EnclaveDB, The Proposition

July 10, 2018 by Marc Handelman in Database Security, DBMS Security, Information Security, Encryption, Enclaves, IACR

via Christian Priebe of Imperial College London, Manuel Costa and Kapil Vaswani both from Microsoft Research, comes a tour dé force of database security, ostensibly monikered EnclaveDB (published this past May 2018, in the Proceedings of the 39th IEEE Symposium on Security & Privacy, in co-operation with the International Association for Cryptologic Research). The interesting functionality descibed in the trio's paper - pursuant to a secure database (if there possibly could be such a thing) is not the security of data in-motion or at-rest, but the addition of encrypted in-memory data. More here...

AWS CloudFront Field Data Encryption, Protection for the Rest of Us →

December 15, 2017 by Marc Handelman in DBMS Security, Data-At-Rest, Data-In-Motion, Data Security, Information Security

Superlative AWS blog post by Alex Tomic and Cameron Worrell, detailing some of the best news yet in encryption capability on Amazon Web Services - table contained field level encrytion. With prudent end-to-end cryptographically protected data objects, I cannot emphasize how important it is to make this form of data-at-rest encryption available to your Security Architects, DBAs, Developers and Security Engineers as part of that end-to-end solution. Outstanding.

"Field-level encryption addresses this problem by ensuring sensitive data is encrypted at CloudFront edge locations. Sensitive data fields in HTTPS form POSTs are automatically encrypted with a user-provided public RSA key. After the data is encrypted, other systems in your architecture see only ciphertext. If this ciphertext unintentionally becomes externally available, the data is cryptographically protected and only designated systems with access to the private RSA key can decrypt the sensitive data." - AWS Blog Posting by Alex Tomic and Cameron Worrell

Macie the Discoverer →

August 21, 2017 by Marc Handelman in All is Information, Automation, DBMS Security, Database Security, Data Security, Data That Is Big, Data Loss Prevention, Data Driven Security, Information Security, Security Inventions, Security Architecture, Security Automation, Data Discovery

News that Macie The Discoverer has arrived in your S3 bucket... Data Security Automation - potentially - at it's finest? You be the judge.

NKOTBlockchain →

July 27, 2017 by Marc Handelman in Blockchain, Decentralization, DBMS Security, Database Security, Data Security, Data That Is Big, Information Security

Eh, wot? New Kids on the Blockchain? No - simply put, it's the proliferation of Blockhain technology (in this case distributed database schema) into industrial processes. via the UK's The Engineer, and writer Andrew Wade, comes the news of said blockhain spread. Today's MustRead!

DBMS Attacks Target CouchDB and Hadoop Deployments →

January 24, 2017 by Marc Handelman in All is Information, DBMS Security, Database Security, Data That Is Big, Data Security, Information Security

...and now - just when you thought it was safe to turn out the lights on your datacenter, and let all that Data That Is Big percolate up through your Enterprise, comes news of more vectored ransomware attacks targeting Hadoop and CouchDB instances. Today's Must Read, indeed.

Hat Tip

Fresh, from Bucharest...

January 12, 2017 by Marc Handelman in Believe It Or Not, All is Information, Data Security, Database Security, DBMS Security, Information Security

Via CIO Romania correspondent Lucian Constantin, comes bad news indeed, for MongoDB users, that is:

'Five groups of attackers are competing to delete as many publicly accessible MongoDB databases as possible' - via CIO reporter Lucian Constantin

My suggestion is to, um - perhaps...not expose your database layer to external contact... Perhaps a DENY ALL to rule for your MongoDB deployment in your firewall would be helpful as well... just saying. Oh, and very good advice from Lucian at the end of his reportage: Use the MongoDB security checklist. It is - I can assure you - prietenul tău!. I also strongly suggest taking the time to read the Security Hardening documention from MongoDB; you can also download an EPUB version of the MongoDB manual. You'll be glad you did. That is all.

Tip of the Tam o'Shanter

Center for Internet Security Publishes Oracle MySQL Benchmarks →

August 16, 2016 by Marc Handelman in All is Information, DBMS, DBMS Security, MySQL DBMS Security

The Center for Internet Security has published v.1.1.0 of the organization's' eponymous security benchmarks targeting Oracle Corporation's (NYSE: ORCL) MySQL Enterprise Edition 5.6 and MySQL Community Server 5.6 (both benchmark documents are at the same revision level - 1.1.0). Enjoy.

Finnigan's Take, New Oracle Security Presentations

December 28, 2015 by Marc Handelman in All is Information, Information Security, DBMS Security

Pete Finnigan, targeting Oracle Security on his site PeteFinnigan.com, in beautiful and Merry England, has released his latest tour de force of Oracle Security presentations: Oracle Security Design and Oracle Database Password Security. A little light reading as you contemplate where you have been with Oracle security configs this year, and where you need to be in 2016. Enjoy!

Litchfield's Oracle Data Redaction Is Broken →

April 10, 2015 by Marc Handelman in Oracle DBMS Security, DBMS Security, Information Security, Database Security, Data Security, All is Information

Download Davids' slides (PDF) here