Application Security, Inc. has announced, DbEncrypt for Microsoft SQL Server, a product to
protect selected information residing in a SQL database.
DbEncrypt for Microsoft SQL Server is for
the DBA who wants to protect data from intruders, whether they be outside
hackers or internal users.
Firewalls offer network security; however,
they can be bypassed by a determined hacker. Existing tools such as intrusion
detection systems (IDS), and firewalls do not secure the application layer
adequately, nor do they protect the database. An intruder, using a technique
such as SQL Injection can pass a request through a firewall and potentially
compromise a database.
Of major concern to DBAs is the fact that
hackers are becoming ever more successful in gaining administrative/root control
of computers containing sensitive information. Once a hacker obtains these
privileges, he has the same power as the system administrator. DbEncrypt
provides protection of the information within the database even from the DBA,
by requiring the user to be logged in and authenticated into DBEncrypt.
DbEncrypt for Microsoft SQL Server protects
data by incorporating encryption at the storage level, securing data as it
appears in columns. The software does not protect against attacks, however,
should an intruder succeed in bypassing database application firewalls and
other perimeter security, he will find encrypted data rather than
understandable data. In addition to protecting data from hackers, DbEncrypt
prevents accidental or unauthorized access by staff members with database
Encryption can be an intricate,
time-consuming process with a significant impact on performance. DbEncrypt
comes equipped with new features for facilitating easy installation and
encryption. Along with a point-and-click user interface for installing and
managing the encryption, DbEncrypt provides a variety of strong encryption
algorithms from which to choose. The use of industry standard algorithms
affords the assurance of being able to migrate or add software without
triggering database incompatibility issues. In addition, DbEncrypt allows the
user to be selective about what data to encrypt and provides an option to apply
appropriate algorithms, again minimizing impact to database performance.
- DbEncrypt provides a means
of encrypting database rows and columns.
- full access to a wide
variety of block and stream ciphers, public key algorithms, message
authentication codes, and one-way hash functions
- Create strong
authentication, encryption and data integrity with DbEncrypt's tools and
templates. DbEncrypt provides an interface to a group of both low-level
and high-level encryption functions. In addition, there is an interface to
generate secure random numbers, strong encryption keys and initialization
Full documentation is available on the
Application Security, Inc. website, along with a trial download.