Database Encryption Solution
Critical data in a database needs to be protected against internal and external threats. A database encryption solution can be used to achieve this protection in addition to providing the regulatory requirements. In the past, access control was used as a means of protecting information against access by unauthorized users. Access control did not prove very effective and this has led to the adoption of encryption where information is transformed into some form that cannot be understood by unauthorized users. Decryption is the process by which the transformed text is retransformed into a form that can be understood. This paper will seek ...view middle of the document...
3). Integration work such as modifying database schemas in existence and use of stored procedures and triggers to encrypt and decrypt within the database needs to be done at the database level. Only the sensitive data should be encrypted and the encryption should be done in a way that it will not affect the performance of the system. However, this level of encryption does not protect against application level attacks.
2. 2. Storage-Layer Encryption
In this case, an enterprise stores information at the storage subsystem. It is mostly used in cases of files, storage blocks, directories, and tape media. It protects against storage system theft and media theft. It does not protect against database level and application level attacks.
3. User Management Issues
Every user who accesses some information in the database must have an account with the database. A database administrator creates accounts for individuals who will be using the database. The management of user accounts forms a basis for overall database system security (Mattsson, (2005, p.3). Each user has a different level of access to information. For a user to access any information in the database, he or she must identify himself or herself to the server and the server has to verify his or her identity. Some of the authentication methods include password based, host based, public key infrastructure based, smart card, and others. The connecting user is the only one who knows her secret to accessing the resources in the database. It is only the user who can change his or her password and those who are authorized to do so.
3. 1. A Separated Security Directory
To prevent the access of security related information from unauthorized users, a separate security directory can be adopted where all the information that is used to manage the objects in a database is stored in the database. No individual can update this information manually and the access to this information is controlled by strict authentication and authorization policy.
4. Complete Accountability
Giving the database administrator full control over the database is a bit dangerous because it increases the vulnerability of the database to the administrator (Mattsson, (2005, p.4). The database administrator should not have full control over other people’s secrecy. A user can be given control of his or her own secrecy so as to control the security of the system in case the administrator is compromised. The privileges given to different users allow them to access different information from the database. For purposes of accountability, an access control system should be put in place where the database administrator has duties that are separate from the duties of the security administrator. The database administrator performs certain tasks such as extending table spaces and other database administrator functions. The security administrator could be privileged to add and delete users.
5. Choosing the Storage Format of the Encrypted...