A well-known information security expert once said that information security is nothing but three. One is data security, and the other is system security, which is the more popular firewall, intrusion detection, and VPN security, and the third is the security of e-commerce.
Data encryption, database encryption technology status and future trends? Can a productized solution in this area meet the needs of industry and enterprise users?
Firewall is not the whole problem
The anti-intrusion network security technology represented by a firewall is not equal to all information security. In most information systems, the core data and data are stored in the form of a database. An unencrypted database is like a locked file cabinet. For ulterior motives, plagiarism and tampering are easy. Therefore, the security of the database can not be ignored.
The database encryption system is designed and developed to enhance the security of ordinary relational database management systems. It aims to provide a secure and applicable database encryption platform that effectively protects the contents of communication and database storage. It achieves the confidentiality and integrity requirements of database data storage and communication through security methods such as communication encryption and database storage encryption, making the database stored in ciphertext and working in dense mode to ensure data security.
Encrypted databases are imminent
After years of research, our country's database encryption technology has become more mature. Some company's database security middleware technology, under the premise of protecting users' original software and hardware investment, can effectively store and query dense database. This technique has been effectively applied in practice.
So, why is the issue of database security an urgent security issue for current industry and enterprise users?
First, anti-copy information security technology is a truly reliable technology, and database encryption technology is one of such technologies. One of the means adopted by intelligence operations between hostile agencies is often the most direct method of buying and copying. If an opponent buys a cleaner who is usually not noticed by the enemy, even if the cleaner does not know any technology, he only needs to use a hard disk duplicator that is often used by intelligence agents and agents to gently press a button. Can take away all data in minutes!
At this time, firewalls, intrusion detection, and other protection systems do not provide security protection. The database is encrypted and stored in cipher text. Even if it is stolen or copied, the confidential data will not be obtained by the enemy, because what they have acquired is just a bunch of passwords that can hardly be cracked.
Second, the widespread use of the Internet, the widespread use of mobile communications, and laptop computers pose a greater threat to database security. Wireless communications can be intercepted, counterfeited, and intercepted at any time. Wireless Internet access and mobile communications bring convenience and high efficiency to people, but they also bring about significant risks of information security.
Again, database security should be aligned with operating systems, network security, and CPUs to form the focus of an information security strategy. Only by establishing standards and implementing database security as an important part of information security management and effective monitoring can information security be further protected.
7 features to achieve database encryption
In general, a well-established database encryption system has the following seven main functions and features.
1. Authentication: In addition to providing the user name and password, the user must provide other related security credentials according to the system security requirements. The system can choose to use terminal keys, user USB keys, etc. to enhance the security of identity authentication.
2. Communication Encryption and Integrity Protection: Access to the database is encrypted in the network transmission, and the destination of the communication can also verify the integrity of the communication; the meaning of one-time communication is to prevent replay and prevent tampering.
3, database data storage encryption and integrity protection: The system uses data item-level storage encryption, that is, different records in the database, each record of different fields are encrypted using different keys, supplemented by verification measures to ensure that the database data storage The confidentiality and integrity prevent unauthorized access and modification of data.
4, database encryption settings: The system can choose to need to encrypt the database column, in order to allow users to select those sensitive information for encryption rather than all data are encrypted. Only the user's sensitive data is encrypted and database access speed can be improved. This helps the user to achieve an autonomous balance between efficiency and safety.
5. Multi-level key management mode: The master key and master key variables are stored in a secure area, the secondary key is encrypted and protected by the master key variable, and the data encryption key is stored or transmitted using a secondary key encryption protection. , Protected by master key when used.
6. Safe backup: The system provides database plaintext backup function (in order to prevent disaster, the system provides the function of backup of the database content in the form of clear text to prevent the loss of key or data from causing disastrous consequences) and the key backup function (user can use the database at the same time) The backup function of the management system and the key backup function of the database encryption system simultaneously back up the ciphertext and the key and restore it when necessary.
7. Common interface and extensive platform support: The system adopts an open architecture and supports standard SQL statements.
Related knowledge base
â—† Several algorithms for data encryption
Encryption algorithms are formulas and rules that specify the transformation between plaintext and ciphertext. The key is the key information to control the encryption algorithm and the decryption algorithm, and its production, transmission, storage and other work is very important.
The basic process of data encryption includes the translation of plaintext (readable information) into a code form of ciphertext or password. The reverse process of the process is decryption, ie the process of converting the encoded information into its original form.
The DES algorithm DES (Data Encryption Standard) was developed by IBM after 1970 and adopted by the U.S. government in November 1976. DES was subsequently adopted by the National Bureau of Standards and the American National Standard Institute (ANSI). recognition.
The cryptographic drawback of Triple DES DES is that the key length is relatively short, so people have come up with a way to solve their length, that is, using triple DES.
RSA Algorithm It is the first algorithm that can be used for both data encryption and digital signatures. It is easy to understand and operate, and it is also very popular. The names of the algorithms are named after the inventor: Ron Rivest, Adi Shamir, and Leonard Adleman.
The AES algorithm is the latest commercial encryption standard that replaces the DES algorithm in the 21st century. In theory, this encryption method requires the national military-level cracking equipment to operate for more than 10 years before it can be deciphered.
