java, and designed for plain SQL, the author does confirm that all examples work in MYSQL. The examples give common scenarios such as consumer input. Consumer input requires first name, last name, credit card information, the verification code and other fields. This example discusses and demonstrates a best practice model around that code.

Given the two parts above, this book is solid, and I would have recommended it. However, the author went a step further, and included information on security surrounding the database, penetration testing and methodologies for databases, architecture and design best practices, and so many other important points. This makes this book valuable to anyone working with databases.

The section breakdown is as follows:
* Database Security - Common Attacks Against Databases; Laws and Regulations; and Cryptography
* Cryptographic Infrastructure - Introduction to Keys, and Their Management; Engines and Algorithms; and Vaults, Manifests and Managers
* The Cryptographic Project - Outlines the Security Culture; Hardening, Classifications, and Policies; Securing Design; Securing Development; and Testing
* Example Code - Key Vaults; Manifest; Key Managers; Engines; Receipts and the Provider; The Consumer; Exceptions; and the System at Work.

Overall this book is geared to medium level technicians for best practices and coding examples. Although anyone working with databases in general could find something useful in this book, even if its design, architecture and implementation best practices.
Comment Comment | Permalink | Was this review helpful to you? Yes No (Report this)


Share your thoughts with other customers: Create your own review
 
 
 
Most Recent Customer Reviews

3.0 out of 5 stars It's a good book, but...
I purchased the book in attempt to figure out a "best practice" way to encrypt information in a web-facing business database. Read more
Published on September 26, 2007 by gregw

4.0 out of 5 stars A little more like "Cryptography Alongside The Database"
I kind of went in expecting this to be some form of "marketing spiel" for someone's embedding of crypto tools into one or another DBMS. Read more
Published on December 17, 2005 by Christopher B. Browne

5.0 out of 5 stars Excellent book on database security
Noted security guru Marcus Ranum has observed that "these days, with the kind of plug-ins that come in your typical browser, combined with all the bizarre undocumented protocols... Read more
Published on November 30, 2005 by Ben Rothke

5.0 out of 5 stars describes a key management system
Much attention has been focused on network attacks by crackers, and how to stop these. So powerful software like Snort and Nessus have emerged, with books dedicated to them. Read more
Published on November 9, 2005 by W Boudville

Only search this product's reviews



Customer Discussions

This product's forum
Discussion Replies Latest Post
No discussions yet

Ask questions, Share opinions, Gain insight
Start a new discussion
Topic:
First post:
Prompts for sign-in
 

Search Customer Discussions
Search all Amazon discussions
   




Product Information from the Amapedia Community

Beta (What's this?)


Look for Similar Items by Category


Look for Similar Items by Subject

 

Feedback

If you need help or have a question for Customer Service, contact us.
 Would you like to update product info or give feedback on images?
Is there any other feedback you would like to provide?

Your comments can help make our site better for everyone.


Your Recent History

 (What's this?)

After viewing product detail pages or search results, look here to find an easy way to navigate back to pages you are interested in.