Application Security, Inc. has announced, DbEncrypt for Microsoft SQL Server, a product to protect selected information residing in a SQL database.
DbEncrypt for Microsoft SQL Server is for the DBA who wants to protect data from intruders, whether they be outside hackers or internal users.
Firewalls offer network security; however, they can be bypassed by a determined hacker. Existing tools such as intrusion detection systems (IDS), and firewalls do not secure the application layer adequately, nor do they protect the database. An intruder, using a technique such as SQL Injection can pass a request through a firewall and potentially compromise a database.
Of major concern to DBAs is the fact that hackers are becoming ever more successful in gaining administrative/root control of computers containing sensitive information. Once a hacker obtains these privileges, he has the same power as the system administrator. DbEncrypt provides protection of the information within the database even from the DBA, by requiring the user to be logged in and authenticated into DBEncrypt.
DbEncrypt for Microsoft SQL Server protects data by incorporating encryption at the storage level, securing data as it appears in columns. The software does not protect against attacks, however, should an intruder succeed in bypassing database application firewalls and other perimeter security, he will find encrypted data rather than understandable data. In addition to protecting data from hackers, DbEncrypt prevents accidental or unauthorized access by staff members with database administrative privileges.
Encryption can be an intricate, time-consuming process with a significant impact on performance. DbEncrypt comes equipped with new features for facilitating easy installation and encryption. Along with a point-and-click user interface for installing and managing the encryption, DbEncrypt provides a variety of strong encryption algorithms from which to choose. The use of industry standard algorithms affords the assurance of being able to migrate or add software without triggering database incompatibility issues. In addition, DbEncrypt allows the user to be selective about what data to encrypt and provides an option to apply appropriate algorithms, again minimizing impact to database performance.
- DbEncrypt provides a means of encrypting database rows and columns.
- full access to a wide variety of block and stream ciphers, public key algorithms, message authentication codes, and one-way hash functions
- Create strong authentication, encryption and data integrity with DbEncrypt's tools and templates. DbEncrypt provides an interface to a group of both low-level and high-level encryption functions. In addition, there is an interface to generate secure random numbers, strong encryption keys and initialization vectors.
Full documentation is available on the Application Security, Inc. website, along with a trial download.