Optimizing Protected Indexes

•Download as PPTX, PDF•

0 likes•448 views

This document discusses different methods for encrypting and protecting data at rest and in transit. It compares hashing and encryption techniques, and evaluates them based on requirements like encrypting data at the object level while allowing decryption, avoiding changes to application code, and minimizing performance impacts. The document demonstrates encryption using a hash grouping technique on sample data and discusses options like salting hashes to improve security. It also highlights that new technologies may eventually crack encryption algorithms and that encryption standards will need to evolve over time.

Technology

Optimizing
Protected
Indexes
aka: “Indexing” encrypted data

Agenda
• Scenarios of data exposure
• Data in transit vs. Data at rest
• Discuss personal experience
• Hash or Encryption – How to choose?
• Demo #1
• Discuss how to improve
• Demo #2
• Final summary and questions
http://reedbookmanreunion.com/images/agenda.jpg

50 million users
may have been compromised
Name, email, address, “encrypted” passwords

4.7 million SSN
3.3 million bank account #s

“While encryption of data at rest is an effective defense-in-depth
technique, encryption is not currently required for FTI
(Federal Tax Information) while it resides on a system (e.g., in files
or in a database) that is dedicated to receiving, processing, storing
or transmitting FTI, is configured in accordance with the IRS
Safeguards Computer Security Evaluation Matrix (SCSEM)
recommendations and is physically secure restricted area behind
two locked barriers. This type of encryption is being evaluated by
the IRS as a potential policy update in the next revision of the
Publication 1075.”

Data at rest is not required to be encrypted
http://www.irs.gov/uac/Encryption-Requirements-of-IRS-Publication-1075

http://www.petapixel.com/assets/uploads/2009/12/Storybook-Wolf-by-Jose-Lu-0011.jpg

 Data at object level had to be protected

 Had to be able to decrypt the value
 No change to existing application code, SQL code ok
 Minimal Impact on performance

http://shawnram.files.wordpress.com/2010/10/criteria1.jpg

http://www.thephatstartup.com/wp-content/uploads/2012/08/dont-worry-i-got-this.jpg

Does:
• Encrypt the MDF and LDF files via symmetric key
• Encrypt files and trans log for log shipped / mirrored
• Affect performance since tempdb is encrypted too

Does not:
•
•
•
•
•
•

encrypt data at the object level.
support instant file initialization for database files.
interact well with backup compression.
encrypt read only filegroups.
encrypt databases used in replication topologies.
encrypt filestream data.

HASH!!
http://www.thesouthinmymouth.com/wp-content/uploads/2012/01/corned-beef-hash.jpg

Salt your Hashes

http://www.f1online.pro/en/image-details/4832529.html

http://kingdombard.files.wordpress.com/2010/06/one_way_by_cellogirl19.jpg

http://www.swiss-banking-antiques.com/images/bbposte60mmperspective-750.png

http://cdn.zmescience.com/wp-content/uploads/2012/12/fresh-sliced-bread.jpg

Options?

http://www.miamism.com/wp-content/uploads/m/blogs/miamism/options.jpg

Hash Grouping
Generate a value
From a hash algorithm
and store only the end
result value.

http://kennybriscoe.com/wp-content/uploads/2011/02/lightbulb-idea.jpg

New GPU systems
crack 14 character passwords
in about 6 minutes

Potential breaking times of various Hash Algorithms:
• SHA1: 63G / sec
• LM: 20G / sec
• Bcrypt: 71k /sec
*Not been able to find stats for AES_256 (SQL Encryption)
because no one is really bothering to try
http://www.club-3d.com/tl_files/club3d/uploads/en/content/Technology/AMD/CrossFireX/3waycrossfire.png

http://imgix.8tracks.com/mix_covers/000/593/175/94743.original.jpg?fm=jpg&q=65&sharp=15&vib=10&w=521&h=521&fit=crop

@CBELLDBA

Chris@WaterOxConsulting.com

www.WaterOxConsulting.com

Image by: Master isolated images on www.freedigitalphotos.net

What's hot

Digital Forensics Projects Assistance

Network Simulation Tools

WWW.DSS.LV - Data Protection Basics 2015 - DeviceLock

Andris Soroka

Five steps to secure big data

Ulf Mattsson

Digital Forensics best practices with the use of open source tools and admiss...

