Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase 12»»

Encryptionphobia Expand / Collapse
Author
Message
Posted Saturday, August 22, 2009 12:01 PM
SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Friday, May 18, 2007 3:36 PM
Points: 10,039, Visits: 1
Comments posted to this topic are about the item Encryptionphobia
Post #775589
Posted Saturday, August 22, 2009 9:40 PM


Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Wednesday, December 15, 2010 6:35 PM
Points: 63, Visits: 193
The perennial debate with the security group.

Peter: Write the password down.

Security: That compromises security.

Peter: Backups do not compromise security, they enhance security.

Security: It's an exposure to record the password.

Peter: It's an exposure to lose the data.

etc., etc., etc.

"What happens if data is corrupted or lost due to a disk failure": I will restore it from backup.

Enough said.


Peter Edmunds ex-Geek
Post #775624
Posted Sunday, August 23, 2009 9:59 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Yesterday @ 5:38 PM
Points: 31,368, Visits: 15,834
It's a good point, and you don't want to avoid encryption just because of keys, but it's not quite the same as a backup. Often we have daily backups, and we store off the backups in multiple places (disk and tape).

However with an encryption key we have to protect that in a different way, and storing it with the backup could be another issue. Add to that the need to periodically rotate keys, and you have another issue of knowing which keys go with which items.

It's the same problem, but an order of complexity higher. More moving parts.

In my mind, you need a secure storage solution for keys, one with rotating keys, but a way to track them. Maybe as simple as two piece of paper stored in two secure locations (safe deposit boxes, safes,et c) that you can get to if you need to.







Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #775696
Posted Sunday, August 23, 2009 4:15 PM


Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Wednesday, December 15, 2010 6:35 PM
Points: 63, Visits: 193
Steve Jones - Editor (8/23/2009)
[...]but it's not quite the same as a backup[...]


Hmmm. I personally think it's the same. The data gets backed up, stored securely and can be recovered if the original is lost.

The private keys get backed up, stored securely and can be recovered if the original is lost.

The password gets backed up, stored securely and can be recovered if the original is lost.

Steve Jones - Editor (8/23/2009)
[...] More moving parts.[...]


Yes, agree with that, keeping password and keys in sync with the data is an order of magnitude worse than just simply restoring one internally consistant set of data. But probably much less problematic than say, restoring a corporate global data structure and a few logically linked workgroup databases to a consistant point in time and ensuring all the reporting systems aren't out of kilter.

Personally, I encrypt the private keys, using a different encryption technique, and back them up to separate media at the same time as the data they were used to encrypt.

The password for the data encryption private keys is encrypted again, the password for that layer is written on paper and the private keys for that layer managed a bit differently again, I'm sure you can see the pattern though.

Belts and braces? Yes.
Secure? Yes.
Always recoverable? Yes.
Paranoid? Probably.


Peter Edmunds ex-Geek
Post #775735
Posted Sunday, August 23, 2009 8:57 PM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Yesterday @ 5:38 PM
Points: 31,368, Visits: 15,834
I don't think it's the same because you need a new process. You can't store the keys or passwords with the backup files, or on the same tape, so you have to create some new process, which is why I think it's harder. It's a backup, but it's an exception to the rule.

Granted, it doesn't have to change every day, so maybe it's not too bad, but it's definitely different.







Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #775755
Posted Sunday, August 23, 2009 11:01 PM


Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Wednesday, December 15, 2010 6:35 PM
Points: 63, Visits: 193
Steve Jones - Editor (8/23/2009)
[...] you need a new process [...]


Basically agree with that, but are your day job's backup processes the same now as they were, say, a year ago? I'd be quite surprised if they were identical. The only constant is change, (duh, thanks Homer) and that's possibly more evident in this industry than almost anywhere else, with the possible exception of the swine flu viruses that have been making a concerted attempt at turkey xenoplurality.

Steve Jones - Editor (8/23/2009)
[...] You can't store the keys or passwords with the backup files, or on the same tape [...]


You can, simply encrypt them differently. I'm just extremely paranoid on principle, so I use different media. If your encryption techniques are sound, then it doesn't really matter that a potential threat knows that the first file on the archive tape is the private key for the archive, unless you believe the rumours about AES being subporned by the NSA, but that still leaves blowfish, twofish, threefish, etc., etc., etcfish.. Or multiple encryption with different algorithms. Now that could fry someone's brain pretty quickly. Caper sauce anyone?

But anyway, why would you be worried about the NSA gaining access to your customer details?

Steve Jones - Editor (8/23/2009)
[...] it's harder [...]


Yes, totally agree.

With every cycle of Moore's Law the easy things get easier and the hard things get harder.

