Encryption in Databases
By: Mike Tibbits
In database architecture, one item consistently overlooked is security. We're not just talking a database login and password, but much deeper items such as Encryption at Rest, Encryption in Transit and simple port reassignment.
Encryption at Rest pertains to data "not moving", such as the database files themselves. This can be achieved either at the database engine level, and/or via encrypted disks. This will prevent someone from just copying the files off with out the proper key, signature, or encryption password to access them.
Encryption in Transit would pertain to data that is "moving", or being passed to and from the database via an application or website. The quickest way to achieve this is to insure you're using SSL to communicate from sender to receiver and vice versa. You can also setup handshake keys in most database engines that will increase the hash security during transit, providing an extra level of security.
Often overlooked is the reassignment of the port that the database communicates on from the standard port. This will often prevent DoS attacks and closes the door on basic hackers from getting access to your data.