Re: TDE

Chuck <chuckh1958_nospam_at_gmail.com> writes:

> I just read an oracle white paper on transparent data encryption in
> 10gR2. It states that decryption occurs at the SQL layer. Doesn't that
> mean that the data will be decrypted *before* it's transmitted over the
> network to a client? I would think that defeats part of the goal of
> encryption if it's not done at the client. Am I misunderstanding something?
>
> Quoted from the white paper...
>
> "TDE encrypts data before it's written to disk and decrypts data before
> it is returned to the application. The encryption and decryption process
> is performed at the SQL layer, completely transparent to applications
> and users."

I believe the idea here is to make things like backups more secure. Often, applications have lots of security, but the backup files or storage media used for the backups has very little. Essentially, this type of encryption just protects what might be thought of as the raw data.

Note that 10g also comes with dbms_crypto. this package provides facilities that are a bit closer to what you may consider to be encryption to protect data from prying eyes. However, please don't do what I saw a couple of months ago - heaps of effort put into encrypting lots of data using dbms_crypto routines, but the developers overlooked the fact that it is trivial to list the source code for a package (if not 'wrapped') and they left the encryption keys hard coded in the packages - a simple select and you have the source and therefore the key, which of course, totally defeats the whole encryption!

too often, I see various encryption techniques, whihc on the surface look good. However, just a little bit of inspection and all too often, you find the encrypton keys in plain sight. Persoanlly, I find this a worse situation that not having any encryption. Poorly implemented security has the nasty side effect of making everyone feel comfortable and secure and they all too often become even less vigilant than they would be if nno encryption was used. then of course ther eis the other nside of the coin - I also see people who are so paranoid, they encrypt and bury everything behind all sorts of barriers,creating a usability nightmare for everyone. Then you ask a very simple question - what is it your proecting, from whom are yo protecting it and what is its value. Frequently, you find that no credible threat has ben identified and the data has no intrinsic value to anyone other than the legitimate users - security needs to be based on needs and threat and not some vague absolute of rquiring NSA level security for everything.

and never forget, the most common source of data theft isn't from some anonymous net hacker - the most frequent cause of security breakdown is poor procedure, training and resourceing of staff. Most of the time, its due to erors/incompetance rather than malice, but when it is malice, its proably someone who has been legitimately given access rather than a clever evil anonymous genius.

Tim

-- 
tcross (at) rapttech dot com dot au