Description

The first thing you have to determine is which data is sensitive enough to require encryption. For example, passwords, account names, student records, health records, and personal information should be encrypted anywhere it is stored long term.

Examples

Scenario #1

An application encrypts SSNs in a database to prevent exposure to end users. However, the database is set to automatically decrypt queries against the credit card columns, allowing an SQL injection flaw to retrieve all the credit cards in cleartext. The system should have been configured to allow only back end applications to decrypt them, not the front end web application.

Scenario #2

An Application uses basic authentication and resides on a multi-user system. The password file is stored outside the web root so that it cannot be dowloaded via the web. However other users on the same machine can read your files via the UNIX shell if the file is not properly protected. Another account on the machine is hacked and your password file becomes exposed. Because basic authentication does not use true encryption it is trivial to decode the passwords.

Mitigation

For all data deemed sensitive or confidential ensure :

  1. It is encrypted everywhere it is stored long term, particularly in backups of this data.
  2. Only authorized users can access decrypted copies of the data (i.e., access control – See #4 and #8).
  3. A strong standard encryption algorithm is used.