Sagar Rahurkar

Digital Forensics Workshop

Tim Fletcher

This paper explores two questions: What methods can be used to deceive someone who is in an investigative role into trusting an object which has been exploited? What kind of impact does operating system and application run-time linking have on live investigations? After experimenting with dynamic object dependencies and kernel modules in the UNIX environment, it is the opinion of the authors that run-time linking can be exploited to alter the execution of otherwise trusted objects. This can be accomplished without having to modify the objects themselves. If an investigator trusts an inherently un-trusted object, it can result in the possible misdirection of a digital investigation.

Digital Anti-Forensics: Emerging trends in data transformation techniques

Seccuris Inc.

Computer Forensic

Tawhidur Rahman

Anti forensic

Milap Oza

Deep Web and Digital Investigations

Damir Delija

In this presentation we will introduce current state of digital forensics, its positioning in general IT security and relations with data science and data analyses. Many strong links exist among this technical and scientific fields, usually this links are not taken into consideration. For data owners, forensic researchers and investigators this connections and data views presents additional hidden values.

Draft current state of digital forensic and data science

Damir Delija

Download DOC word file from below Links: Link 1 :http://gestyy.com/eiT4WO Link 2: http://fumacrom.com/RQUm Disclaimer: Above doc file is only for education purpose only Process of Digital forensics Identification Preservation Analysis 4. Presentation and Reporting: 5. Disseminating the case: What is acquisition in digital forensics? How to handle data acquisition in digital forensics Types of Digital Forensics Disk Forensics Network Forensics Wireless Forensics Database Forensics

Digital forensics Steps

gamemaker762

Dama - Protecting Sensitive Data on a Database

johanswart1234

Digital forensics track schroader-rob when forensics collide

ISSA LA

Crowdsourcing Speech Data Science and AI

Crowdsourcing Week

O365Con18 - Threat Modeling for SharePoint - Ivan Vagunin

NCCOMMS

In today’s increasingly competitive world, accelerated speed to identifying relevant and hidden knowledge, internal expertise and experience is critical to meeting client demands, securing new clients and cases, reviewing precedents and outcomes and leveraging collective IP for the strategic advantage. OpenText Decisiv instantly finds, organizes, and helps gain insights from your data for the competitive advantage. To learn more, email salt@opentext.com

Opentext Decisiv

Marc St-Pierre

Sujit

Sujit George

What's hot (17)

Digital Forensics Projects Assistance

WWW.DSS.LV - Data Protection Basics 2015 - DeviceLock

Five steps to secure big data

Digital Forensics best practices with the use of open source tools and admiss...

Digital Forensics Workshop

Digital Anti-Forensics: Emerging trends in data transformation techniques

Computer Forensic

Anti forensic

Deep Web and Digital Investigations

Draft current state of digital forensic and data science

Digital forensics Steps

Dama - Protecting Sensitive Data on a Database

Digital forensics track schroader-rob when forensics collide

Crowdsourcing Speech Data Science and AI

O365Con18 - Threat Modeling for SharePoint - Ivan Vagunin

Opentext Decisiv

Sujit

Similar to Optimizing Protected Indexes

How to break the delivery stage of cyber kill chain was the main topic I delivered last sunday during IDSECCONF 2018 in Malang. Cyber kill chain wasn’t new at all, it was there since long time, the term popularized by lockheed martin few years ago to help industry identify methodology / technology to prevent cyber attack. I covered signatured based malware detection, sandboxing, artificial intelligence, and introducing “content disarm reconstruction” in details. IDSECCONF is always about contributing back to community since we learnt from community many years ago. I hope what I’ve learn from Industry related to CDR technology can be beneficial to the Indonesian IT security community.

