FAQ

Flow until applying

Database Encryption

Please click for the answers of frequently asked questions.

1. What is D'Amo?

Important data is protected by data Security and access control solution. Users permitted to access are subdivided and it is not necessary to make any change to current operating applications for the protection critical data. It is possible that the access control issues the authority to the database users, for the first time users it will issue according to their IP address, permitted time zoon, access solution, for the second time users, when access to database, as for the encryption column, it enciphers/decodes according to different database users, IP address, access applications to protect important data on PC. As for important encryption column, with the inspection function, different users and their actions on different PC is recorded, based on which it is possible to apply new policies and prohibit suspicious actions. In addition, it allows the selection of critical data for encryption, minimizes the performance decrement, even DB authorities have limited permi sion for data access. In conclusion, it is a special management tool for DB security to increase security level.

2. What are the benefits for adopting D'Amo?

Increase the credibility by safely protecting important information of client DB under the Act on the Protection of Personal Information. It constructs the foundation of personal information management, improve the image of the company and boost the profitability.

3. Which functions does D'Amo have?

・Manage important data in database through encryption
・Only verified users who have permission for log in can access to database
・Preservation of login details and reference
・Report the inspection documents (graph, report, etc.)

4. How does D'Amo protect my information?

It is an integrated DB security solution with encryption and access control, inspection, reporting functions. Firstly data is enciphered, and then access control protects data from unlawful access. Access control including two steps to strength data protection. For the first time access, it will recognize unlawful users and prohibits their access based on the policy (IP address, service name, time zoon) that has been preset in access control, for the second time log in, it applies the same policy (IP address, service name, time zoon) which only allows access to necessary cases. Inspection function is used to set, change, or delete the policies, it has detailed record for not only the access to log in policy but also the access to inspection column. According to this record, if the abnormal access tryout continues, it will be prohibited.

5. Why do I have to use D'Amo when I am already using DBMS_OBFUSCATION_TOOLKIT provided with Oracle?

To encipher data in DB is not a simple operation which enciphers only some specific data. There are a lot more to do when data is enciphered it has to keep the important data safely and at the same time not making change of reference application. This kind of undertaking is much more than simply using encryption toolkit and a lot of technical problems need to be solved.
D'Amo is a solution for organizations to solve the problems caused by insufficient labor, knowledge, time, and it enciphers data quickly and effectively. D'Amo strengthens oracle security through effective and solid data encryption.
D'Amo offers a GUI of user-friendly environment and database encryption becomes very simple. Contrast to D'Amo which enciphers all kinds of data, Oracle toolkit only enciphers raw/string/lob data.
Different from Oracle toolkit which only uses DES56bit and 3DES, D'Amo supports many kinds of standards domestically and internationally such as SEED, AES, DES, 3DES, etc.

6. What is the difference between the encryption function of D'Amo and that of Oracle 10g? (System Administration and its security policy Administration manage separately, isn't this similar with D'Amo?)

It is a fact that Oracle 10g supports Transparent Data Encryption (TDE). TDE supports data encryption and is able to process enciphered data using export/import function. However if it has the authority to select enciphered table, even if without the authority to decode data it can decode automatically. That is to say DB operation manager is able to confirm whether enciphered data is decoded at any time through select command. Hence it has a disadvantage that if the account and password of DBA is leaked (hacking, etc.) then important data is in danger. What is more it is not able to support the SEED algorithm that is widely used in Korean government and financial industry. It takes another 20,000 dollars to purchase CPU for this function apart from Oracle. If uses D'Amo, in order to access to enciphered data, it is possible that not only the select authority for table is needed but also by control by issuing other authorities, only users with acknowledged account can access data. Therefore even if for users with DBA authority, it is still necessary to get anther authority through security manager to access data. It is possible for an integrated DB operation management by using GUL that emphasis on creating convenience for additional users, D'Amo supports effective DB management by separating the management and security functions.

7. Will it influence other existing program if operates system with D'Amo installed?

Even if data is enciphered by D'Amo, the file name and column name which stores program will not change, the data base is accessed as normal.

8. What do we have to prepare for the construction of D'Amo?

Please consider D'Amo as the last protection for important data of the company. It is necessary to distinguish which data need to be enciphered and which do not and make plan according to this. It is also recommended to decide which encryption algorithm is used at this stage.

9. Why it is necessary to encipher data? Is it possible to keep data secure by access control?

It is not necessary to encipher data. Log in access control is also possible. Other than acknowledged program, time and IP address, access to data base is not permitted by access control. In this way, data can normally be protected safely. However by applying encryption and access control, it will enhance data security significantly.

10. How is access control applied to enciphered column?

As for enciphered column, according to DB user, access program name and access IP address, access to database is permitted. Only acknowledged program and IP address have the permission, database is safely protected.

11. How about the users with no authority for decoding of the enciphered column?

Database manager is able to show the result with many different methods through D'Amo for users with no decoding authority. When return to the DBS error, or link to a specific character, （eg. ######), if it needs to return to the original enciphered value then other setting is possible.

12. Can encryption also be applied as for column that apply index?

Of course it will apply. Database security manager is able to encipher with index support function provided with D'Amo. Of course it is also able to encipher trigger. PK/FK, Materialized View, Default column etc.

13. Will the enciphered data affect the database performance?

If all the data in database were enciphered, then it would cause performance down. To avoid this, it is recommended to only encipher critical data.

14. Is there a problem to back up enciphered data?

No problem at all. To recover all the objects that contain enciphered data from backup, it will return back to the status before D'Amo is set. However if backup by table using other script it is necessary to backup with the changed file name.

15. Is it possible to minimize the danger of data leakage when DBA password is lost?

It is very likely for company to suffer great loss if DB super manager's password is used by a third party for unlawful access. By D'Amo, even DBA is not able to access to enciphered column without access authority, therefore it is possible to minimize the danger of data leakage.

16. Does D'Amo have data recovery function?

In case the loss of encryption key for data encryption, when setting the security policy (encryption key, encryption mode, etc) that is preserved in database, backup in Console finishes automatically. Therefore data damage cause by the loss of single encryption key is decreased.

Reference Material Request for D'Amo, Contact Us

Remote Backup Youjinbow
DB Encryption Security D'Amo
- About D'Amo
- Process
- Merits
- Introductory Examples
- FAQ
- PDF Download
- Application
Web Application Firewall WAPPLES
- The Security Countermeasure of Web Application
File Security FSS
- IC Card Security
Data Recovery Service
- About Data Recovery Service
- The process of Data Recovery
ASP Model Internet VPN
- NSW-Biz VPN
Partner
- Product Partners