| 词条 | Transparent Data Encryption |
| 释义 |
Transparent Data Encryption (often abbreviated to TDE) is a technology employed by Microsoft, IBM and Oracle to encrypt database files. TDE offers encryption at file level. TDE solves the problem of protecting data at rest, encrypting databases both on the hard drive and consequently on backup media. It does not protect data in transit nor data in use. Enterprises typically employ TDE to solve compliance issues such as PCI DSS which require the protection of data at rest. Microsoft offers TDE as part of its Microsoft SQL Server 2008, 2008 R2, 2012, 2014 and 2016.[1] TDE is only supported on the Evaluation, Developer, Enterprise and Datacenter editions of Microsoft SQL Server. SQL TDE is supported by Hardware Security Modules from Thales e-Security, Townsend Security and SafeNet, Inc. IBM offers TDE as part of Db2 as of version 10.5 fixpack 5[2]. It is also supported in cloud versions of the product by default, Db2 on Cloud and Db2 Warehouse on Cloud. Oracle requires the Oracle Advanced Security option for Oracle 10g and 11g to enable TDE.{{cn|date=July 2016}} Oracle TDE addresses encryption requirements associated with public and private privacy and security mandates such as PCI and California SB 1386. Oracle Advanced Security TDE column encryption was introduced in Oracle Database 10g Release 2. Oracle Advanced Security TDE tablespace encryption and support for Hardware Security Modules (HSMs) were introduced with Oracle Database 11gR1. Keys for TDE can be stored in an HSM to manage keys across servers, protect keys with hardware, and introduce a separation of duties. The same key is used to encrypt columns in a table, regardless of the number of columns to be encrypted. These encryption keys are encrypted using the database server master key and are stored in a dictionary table in the database. Microsoft SQL Server TDESQL Server utilizes an encryption hierarchy that enables databases to be shared within a cluster or migrated to other instances without re-encrypting them. The hierarchy consists of a combination of symmetric and asymmetric ciphers:[3]
During database backups, compression occurs after encryption. Due to the fact that strongly encrypted data cannot be significantly compressed, backups of TDE encrypted databases require additional resources. To enable automatic booting, SQL Server stores the lowest level encryption keys in persistent storage (using the DPAPI store). This presents a potential security issue because the stored keys can be directly recovered from a live system or from backups and used to decrypt the databases.[4] See also
References1. ^{{Cite news|url=https://info.townsendsecurity.com/sql-server-tde-vs-cell-level-encryption-a-brief-comparison|title=SQL Server TDE vs CLE|date=|work=|access-date=2017-06-02|archive-url=|archive-date=|dead-url=|language=en}} 2. ^https://www.ibm.com/support/knowledgecenter/SSEPGG_10.5.0/com.ibm.db2.luw.wn.doc/doc/c0061179.html 3. ^[https://technet.microsoft.com/en-us/library/bb934049(v=sql.110).aspx "Transparent Data Encryption (TDE)"] Microsoft TechNet 4. ^Simon McAuliffe, "The Anatomy and (In)Security of Microsoft SQL Server Transparent Data Encryption (TDE)", 19-Mar-2016 External links
1 : Disk encryption |
| 随便看 |
|
开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。