Oracle Transparent Database Encryption is a method of rendering the whole database or its columns encrypted. If the key management is done properly, that is the keys are managed through an independent method, Oracle TDE can render databases with card information unreadable very easily in PCI DSS compliant method. See how.
Category: PCI DSS Requirement 3 – Card Data storage and Cryptography
Symmetric Encryption work with common keys. However common keys themselves cannot be transported as they are very sensitive. Common keys have to be generated independently by sender and receiver. This is accomplished through key exchange. There are 2 methods to do a Key Exchange. DH(Deffie Hellman), and RSA. As per PCI DSS 1024 bits or more key lengths for DH or RSA is needed. Internet Encryption SSL uses both DH and/or RSA for Key Exchange, to agree on 128 or 256 bit common key (SSL 128 or SSL 256). DH is explained in this presentation. Also explained is AES again.
DLP is one of the proposed approaches to handle card card security distribution. An introduction to DLP. It is not known as yet how effective is the method of DLP to restrict data distribution, as it introduces management loads that can be overhelming. An introduction, nonetheless.
The presenter makes a reference to mydlp, with a free community edition for usage, which should be tried to try the concept.
There is a lot of confusion in the difference between Storage Area Network (SAN) and Network Attached Storage (NAS). This presentation helps to clear it up. The design decides how in PCI DSS card data gets transmitted, and stored. SAN produces encryption issues under PCI DSS, a topic to be tackled later.