- Paperback: 312 pages
- Publisher: Addison-Wesley Professional; 1 edition (October 29, 2005)
- Language: English
- ISBN-10: 0321320735
- ISBN-13: 978-0321320735
- Product Dimensions: 6.9 x 0.7 x 9.2 inches
- Shipping Weight: 1.4 pounds (View shipping rates and policies)
- Average Customer Review: 7 customer reviews
- Amazon Best Sellers Rank: #3,464,573 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Cryptography in the Database: The Last Line of Defense 1st Edition
Use the Amazon App to scan ISBNs and compare prices.
"Rebound" by Kwame Alexander
Don't miss best-selling author Kwame Alexander's "Rebound," a new companion novel to his Newbery Award-winner, "The Crossover,"" illustrated with striking graphic novel panels. Pre-order today
From the Back Cover
Protect Your Enterprise Data with Rock-Solid Database Encryption
If hackers compromise your critical information, the results can be catastrophic. You're under unprecedented pressurefrom your customers, your partners, your stockholders, and now, the governmentto keep your data secure. But what if hackers evade your sophisticated security mechanisms? When all else fails, you have one last powerful line of defense: database cryptography. In this book, a leading crypto expert at Symantec demonstrates exactly how to use encryption with your own enterprise databases and applications.
Kevin Kenan presents a start-to-finish blueprint and execution plan for designing and buildingor selecting and integratinga complete database cryptosystem. Kenan systematically shows how to eliminate weaknesses, overcome pitfalls, and defend against attacks that can compromise data even if it's been protected by strong encryption.
This book's 3,000 lines of downloadable code examples let you explore every component of a live database cryptosystem, including key vaults and managers, manifests, engines, and providers.
This book's coverage includes
Understanding your legal obligations to protect data
Constructing a realistic database security threat model and ensuring that you address critical threats
Designing robust database cryptographic infrastructure around today's most effective security patterns
Hardening your database security requirements
Classifying the sensitivity of your data
Writing database applications that interact securely with your cryptosystem
Avoiding the common vulnerabilities that compromise database applications
Managing cryptographic projects in your enterprise database environment
Testing, deploying, defending, and decommissioning secure database applications
Cryptography in the Database is an indispensable resource for every professional who must protect enterprise data: database architects, administrators, and developers; system and security analysts; and many others.
© Copyright Pearson Education. All rights reserved.
About the Author
Kevin Kenan leads Symantec's IT application and database security program. In this position, he works with application development teams to ensure that the applications and databases Symantec deploys internally are secure. This work includes specifying cryptographic solutions to protect sensitive information wherever it is stored.
Prior to his work in Symantec's information security department, Kevin designed and developed applications for Symantec's information technology and product development teams often with an emphasis on security and cryptography. He previously provided enterprise support for Symantec's development tools, and he holds a Bachelor of Science in Mathematics from the University of Oregon.
Author interviews, book reviews, editors picks, and more. Read it now
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
Here, you still have to defend against network attacks, possibly by using the above tools. But now there is the chance that your users or sysadmins might have nefarious intent. So the book shows how to design a system such that various columns in a SQL table can be encrypted. Different keys could be used for different columns, though a given key might apply over several columns if you wish.
The book uses a symmetric key cryptosystem. It downplays a PKI system. Those are slower. Plus their forte might be for distributed systems. Here, the scenario is more likely to be a central data centre.
There are several excellent system diagrams that nicely describe the data flow, and the various software (and perhaps hardware) players that make up the system. In essence, there needs to be an entire key management system along with a cryptographic engine. The former handles requests for a key by generating one and an alias for the key. Plus it stashes away the keys, preferably in a separate computer. There is even the necessity for a key to encrypt the keys!
Kenan also explains a "honeycomb". You may have heard of a honeypot, which is a dedicated computer or maybe an email account, that is used to attract crackers and spam. Well, a honeycomb could be a table in the database used for a similar purpose. Or even some rows in a given table. If these are accessed, software alarms go off, because no normal usage of the database should do so. Nifty idea.
