Encryption, a buzzword, not a silver bullet
Encryption, buzzword, not a silver bullet for protecting data on your servers. In order to determine how encryption fits into server data protection, consider 4 encryption components on the server side: passwords, tables, partitions and inter-tier socket communications. In these 4 components of a application / database server encryption policy, note that some countermeasures are […]
Are passwords dead?
A recent article on CSO online ponders the question of whether or not passwords are dead – since they are not much of a security countermeasure anyhow (or so the article intimates). The article quotes a person who seems to believe that SQL injection attacks have to do with password security. Christopher Frenz, CTO at […]
Data at rest encryption
Two days in the same week to run into FCPA issues is strange. A prospect in Poland (ENEA) recently acquired Euro 6 million worth of disks from Hitachi and explained the purchase as a data loss prevention measure (Hitachi has data at rest encryption- i.e. the controller encrypts the data on the disk, which makes […]
When should you encrypt email?
A while back, a colleague asked me what is the best way to encrypt internal email. My first question to him was – what is the threat, who is the attacker and what is the asset you are protecting? Are you trying to encrypt business communications between employees and vendors/customers to protect from eavesdroppers or […]