Content Disarm Reconstruction & Cyber Kill Chain

Muhammad Sahputra

Content Disarm Reconstruction and Cyber Kill Chain - Muhammad Sahputra

idsecconf

Digital Finance Africa 2022 - https://itnewsafrica.com/event/ -hosted by IT News Africa is the definitive annual event on technology leadership in the financial services industry. It asks the hard questions not asked in other conferences, and identifies the skills required to steer a course in an age where the entire industry is transforming rapidly. This is a Summit for bold, visionary leaders who are willing to take calculated risks as much as they are willing to consolidate, who know what to give up as much as what they expect to gain.

Trust in a Digital World

itnewsafrica

Data base system.pptx

MrwafaAbbas

Web & Cloud Security in the real world

Madhu Akula

Využijte svou Oracle databázi na maximum!

MarketingArrowECS_CZ

Apache Spark vs Apache Spark: An On-Prem Comparison of Databricks and Open-So...

Databricks

Asug84339 how to secure privacy data in a hybrid s4 hana landscape

Dharma Atluri

Mitigating One Million Security Threats With Kafka and Spark With Arun Janarthnam | Current 2022 Citrix Analytics (Security), a user behavior analytics service, protects 100’s of companies from risks and threats posed by users. The service processes 3 billion events per day and can identify security threats in under a minute. Kafka is the backbone of our real-time platform. It seamlessly glues the numerous stages required for ETL, Feature Extraction, Model Training & Serving, data access etc and enables us to develop new products faster. In this session, we will talk about how, in the last 6 months, 7M risk indicators were triggered and 1M threat mitigating actions were taken, and the integral role Kafka played in achieving it. We would also like to share some interesting ways Kafka is used at Citrix. Like, how topics are auto provisioned, and security is handled in a multi-tenant, public facing “northbound” Kafka cluster and the Kafka + Spark optimizations that reduced the cost of running 100’s of streaming jobs.

Mitigating One Million Security Threats With Kafka and Spark With Arun Janart...

HostedbyConfluent

Application of Machine Learning in Cybersecurity

Pratap Dangeti

Essential Layers of IBM i Security: File and Field Security

Precisely

Extending Information Security to Non-Production Environments

LindaWatson19

Understanding Database Encryption & Protecting Against the Insider Threat wit...

MongoDB

Data Leakage Prevention

Microsoft TechNet - Belgium and Luxembourg

Hadoop and Big Data Security

Chicago Hadoop Users Group

Where to Store the Cloud Encryption Keys - InterOp 2012

Trend Micro

This talk will review the advanced security features in DataStax Enterprise and discuss best practices for secure deployments. In particular, topics reviewed will cover: Authentication with Kerberos & LDAP/Active Directory, Role-based Authorization and LDAP role assignment, Auditing, Securing network communication, Encrypting data files and using the Key-Management Interoperability Protocol (KMIP) for secure off-host key management. The talk will also suggest strategies for addressing security needs not met directly by the built-in features of the database such as how to address applications that require Attribute Based Access Control (ABAC). About the Speaker Matt Kennedy Sr. Product Manager, DataStax Matt Kennedy works at DataStax as the product manager for DataStax Enterprise Core. Matt has been a Cassandra user and occasional contributor since version 0.7 and was named a Cassandra MVP in 2013 shortly before joining DataStax. Unlike Cassandra, Matt is not partition tolerant.

DataStax | Best Practices for Securing DataStax Enterprise (Matt Kennedy) | C...

DataStax

Many applications with high-sensitivity workloads require enhanced technical options to control and limit access to confidential and regulated data. In some cases, system requirements or compliance obligations dictate a separation of duties for staff operating the database and those who maintain the application layer. In cloud-hosted environments, certain data are sometimes deemed too sensitive to store on third-party infrastructure. This is a common pain for system architects in the healthcare, finance, and consumer tech sectors — the benefits of managed, easily expanded compute and storage have been considered unavailable because of data confidentiality and privacy concerns. This session will take a deep dive into new security capabilities in MongoDB 4.2 that address these scenarios, by enabling native client-side field-level encryption, using customer-managed keys. We will review how confidential data can be securely stored and easily accessed by applications running on MongoDB. Common query design patterns will be presented, with example code demonstrating strong end-to-end encryption in Atlas or on-premise. Implications for developers and others designing systems in regulated environments will be discussed, followed by a Q&A with senior MongoDB security engineers.

MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...

MongoDB

Nothing strikes fear into the heart of an engineer more than the installation of a firewall to achieve the laudable goal of defense-in-depth through network segmentation. Security teams demand the implementation of firewalls telling everyone, “It’s for compliance!” But the addition of firewalls and other security appliances (aka chokepoints) into an infrastructure infuriates network engineers who design to optimize speed and minimize latency. Sysadmins and DBAs are equally frustrated, because of the increased complexity in building and troubleshooting applications. So it’s down the rabbit hole we go trying to achieve the unachievable with everyone waxing rhapsodic for those bygone days when the end-to-end principle ruled the Internet. Is it really possible to have security coexist with operational efficiency? Organizations seem happy to throw money at technology and operations, but when it comes to policies and procedures, they fail miserably. This is the biggest problem with building a layered design. As engineers, if we don’t have clear policies as a set of requirements, how will we determine the appropriate network segmentation and protections to put in place? The answer lies in aligning network segmentation with an organizational data classification matrix and understanding that while compliance and security often overlap, they’re not the same.

Beware the Firewall My Son: The Workshop

Michele Chubirka

Controlling all the ways your company’s data is being accessed, especially given the proliferation of open source software and other non-traditional data-access methods, is critical to ensuring security and regulatory compliance. This webinar reviews the different ways your data can be accessed, discusses how exit points work and how they can be managed, and why a global data access control strategy is especially important to efficiently protect sensitive data against unwanted access. Topics include: • IBM i access methods and risks • Using exit programs to block traditional and modern access methods • Real life examples and perspectives

Expand Your Control of Access to IBM i Systems and Data

Precisely

Similar to Optimizing Protected Indexes (20)

Content Disarm Reconstruction & Cyber Kill Chain

Content Disarm Reconstruction and Cyber Kill Chain - Muhammad Sahputra

Trust in a Digital World

Data base system.pptx

Web & Cloud Security in the real world

Využijte svou Oracle databázi na maximum!

Apache Spark vs Apache Spark: An On-Prem Comparison of Databricks and Open-So...

Asug84339 how to secure privacy data in a hybrid s4 hana landscape

Mitigating One Million Security Threats With Kafka and Spark With Arun Janart...

Application of Machine Learning in Cybersecurity

Essential Layers of IBM i Security: File and Field Security

Extending Information Security to Non-Production Environments

Understanding Database Encryption & Protecting Against the Insider Threat wit...

Data Leakage Prevention

Hadoop and Big Data Security

Where to Store the Cloud Encryption Keys - InterOp 2012

DataStax | Best Practices for Securing DataStax Enterprise (Matt Kennedy) | C...

MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...

Beware the Firewall My Son: The Workshop

Expand Your Control of Access to IBM i Systems and Data

Recently uploaded

WebAssembly is Key to Better LLM Performance

Samy Fodil

PLAI - Acceleration Program for Generative A.I. Startups

Stefano

Intrigued by why some of the world's largest companies (Netflix, Google, Cisco, Twitter, Uber etc) are using gRPC? In this demo based talk we delve into the world of gRPC in .Net, what it does and why we should use it. We compare the interface with both Rest and graphQL. We will show you how to implement grpc server-side in .net and in the web. Finally, I will show you how the tooling helps you deliver powerful interfaces and interact with them quickly and simply.

