Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Cryptography in the Database", Kevin Kenan

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Cryptography in the Database", Kevin Kenan
Date: Mon, 06 Feb 2006 08:18:47 -0800 
BKCRPDBS.RVW   20051111

"Cryptography in the Database", Kevin Kenan, 2006, 0-321-32073-5,
U$44.99/C$62.99
%A   Kevin Kenan www.KevinKenan.com
%C   P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario  M3C 2T8
%D   2006
%G   0-321-32073-5
%I   Addison-Wesley Publishing Co.
%O   U$44.99/C$62.99 416-447-5101 800-822-6339 bkexpress@aw.com
%O  http://www.amazon.com/exec/obidos/ASIN/0321320735/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0321320735/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0321320735/robsladesin03-20
%O   Audience a Tech 2 Writing 1 (see revfaq.htm for explanation)
%P   277 p.
%T   "Cryptography in the Database: the Last Line of Defense"

The preface states that the intended reader is the technical lead for
the protection of information in a database.  This person should be
well familiar with databases, and have a passing knowledge of
cryptography.

Part one deals with database security.  Chapter one states that
databases are important, and we should protect them.  A brief review
of database concepts (limited to relational databases) and a rather
longer, and quite complete, overview of cryptography, is in chapter
two.

Part two outlines a cryptographic infrastructure.  Chapter three
examines keys and key management.  Algorithms, and symmetric block
algorithm modes, are covered in chapter four.  More of key management
is addressed in chapter five.  Chapter six looks at the logical
(rather than programming) interfaces between encryption, decryption,
and the application.

Part three reviews the overall cryptographic project.  Chapter seven
discusses project management.  Ways of specifying security aspects of
the system are suggested in chapter eight, while nine examines design. 
Some general principles for secure implementation are listed in
chapter ten.  Various types of testing are reviewed in chapter eleven. 
Chapter twelve looks at the deployment, monitoring, and removal of an
application.

Part four contains sample Java code.  There is an explanation of the
code, and then a key vault, manifest, manager, engine, cryptographic
service provider, client, exception handling code, and a run of the
system in operation.

Rather than an actual text on the special needs of databases for
cryptography, this is more like a general review of cryptographic
concepts with some attention paid to examples that would deal with
certain database issues.  The material is sound enough, as far as it
goes.  But those who maintain large databases and wish to see
practical solutions for the problems they face may be disappointed.

copyright Robert M. Slade, 2005   BKCRPDBS.RVW   20051111


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca      slade@victoria.tc.ca      rslade@sun.soci.niu.edu
My son, beware ... of the making of books there is no end,
and much study is a weariness of the flesh.     - Ecclesiastes 12:12
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade


 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Cryptography in the Database", Kevin Kenan, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] REVIEW: "The Software Vulnerability Guide", Herbert H. Thompson/Scott G. Chase, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Date:  [CISSP-D] Whitepapers & Article ....In "Storage Security", victoria_mek
Previous by Thread:  [CISSP-D] REVIEW: "The Software Vulnerability Guide", Herbert H. Thompson/Scott G. Chase, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Thread:  [CISSP-D] Whitepapers & Article ....In "Storage Security", victoria_mek
Indexes:  [Date] [Thread] [Top] [All Lists]