Code examples for a simple system implementation are given in Java. Though if you are considering this book, you are likely no tyro in whatever language you use. The Java code is straightforward enough to be understandable and recoded.
The code examples are MySQL and Java 1.4.2 and really helped me understand just what needs to happen. The majority of the book is platform agnostic, so if you run a different platform it will still be valuable.
The book is well written, well edited, well laid out, what you expect to see from Addison-Wesley and Symantec Press.
The only thing that drove me crazy about the book is on page 163, the author recommends HSMs ( Hardware Security Model) for storing the keys to the kingdom, yup, yup, I agree, we all agree. And then he goes on to say, Java 1.4.2 does not support this -- ouch! However, his code examples are a nice work around using AES on the local engine which is good'nuff.
Got sensitive data? Then get this book!
Taking Ranum's observation to the next level, it is not only the applications that need to be secured, but databases also. The theme of Cryptography in the Database - The Last Line of Defense is that databases, being the main repository for critical consumer and business data, are often not given the adequate level of security that they deserve.
Large databases often contain terabytes of data. This data often contains R&D, client, customer data and more, that if compromised, could wreak havoc on an organization; both from a public relations perspective, in addition to a regulatory perspective. In a large customer driven organization, a database breach can wreak havoc on tens of thousands of customer records. With all of that, companies will spend large amounts of money on the security appliance of the month, but often let their databases sit unprotected.
Cryptography in the Database is a valuable book in that it shows how a formal methodology is required to adequately protect large corporate databases. The emphasis of the book is on designing and integrating a cryptosystem into the database to protect it against the various threats that are specifically launched against corporate database systems.
The books 4 parts contain 21 chapters. Part one is brief overview of the need for database security, along with related threats to database, and also covers the basic concepts of cryptography and encryption.
Part two provides a comprehensive synopsis on the cryptographic infrastructure necessary to secure corporate databases. Chapter 3 goes into details on how to set up an effective key management scheme. Such a scheme is crucial as the author notes that all it takes is the loss of a single 128-bit key, and gigabytes of data can become inaccessible.
Part two also creates a sample cryptographic architecture that is flexible and modular so that it is easily adaptable to various situations. The author notes that such systems can be difficult to manage if they become overly complex, and the challenge is to find the right balance between security and complexity on one side, and usability on the other. Creating an effective cryptographic database infrastructure. is not an elementary task given the different requirements of security and functionality.
Chapter 3 details the various entities that go into a complete cryptographic architecture, including the cryptographic engine, and the various controls around the crypto keys. The chapter provides a good overview of the key life cycle. Historically, controls around the key life cycle are crucial. One of the ways the Allies were able to break the German Enigma cipher machine during World War II was that the German's reused their crypto keys, which obviates much of the security that cryptography can provide. Had the German's not done that, the outcome of the war may have been dramatically different.
Part 3 details the issues that need to go into the entire cryptography project. Kenan notes that for security to be effective, it must be dealt with at the commencement of a project and must permeate the overall design and seep into every line of code. Also, in the long term, developing a culture of security depends on looking at security as an opportunity to provide extra value. Where security fails is when it is viewed merely as a series of checklists that are meant to get in the way.
Chapter 9 shows how data flow diagrams can be used by a database analyst to better understand how a system works. These data flow diagrams are valuable as that they show the various inputs into the system and where potential failures can crop up.
Part 4 provides various Java code examples of the cryptographic infrastructure that were detailed in the previous 12 chapters. The example code is meant to show how to implement the primary functionality of the various components that the book describes.
One of the popular terms in security today is data at rest, which refers to all data in storage. Businesses, government agencies, and others need to deal with attacks on data at rest, which more often then not will be found on databases.
After reading Cryptography in the Database, the reader can understand why database cryptography must be implemented in a methodological fashion, since incorrectly implemented cryptography can often be worse than no cryptography at all. With that, database administrators, architects and others who have input into the design of database security are highly advised to read Cryptography in the Database.
Databases are far too critical to an organization to be left unsecured, or incorrectly secured. The database is indeed the last line of defense in an organization. Books such as this are thusly vital to ensure that the last line of defense is not easily breached.