The Role of Encryption in Database Security — Chapter 1
INTRODUCTION
Security of data is considered as a top priority in both private and government section worldwide. Today most of the countries use new standard regulations to protect customer information. There are standards for,
1. Security of medical records.
2. Financial industry regarding privacy.
3. Security of customer personal information
To protect these confidential data, today new technology is used including encryption. This mechanism adds a significant security for confidential data. Database is an essential part of any kind of organization. For example:
- Commercial organizations
- Non Commercial organizations
All these organizations have maintained big databases with more confidential, sensitive and complex information. Therefore protecting these data is a big challenge. Data in a database is may attack or vulnerable to wide range of threats like denial service, Weak authentication and Backup Data Exposure. There are three main features that should be considered regarding security of data. They are,
- Confidentiality
- Integrity
- Availability
These three are called CIA properties. Confidentiality means privacy or restrict to access by unauthorized people. On the other hand only authorized people can view sensitive data. Integrity guarantees that data cannot be corrupted in an invisible way and availability ensures that authorized users can access the data when they are needed [4][5][6].When considering about database server, it can be attacked in number of ways, for examples Excessive privileges-In this case users/applications are granted access to database privilege facility that exceed the requirement of their job functions.
These privileges sometimes used for malicious purpose, Privilege abuse-Doing unethical things by database administrator, database manager or database user. Unauthorized privilege elevation-change privileges by attackers, vulnerabilities to the OS, SQL injection-execute random SQL queries to get data in the database, week audit policies of the organization, denial of service — attackers try to crash the database server by network folding or data corruption, weak authentication [16]. To eliminate those security problems it should have state security policy. Some security policies are access control, Inference policy, Auditing, user authentication accountability and Encryption [3].
Continue story to next chapter
DATABASE ENCRYPTION
we will back soon with next chapter
Thanks for reading! Follow and clap for more encryption industry trends news.