Encrypted Storage
Classification Key
: Core Security, Information Disclosure
Problem
Firewalls provide protection of data stored in a server by limiting access to it. However, data can still be accessed by hackers. The extreme option to protect data in server is not to store any sensitive information at all in server. This is infeasible, because the server needs to keep state. Since firewalls do not provide security at data level, there is need of some additional security in this level.
How can server data be protected from unauthorized access ?
Solution
Encrypt critical data before storing them in the server. Decrypt data in memory before they are used by the server. Use a single key for encrypting all the data and periodically alter it if possible. This involves decrypting all data stored with previous key and re-encrypting it with the new key. If this leads to an availability problem, use a large encryption key that is difficult to compromise.
Known Uses
UNIX password file hashes the password and stores the hashed form.
Source
Kienzle et. al. Repository
Tags
Client Server, Confidentiality
|