Data encryption, database encryption technology status and future trends? Can a productized solution in this area meet the needs of industry and enterprise users?
Firewall is not the whole problem
The anti-intrusion network security technology represented by a firewall is not equal to all information security. In most information systems, the core data and data are stored in the form of a database. An unencrypted database is like a locked file cabinet. For ulterior motives, plagiarism and tampering are easy. Therefore, the security of the database can not be ignored.
The database encryption system is designed and developed to enhance the security of ordinary relational database management systems. It aims to provide a secure and applicable database encryption platform that effectively protects the contents of communication and database storage. It achieves the confidentiality and integrity requirements of database data storage and communication through security methods such as communication encryption and database storage encryption, making the database stored in ciphertext and working in dense mode to ensure data security.
Encrypted databases are imminent
After years of research, our country's database encryption technology has become more mature. Some company's database security middleware technology, under the premise of protecting users' original software and hardware investment, can effectively store and query dense database. This technique has been effectively applied in practice.
So, why is the issue of database security an urgent security issue for current industry and enterprise users?
First, anti-copy information security technology is a truly reliable technology, and database encryption technology is one of such technologies. One of the means adopted by intelligence operations between hostile agencies is often the most direct method of buying and copying. If an opponent buys a cleaner who is usually not noticed by the enemy, even if the cleaner does not know any technology, he only needs to use a hard disk duplicator that is often used by intelligence agents and agents to gently press a button. Can take away all data in minutes!
At this time, firewalls, intrusion detection, and other protection systems do not provide security protection. The database is encrypted and stored in cipher text. Even if it is stolen or copied, the confidential data will not be obtained by the enemy, because what they have acquired is just a bunch of passwords that can hardly be cracked.
Second, the widespread use of the Internet, the widespread use of mobile communications, and laptop computers pose a greater threat to database security. Wireless communications can be intercepted, counterfeited, and intercepted at any time. Wireless Internet access and mobile communications bring convenience and high efficiency to people, but they also bring about significant risks of information security.
Again, database security should be aligned with operating systems, network security, and CPUs to form the focus of an information security strategy. Only by establishing standards and implementing database security as an important part of information security management and effective monitoring can information security be further protected.
7 features to achieve database encryption
In general, a well-established database encryption system has the following seven main functions and features.
1. Authentication: In addition to providing the user name and password, the user must provide other related security credentials according to the system security requirements. The system can choose to use terminal keys, user USB keys, etc. to enhance the security of identity authentication.
2. Communication Encryption and Integrity Protection: Access to the database is encrypted in the network transmission, and the destination of the communication can also verify the integrity of the communication; the meaning of one-time communication is to prevent replay and prevent tampering.
3, database data storage encryption and integrity protection: The system uses data item-level storage encryption, that is, different records in the database, each record of different fields are encrypted using different keys, supplemented by verification measures to ensure that the database data storage The confidentiality and integrity prevent unauthorized access and modification of data.
4, database encryption settings: The system can choose to need to encrypt the database column, in order to allow users to select those sensitive information for encryption rather than all data are encrypted. Only the user's sensitive data is encrypted and database access speed can be improved. This helps the user to achieve an autonomous balance between efficiency and safety.
5. Multi-level key management mode: The master key and master key variables are stored in a secure area, the secondary key is encrypted and protected by the master key variable, and the data encryption key is stored or transmitted using a secondary key encryption protection. , Protected by master key when used.
6. Safe backup: The system provides database plaintext backup function (in order to prevent disaster, the system provides the function of backup of the database content in the form of clear text to prevent the loss of key or data from causing disastrous consequences) and the key backup function (user can use the database at the same time) The backup function of the management system and the key backup function of the database encryption system simultaneously back up the ciphertext and the key and restore it when necessary.
7. Common interface and extensive platform support: The system adopts an open architecture and supports standard SQL statements.
Related knowledge base
â—† Several algorithms for data encryption
Encryption algorithms are formulas and rules that specify the transformation between plaintext and ciphertext. The key is the key information to control the encryption algorithm and the decryption algorithm, and its production, transmission, storage and other work is very important.
The basic process of data encryption includes the translation of plaintext (readable information) into a code form of ciphertext or password. The reverse process of the process is decryption, ie the process of converting the encoded information into its original form.
The DES algorithm DES (Data Encryption Standard) was developed by IBM after 1970 and adopted by the U.S. government in November 1976. DES was subsequently adopted by the National Bureau of Standards and the American National Standard Institute (ANSI). recognition.
The cryptographic drawback of Triple DES DES is that the key length is relatively short, so people have come up with a way to solve their length, that is, using triple DES.
RSA Algorithm It is the first algorithm that can be used for both data encryption and digital signatures. It is easy to understand and operate, and it is also very popular. The names of the algorithms are named after the inventor: Ron Rivest, Adi Shamir, and Leonard Adleman.
The AES algorithm is the latest commercial encryption standard that replaces the DES algorithm in the 21st century. In theory, this encryption method requires the national military-level cracking equipment to operate for more than 10 years before it can be deciphered.
Curtain Holder,Curtain Hook,Holders for Curtains
Pengjian Thread Factory , http://www.hzcurtainfringe.com