Database Vulnerability And Encryption Presented By: Priti Talukder.

Slides:

Advertisements

Similar presentations

Penetration Testing Biometric System

Advertisements

Internet Protocol Security (IP Sec)

Split Databases. What is a split database? Two databases Back-end database –Contains tables (data) only –Resides on server Front-end database –Contains.

Chapter 17: WEB COMPONENTS

Hands on Demonstration for Testing Security in Web Applications

Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)

1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Internet, Intranet and Extranets

-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.

Security Issues and Challenges in Cloud Computing

Barracuda Web Application Firewall

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Chapter 7 HARDENING SERVERS.

Database Software File Management Systems Database Management Systems.

Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA © Abdou Illia.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Application Security Chapter 8 Copyright Pearson Prentice Hall 2013.

Dec 13 th CS555 presentation1 Yiwen Wang --“Securing the DB may be the single biggest action an organization can take to protect its assets” David C. Knox.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

SiteLock Internet Security: Big Threats for Small Business.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.

Evolving Threats. Application Security - Understanding the Problem DesktopTransportNetworkWeb Applications Antivirus Protection Encryption (SSL) Firewalls.

1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.

Global Systems Division (GSD) Information and Technology Services Web Services Gateway Implementation Michael Doney Bobby Kelley Peter Lannigan John Parker.

Security.NET Chapter 1. How Do Attacks Occur? Stages of attack Examples of attacker actions 1. FootprintRuns a port scan on the firewall 2. PenetrationExploits.

Csci5233 Computer Security1 Bishop: Chapter 27 System Security.

Security Squad Keeping your Equipment and Information Safe Security Squad Keeping your Equipment and Information Safe Security Squad Video Series, Part.

Technical Details – SAN PHARMA SFA. Front End / Back End Details  ASP  ASP.net  XML  JAVA Script  DHTML  MS SQL SERVER.

Security Testing Case Study 360logica Software Testing Services.

OSI and TCP/IP Models And Some Vulnerabilities AfNOG th May 2011 – 10 th June 2011 Tanzania By Marcus K. G. Adomey.

Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Chapter 10 Security and Encryption. Objectives Explain the nature of a threat model Be able to construct a threat model Be aware of common threats to.

Security+ Guide to Network Security Fundamentals, Fourth Edition

Database Security and Data Protection Suseel Pachalla, CISSP.

Input Validation – common associated risks  ______________ user input controls SQL statements ultimately executed by a database server

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Securing Data in Transit and Storage Sanjay Beri Co-Founder & Senior Director of Product Management Ingrian Networks.

Kia Manoochehri.  Background  Threat Classification ◦ Traditional Threats ◦ Availability of cloud services ◦ Third-Party Control  The “Notorious Nine”

SECURITY OF DATA By: ADRIAN PERHAM. Issues of privacy; Threats to IT systems; Data integrity; Standard clerical procedures; Security measures taken to.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.

Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.

06/02/06 Workshop on knowledge sharing using the new WWW tools May 30 – June 2, 2006 GROUP Presentation Group 5 Group Members Ambrose Ruyooka Emmanuel.

Chap1: Is there a Security Problem in Computing?.

Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?

Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.

Part V Electronic Commerce Security Online Security Issues Overview Managing Risk Computer Security Classifications. Security.

Computer Security By Duncan Hall.

Firewalls Priyanka Verma & Jessica Wong. What is it? n A firewall is a collection of security measures designed to prevent unauthorised electronic access.

INFO 344 Web Tools And Development CK Wang University of Washington Spring 2014.

Building Secure Web Applications with IDS Michael Chaney Technical Director ChainLink Networking Solutions, Inc.

Useful Tips to Increase Your Web Security. Web Security  Web application security is the process of securing confidential data stored online from unauthorized.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

FIREWALLS An Important Component in Computer Systems Security By: Bao Ming Soh.

Chapter 7. Identifying Assets and Activities to Be Protected

Web Application Protection Against Hackers and Vulnerabilities

Introduction to Networking

IBM Security Access Manager V9.0 Deployment IBM C dumps.html.

DATA PRIVACY EMERGING TECHNOLOGIES by Virginia Mushkatblat

Web Servers / Deployment

Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein

Introduction to Networking Security

Presentation transcript:

Database Vulnerability And Encryption Presented By: Priti Talukder

Content  Different types of Threats.  How will organization protect sensitive data?  What is database encryption, and how does it work?  Is database encryption alone enough to protect data from compromise?  Does encrypting a database impact server performance?

Threats  External Threats Hackers breach a software company’s website, stealing credit card information.  Internal Threats A disgruntled employee accesses confidential salary information and distributes it.  Physical threats Thieves strike a data center.

Example Of Threats  Stolen 55,000 credit card records from the database of CreditCards.com by Mexus. mirror image of Mexus’s web site.mirror image of

Database encryption  What is Database encryption? Protect data from compromise and abuse.  How does it work? Credit Card Number Encrypted Credit Card Number Encryption Key + Encryption Algorithm 04wØ×1ve

Encryption Strategy  Inside DBMS  Advantages and Disadvantages Least impact on application Security vulnerability- encryption key stored in database table. Performance degradation To separate keys, additional hardware is required like HSM.  Outside DBMS  Advantages and Disadvantages –Remove computational overhead from DBMS and application servers. –Separate encrypted data from encrypted key. –Communication overhead. –Must administer more servers.

Is database encryption enough?  Compromising with web server.  Hacking while transfer(MITM)  Solution Additional security practices such as SSL and proper configuration of firewall.

Application Spher

Structure Firewall Telnet Http DPI, IPS Application Sphere Sql injection Buffer overflow Cookie poisoning Front Door Metal Detector Pick pocket XSS

Statistics AttackPercent vulnerable Cross-site scripting 80% SQL injection62% Parameter tampering60% Cookie poisoning37% Database server33% Web Server23% Buffer overflow19%

Application security-essential element InformationDatabase Business LogicApplication server ApplicationWeb custom HostOS, Network, System, Memory NetworkTCP, UDP, Port over IP

References   00b.htm 00b.htm  asesecurityprotectingsensitiveandcriticalinformati on.php asesecurityprotectingsensitiveandcriticalinformati on.php  t=itmgmt_10_50_20_24 t=itmgmt_10_50_20_24