Demystifying gRPC in .Net by John Staveley

John Staveley

IoT Analytics Company Presentation May 2024

IoTAnalytics

Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf

FIDO Alliance

I'm excited to share my latest predictions on how AI, robotics, and other technological advancements will reshape industries in the coming years. The slides explore the exponential growth of computational power, the future of AI and robotics, and their profound impact on various sectors. Why this matters: The success of new products and investments hinges on precise timing and foresight into emerging categories. This deck equips founders, VCs, and industry leaders with insights to align future products with upcoming tech developments. These insights enhance the ability to forecast industry trends, improve market timing, and predict competitor actions. Highlights: ▪ Exponential Growth in Compute: How $1000 will soon buy the computational power of a human brain ▪ Scaling of AI Models: The journey towards beyond human-scale models and intelligent edge computing ▪ Transformative Technologies: From advanced robotics and brain interfaces to automated healthcare and beyond ▪ Future of Work: How automation will redefine jobs and economic structures by 2040 With so many predictions presented here, some will inevitably be wrong or mistimed, especially with potential external disruptions. For instance, a conflict in Taiwan could severely impact global semiconductor production, affecting compute costs and related advancements. Nonetheless, these slides are intended to guide intuition on future technological trends.

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl

Peter Udo Diehl

Heather Hedden, Senior Consultant at Enterprise Knowledge, presented “Enterprise Knowledge Graphs: The Importance of Semantics” on May 9, 2024, at the annual Data Summit in Boston. In her presentation, Hedden describes the components of an enterprise knowledge graph and provides further insight into the semantic layer – or knowledge model – component, which includes an ontology and controlled vocabularies, such as taxonomies, for controlled metadata. While data experts tend to focus on the graph database components (RDF triple store or a label property graph), Hedden emphasizes they should not overlook the importance of the semantic layer.

Enterprise Knowledge Graphs - Data Summit 2024

Enterprise Knowledge

Explore the core of Salesforce success in 'Salesforce Adoption – Metrics, Methods, and Motivation.' We will discuss essential metrics, effective methods to drive adoption, and the driving force behind user engagement and explore strategies for onboarding, training, and continuous support that empower users to navigate the platform seamlessly. By leveraging these tools, you can effectively measure adoption against your company’s goals and create an environment where users not only adopt Salesforce but actively contribute to its ongoing success.

Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom

CzechDreamin

IESVE for Early Stage Design and Planning

IES VE

When you think of a highly secure meeting environment, do you instantly think 'Microsoft Teams'!? Or do you think about some unknown application, troublesome UI and daunting login process...? If you think the latter - let's change that! In this session Femke will show you how using Teams Premium features can create secure, but also good looking meetings! PRETTY. Make sure your company's brand is represented before, during and after the meeting with Customization policies in place. SECURE. Lets utilize Meeting templates and Sensitivity Labels to protect your meeting and data to prevent sensitive information from being leaked. After this session, you will have a clear understanding of the capabilities of Teams Premium features and how to set up the perfect meeting that suits your organizational requirements!

ECS 2024 Teams Premium - Pretty Secure

Femke de Vroome

The Epson EcoTank L3210 is a high-performance and cost-efficient printer designed to meet the printing needs of both home users and small businesses. Equipped with Epson’s revolutionary EcoTank ink tank system, the Epson eliminates the need for traditional ink cartridges, thereby significantly reducing printing costs and plastic waste. With its PrecisionCore technology, this printer delivers sharp, vibrant prints for both documents and photos. Its user-friendly design ensures easy setup and operation, while its compact form factor saves valuable desk space. Whether it’s everyday printing jobs or creative projects, the Epson EcoTank L3210 provides a reliable and eco-friendly printing solution.

Buy Epson EcoTank L3210 Colour Printer Online.pdf

EasyPrinterHelp

How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf

FIDO Alliance

AI presentation and introduction - Retrieval Augmented Generation RAG 101

vincent683379

ScyllaDB has the potential to deliver impressive performance and scalability. The better you understand how it works, the more you can squeeze out of it. But before you squeeze, make sure you know what to monitor! Watch our experienced Postgres developer work through monitoring and performance strategies that help him understand what mistakes he’s made moving to NoSQL. And learn with him as our database performance expert offers friendly guidance on how to use monitoring and performance tuning to get his sample Rust application on the right track. This webinar focuses on using monitoring and performance tuning to discover and correct mistakes that commonly occur when developers move from SQL to NoSQL. For example: - Common issues getting up and running with the monitoring stack - Using the CQL optimizations dashboard - Common issues causing high latency in a node - Common issues causing replica imbalance - What a healthy system looks like in terms of memory - Key metrics to keep an eye on This isn’t “Death-by-Powerpoint.” We’ll walk through problems encountered while migrating a real application from Postgres to ScyllaDB – and try to fix them live as well.