It's our job (isn't it?) to ensure that spreadsheetitis stays confined to the easy things, thus ensuring there's no secessio plebis in the face of lack of access to the perceived -real- data, and the answers that are coming from the restored data after catastrophic failure of the SAN, or should that be cloud, are the same as prior to the failure.

Oooh, cloud failure, there's a consulting industry that's totally not for the faint-hearted.

So we can carry on cutting ourselves intermittently on the sharp edge of technology and the CxO's can carry on depending on the integrity of our data.

Ensuring that we use sound encryption techniques, and don't get caught up in trivia that fundamentally can't undermine those techniques, is just where our industry is hovering at present. Pax Romana or Pandora's Box, depending on your gestalt. Unless you happen to be working in quantum cryptography techniques of course, in which case we lesser mortals are totally at your mercy.


Peter Edmunds ex-Geek
Post #775773
Posted Monday, August 24, 2009 1:13 AM
Grasshopper

GrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopper

Group: General Forum Members
Last Login: Friday, June 15, 2012 3:48 AM
Points: 17, Visits: 63
If you want your systems to be PCI - DSS compliant (Payment Card Industry Data Security Standard, which is the standard the credit card firms pretty much insist you comply with in an e-Commerce environment these days) and / or Data Protection Act compliant (which is the law in the UK) then you HAVE to encrypt all personal and financial data of members of the public.

Not only that, but to comply with the PCI - DSS you also have to split the key at the top of the key chain and ensure that no single person in the organisation has sight of the complete key. You also have to restrict the number of people in the organisation that have enough rights on the database to decrypt data with the keys in the chain to the absolute bare minimum (usually the DBA with the system admin role, who may not know the key but who will always have rights to open and execute it). All this palaver is intended to minimise the most likley risk of the data going for a walk...: an inside job.

I know all this thanks to the pain of having to pass a PCI - DSS audit for a previous job. The encryption was easy enough (in SQL 2005 and beyond anyway), but the key management was a PITA...

Incidentally - there's an article on this site somewhere about encryption key management in SQL 2005 which I remember being a big help when I was jumping through all these hoops...
Post #775812
Posted Monday, August 24, 2009 7:03 AM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: 2 days ago @ 9:58 AM
Points: 13,872, Visits: 9,600
Some data is better lost than left unsecured. Most isn't. There's always a balancing act between security and usability.

On the school locker thing, I actually got to the end of my senior year, and I could remember that I'd left a book in my locker, but I couldn't remember which locker it was, much less what combination I'd set on it. I hadn't opened the thing in months, so that makes some sense.


- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread

"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
Post #775958
Posted Monday, August 24, 2009 8:02 AM
Hall of Fame

Hall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of Fame

Group: General Forum Members
Last Login: Thursday, November 13, 2014 2:52 PM
Points: 3,428, Visits: 14,451
You can, simply encrypt them differently. I'm just extremely paranoid on principle, so I use different media. If your encryption techniques are sound, then it doesn't really matter that a potential threat knows that the first file on the archive tape is the private key for the archive, unless you believe the rumours about AES being subporned by the NSA, but that still leaves blowfish, twofish, threefish, etc., etc., etcfish.. Or multiple encryption with different algorithms. Now that could fry someone's brain pretty quickly. Caper sauce anyone?


I am for encryption but just privacy related data and not whole database encryption, on the .NET platform Blowfish code is usually provided by product vendors because there is no native definition like Rijndael or Elliptic curve.

I like Elliptic curve encryption because even mathematicians don't understand elliptic curve math because of the complexity which means with proper management implemented most data can be protected from employers hiring the unskilled (VA employee), theft by both insiders and outsiders like laptop at the airport. When data is stolen or computer is stolen only a few people are skilled to access the data and the skilled will not aid thieves or the disgruntled employees.

I think encryption is good but only as needed, I also think website like MSN or Facebook that asks for personal data should be required to encrypt the labels because Ebay and Amazon usually ask for much less information for the base user and both sells to the public.


Kind regards,
Gift Peddie
Post #776001
Posted Monday, August 24, 2009 8:28 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Yesterday @ 5:38 PM
Points: 31,368, Visits: 15,834
wldhrs (8/23/2009)

Basically agree with that, but are your day job's backup processes the same now as they were, say, a year ago? I'd be quite surprised if they were identical.

Actually they are. I've seen the same process for years in a few places. The backup hardware might change every 2-3 years, but the process is the same.

You can, simply encrypt them differently.

Perhaps. I'll have to think on this. Perhaps I'm worrying too much about them being together.







Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #776029
« Prev Topic | Next Topic »

Add to briefcase 12»»

Permissions Expand / Collapse