Database_Security_Flashcards_More
What is encryption?
Encryption is a security method where information is encoded so that only authorized parties can access it. It transforms readable data (plaintext) into an unreadable format (ciphertext) using an encryption algorithm and a key.
Why is encryption important?
- Data Security
- Privacy Compliance
- Trust
- Data Integrity
What are the types of data that require encryption?
- Personal Identifiable Information (PII)
- Financial Information
- Confidential Business Information
What is symmetric encryption?
Symmetric encryption uses a single key for both encryption and decryption. It is efficient and suitable for encrypting large volumes of data, such as database files or backups.
What is asymmetric encryption?
Asymmetric encryption employs a pair of keys: a public key for encryption and a private key for decryption. It is more secure but also more computationally intensive.
What are common algorithms for symmetric encryption?
- Advanced Encryption Standard (AES)
- Triple Data Encryption Standard (3DES)
- Blowfish
What are common algorithms for asymmetric encryption?
- RSA (Rivest-Shamir-Adleman)
- Elliptic Curve Cryptography (ECC)
- Digital Signature Algorithm (DSA)
What is encryption at rest?
Encryption at rest protects data stored within the database or on disk. Techniques include Transparent Data Encryption (TDE) and file-system level encryption.
What is encryption in transit?
Encryption in transit secures data as it moves between the database and applications or between servers. Implemented through protocols like TLS and SSL.
What is the difference between application-level and database-level encryption?
Application-Level: The application encrypts data before sending it to the database, providing fine-grained control.
Database-Level: The database system manages encryption, offering a straightforward implementation but less flexibility.
What are best practices for secure data retrieval in encrypted databases?
- Implement Role-Based Access Control (RBAC)
- Use Secure Transmission Protocols
- Conduct Regular Audits and Monitoring
- Use Dedicated Encryption Key Management Solutions
- Employ Data Masking Techniques
What is the pgcrypto extension in PostgreSQL?
The pgcrypto extension provides cryptographic functionality, supporting symmetric encryption (PGP_SYM, AES) and secure password storage through hashing.
What is the purpose of hashing in password storage?
Hashing is a one-way process used for verifying the integrity of data. It ensures that passwords cannot be reversed or decrypted back to their original form.
What is the difference between hashing and encryption?
Hashing is a one-way process for data integrity verification.
Encryption is a two-way process for data protection, allowing data to be made unreadable and then returned to its original form using a key.
Why is the Blowfish algorithm recommended for password hashing in PostgreSQL?
Blowfish is favoured for its balance of security and performance, allowing the adjustment of its cost factor to remain robust against increasing computational power.
