HOME >> News

Database encryption is imminent, how companies choose data encryption software

With the rapid development of computer technology, the use of databases has become very extensive, deepening to various fields, but the ensuing data security problems. The security doubts of many data in databases of various application systems, theft prevention of sensitive data, and the prevention of tamper-resistance have increasingly led us to attach great importance to it. As an aggregation of information, the database system is the base component of the computer information system. Its security is of paramount importance, relating to the rise and fall of the company and national security. Therefore, how to effectively ensure the security of the database system and the confidentiality, integrity, and usefulness of the end data have become one of the most important topics for industry professionals to explore and discuss. This article makes a summary of security and anti-aggression skills.

In addition to relying on its own internal security mechanisms, the security of the database system is also closely related to the external network environment, the application environment, and the quality of employees. Therefore, in a broad sense, the security structure of the database system can be divided into three levels:

(1) Network system level;

(2) Host operating system hierarchy;

(3) database management system level.

These three levels constitute a security system for the database system. The liaison with data security is gradually rigorous. The primacy of preparedness is also strengthened step by step, ensuring data security from the outside to the inside and from the outside to the inside. The following discussion will be opened on a piece of "network system-level security skills."

Network level security skills

In a broad sense, the security of a database depends primarily on the network system. With the wide spread of the Internet, companies that have been added have shifted their bases to the Internet. Various types of databases based on the network have emerged as a whole, providing various information services to network users. It can be said that the network system is the external environment and the root of the database. The database system must show its robust effect without the support of the network system. Users of the database system (such as remote users and distributed users) must also visit the database after the network. data. The security of the network system is the first barrier to database security. External aggression begins with the invasion of the network system. Network aggression attempts to damage the integrity of the information system, confidentiality, or the accumulation of any network activity that can be trusted, with the following characteristics:

a) Without geographical and momentary constraints, aggression across borders is just as convenient as on-site;

b) Aggression through the Internet is generally thick and cloudy in many normal network activities.

c) Aggressive measures are more shady and cluttered.

The open systems of the computer network system face the following types: a) Masquerade; b) Replay; c) Modification of message; d) Deny of service. Service); e) Trapdoor; f) Trojan horse; g) invasion such as Tunneling Attack, use of software aggression, etc. These security measures are timeless and ubiquitous. Therefore, it is necessary to use useful methods to ensure the safety of the system.

From the viewpoint of skills, there are many kinds of security precautions at the network system level, which can be broadly divided into firewalls, aggression inspections, and cooperative aggression inspection skills.

(1) Firewall. The firewall is one of the most widely used defense skills. As the first line of defense of the system, its primary effect is to monitor the access channel between the trusted network and the non-trusted network. It can form a protective barrier between internal and external networks, blocking illegal visits from outside and obstructing internal information. Leaked, but it cannot block illegal operations from within the network. It determines according to the pre-set rules whether or not to block the flow of information, but it can not dynamically identify or adaptively adjust the rules, so its intelligence is very limited. There are three main firewall skills: packet filter, proxy, and stateful inspection. Modern firewall products typically use a mix of these skills.

(2) Inspection of aggression. The IDS-Intrusion Detection System (IDS) is an anti-preparation skill that has been opened over the years. It summarizes the selection of skills, rules, network communication skills, artificial intelligence, cryptography, reasoning, and other skills. Whether the network and the computer system appear to be a sign of aggression or misuse. In 1987, the idea of ​​checking aggression was first proposed by Derothy Denning. After being opened and improved constantly, as the standard solution for monitoring and recognizing aggression, IDS system has become the primary component of the safety protection system.

The parsing skills selected for the aggression check can be divided into three categories: signature, calculation, and data integrity analysis.

1 signature analysis. Primarily used to monitor aggression against the known shortcomings of the system. Let us summarize its signature from the aggression method and write it into the IDS system code. Signature analysis is actually a template matching operation.

2 computational analysis. Based on computational theory as the theoretical basis, and based on the action method observed under the normal application of the system, it is based on whether the difference in an action deviates from the normal trajectory.

3 data integrity analysis. Based on the theory of cryptography, it is possible to examine documents or whether the policies have been modified by others.

The types of IDS include network-based and host-based aggression monitoring systems, feature-based and abnormal aggression monitoring systems, and real-time and non-real-time aggression monitoring systems.

(3) Collaborative Aggression Monitoring Skills

The independent aggression monitoring system cannot make useful monitoring and repercussions on the various attacks that have taken place. In order to compensate for the lack of independent operations, we have proposed a collaborative aggression monitoring system. In the collaborative aggression monitoring system, according to a common standard, IDS actively monitors the exchange of information between the aggression monitoring components, and through the exchange of information, it has been usefully monitored for aggression and can be used in different network environments.


Copyright(C)2018, Zero Information Technology (Shanghai) Co., Ltd. All Rights Reserved. Supported by Toocle Copyright Notice 备案字号:沪ICP备18008633号