Oracle Transparent Database Encryption is a method of rendering the whole database or its columns encrypted. If the key management is done properly, that is the keys are managed through an independent method, Oracle TDE can render databases with card information unreadable very easily in PCI DSS compliant method. See how.
Hashing is one of the methods to render credit card data unreadable. An introduction to hashing using SHA-1 is explained. MD5 is another common algorithm. However please note that MD5, and SHA-1 are considered weak hashing methods. SHA-256 is currently a safe hashing method. An animation on SHA-1
Symmetric Encryption work with common keys. However common keys themselves cannot be transported as they are very sensitive. Common keys have to be generated independently by sender and receiver. This is accomplished through key exchange. There are 2 methods to do a Key Exchange. DH(Deffie Hellman), and RSA. As per PCI DSS 1024 bits or more key lengths for DH or RSA is needed. Internet Encryption SSL uses both DH and/or RSA for Key Exchange, to agree on 128 or 256 bit common key (SSL 128 or SSL 256). DH is explained in this presentation. Also explained is AES again.
AES Algorithm is a PCI DSS preferred and permitted cryptographic symmetric key algorithm. 256 bits key length is preferred though 128 bits is acceptable. A beautiful visualization under the hood on how AES algorithm works.
DLP is one of the proposed approaches to handle card card security distribution. An introduction to DLP. It is not known as yet how effective is the method of DLP to restrict data distribution, as it introduces management loads that can be overhelming. An introduction, nonetheless.
The presenter makes a reference to mydlp, with a free community edition for usage, which should be tried to try the concept.
A layman introduction to Public and Private keys.
Hashing is one of the permitted methods under PCI DSS to render card data unreadable. This presentation explains the basics of Hashing. Permitted hashing algorithms change, so please keep an eye of PCI Security Standards Council for latest guidelines on hashing.
This video explains the basics of Redundant Array of Independent Disks. RAID is the most common method or organizing hard disks so that data redundancy, and data distribution can happen. An understanding of RAID is necessary to understand card data security issues.
There is a lot of confusion in the difference between Storage Area Network (SAN) and Network Attached Storage (NAS). This presentation helps to clear it up. The design decides how in PCI DSS card data gets transmitted, and stored. SAN produces encryption issues under PCI DSS, a topic to be tackled later.
An excellent use of tokenization to eliminate card data from customer communication.
In this video tennis balls are used to explain encryption without any jargons.
Twitter