Optimizing NoSQL Performance Through Observability

ScyllaDB

Agentic RAG What it is its types applications and implementation.pdf

ChristopherTHyatt

Where to Learn More About FDO _ Richard at FIDO Alliance.pdf

FIDO Alliance

Already know how to write a basic SOQL query? Great! But what about an *aggregate* SOQL query? You know, the kind that uses aggregate functions like COUNT & MAX along with GROUP BY and HAVING clauses? No? Well, get ready to learn how to slice & dice your org’s data right inside your own dev console. From finding duplicate records to prototyping summary & matrix reports, learn the ins and outs of aggregate queries during this fast-paced but admin-friendly session on advanced SOQL concepts.

SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...

CzechDreamin

Syngulon’s technology expands the capacity for selection of microorganisms. The ability to select individual microbes with a behavior of interest is essential, whether for simple cloning at the bench, or for industry-scale production. Synthetic biology uses the concept of “bioengineering” to improve or modify existing genetic systems to create microbes with desired behaviors, and Syngulon uses this approach to develop its selection technologies. This selection technology is based on bacteriocins, ribosomally-produced peptides naturally made by most bacteria to kill competitive microbial species. These bacteriocins can have a limited or wide target range against other microbial species. This technology offers advantageous over antibiotic selection for several reasons: it avoids the use of antibiotics in the first place, helping to reduce the spread of antibiotic resistant microbes. The technology also increases product yield; as bacteriocins are generally smaller peptides, they do not impose a heavy metabolic burden on the producing cell. They can have a wide target specificity, helping to avoid genetic drift. Finally, our system is 100% plasmid-based (e.g. without chromosomal mutations), making it applicable for use in any E. coli strains.

Syngulon - Selection technology May 2024.pdf

Syngulon

Welcome to UiPath Test Automation using UiPath Test Suite series part 2. In this session, we will cover API test automation along with a web automation demo. Topics covered: Test Automation introduction API Example of API automation Web automation demonstration Speaker Pathrudu Chintakayala, Associate Technical Architect @Yash and UiPath MVP Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

UiPath Test Automation using UiPath Test Suite series, part 2

DianaGray10

ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...

FIDO Alliance

Recently uploaded (20)

WebAssembly is Key to Better LLM Performance

PLAI - Acceleration Program for Generative A.I. Startups

Demystifying gRPC in .Net by John Staveley

IoT Analytics Company Presentation May 2024

Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl

Enterprise Knowledge Graphs - Data Summit 2024

Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom

IESVE for Early Stage Design and Planning

ECS 2024 Teams Premium - Pretty Secure

Buy Epson EcoTank L3210 Colour Printer Online.pdf

How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf

AI presentation and introduction - Retrieval Augmented Generation RAG 101

Optimizing NoSQL Performance Through Observability

Agentic RAG What it is its types applications and implementation.pdf

Where to Learn More About FDO _ Richard at FIDO Alliance.pdf

SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...

Syngulon - Selection technology May 2024.pdf

UiPath Test Automation using UiPath Test Suite series, part 2

ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...

Optimizing Protected Indexes

1. Optimizing Protected Indexes aka: “Indexing” encrypted data

2. Comic from Dilbert.com

3. Agenda • Scenarios of data exposure • Data in transit vs. Data at rest • Discuss personal experience • Hash or Encryption – How to choose? • Demo #1 • Discuss how to improve • Demo #2 • Final summary and questions http://reedbookmanreunion.com/images/agenda.jpg

4. 50 million users may have been compromised Name, email, address, “encrypted” passwords

5. 4.7 million SSN 3.3 million bank account #s

6. “While encryption of data at rest is an effective defense-in-depth technique, encryption is not currently required for FTI (Federal Tax Information) while it resides on a system (e.g., in files or in a database) that is dedicated to receiving, processing, storing or transmitting FTI, is configured in accordance with the IRS Safeguards Computer Security Evaluation Matrix (SCSEM) recommendations and is physically secure restricted area behind two locked barriers. This type of encryption is being evaluated by the IRS as a potential policy update in the next revision of the Publication 1075.” Data at rest is not required to be encrypted http://www.irs.gov/uac/Encryption-Requirements-of-IRS-Publication-1075

7. 94 million credit cards

10. Data in Transit

11. Data at Rest

12. http://www.petapixel.com/assets/uploads/2009/12/Storybook-Wolf-by-Jose-Lu-0011.jpg

13. Change is coming

14.

15.  Data at object level had to be protected  Had to be able to decrypt the value  No change to existing application code, SQL code ok  Minimal Impact on performance http://shawnram.files.wordpress.com/2010/10/criteria1.jpg

16. http://www.thephatstartup.com/wp-content/uploads/2012/08/dont-worry-i-got-this.jpg

17. What method?

18. Does: • Encrypt the MDF and LDF files via symmetric key • Encrypt files and trans log for log shipped / mirrored • Affect performance since tempdb is encrypted too Does not: • • • • • • encrypt data at the object level. support instant file initialization for database files. interact well with backup compression. encrypt read only filegroups. encrypt databases used in replication topologies. encrypt filestream data.

19.  Data at object level had to be protected  Had to be able to decrypt the value  No change to existing application code, SQL code ok  Minimal Impact on performance http://shawnram.files.wordpress.com/2010/10/criteria1.jpg

20. HASH!! http://www.thesouthinmymouth.com/wp-content/uploads/2012/01/corned-beef-hash.jpg

21. Salt your Hashes http://www.f1online.pro/en/image-details/4832529.html

22. http://kingdombard.files.wordpress.com/2010/06/one_way_by_cellogirl19.jpg

23. Collisions

24.  Data at object level had to be protected  Had to be able to decrypt the value  No change to existing application code, SQL code ok  Minimal Impact on performance http://shawnram.files.wordpress.com/2010/10/criteria1.jpg

25. Encryption

26.

27. http://www.swiss-banking-antiques.com/images/bbposte60mmperspective-750.png http://cdn.zmescience.com/wp-content/uploads/2012/12/fresh-sliced-bread.jpg

28. DEMO

29.  Data at object level had to be protected  Had to be able to decrypt the value  No change to existing application code, SQL code ok  Minimal Impact on performance http://shawnram.files.wordpress.com/2010/10/criteria1.jpg

30. Options? http://www.miamism.com/wp-content/uploads/m/blogs/miamism/options.jpg

31.

32. Hash Grouping Generate a value From a hash algorithm and store only the end result value. http://kennybriscoe.com/wp-content/uploads/2011/02/lightbulb-idea.jpg

33.

34.  Data at object level had to be protected  Had to be able to decrypt the value  No change to existing application code, SQL code ok  Minimal Impact on performance http://shawnram.files.wordpress.com/2010/10/criteria1.jpg

35. SUCCESS!

36. New GPU systems crack 14 character passwords in about 6 minutes Potential breaking times of various Hash Algorithms: • SHA1: 63G / sec • LM: 20G / sec • Bcrypt: 71k /sec *Not been able to find stats for AES_256 (SQL Encryption) because no one is really bothering to try http://www.club-3d.com/tl_files/club3d/uploads/en/content/Technology/AMD/CrossFireX/3waycrossfire.png

37. http://imgix.8tracks.com/mix_covers/000/593/175/94743.original.jpg?fm=jpg&q=65&sharp=15&vib=10&w=521&h=521&fit=crop

38. @CBELLDBA Chris@WaterOxConsulting.com www.WaterOxConsulting.com Image by: Master isolated images on www.freedigitalphotos.net

Optimizing Protected Indexes

Recommended

Recommended

More Related Content

What's hot

What's hot (17)

Similar to Optimizing Protected Indexes

Similar to Optimizing Protected Indexes (20)

Recently uploaded

Recently uploaded (20)

Optimizing Protected Indexes