Best Practices for MySQL Encryption?

Question

I'm looking for guidance on encrypting fields (and/or tables if possible) for MySQL. I will settle for a decent tutorial but I'd really like specific tips on managing the transition from an unencrypted schema to one utilizing encrypted fields. Thanks!

Answer 1

Along with AES_ENCRYPT for the fields, if you are storing sensitive information, better enable SSL over the wire too. Also consider network separation (vlan) of the sensitive database machines and other standard security practices. Key storage is important (where is that shared aes key hanging out, surely not on the webserver(s)!) and consider the impact on indexes/queries since searching or joining table data will not be as simple as it once was.

Answer 2

There are (at least) two approaches actually. You can encrypt data stored in your tables (using EAS/DES functions for example http://dev.mysql.com/doc/refman/5.1/en/encryption-functions.html)

Or you can use encrypted hard disk partition to store your data folders (for example with TrueCrypt)

Answer 3

What's the value of encrypting the database at the field level? Is this what you really want, or will it be sufficient to encrypt at the OS or SAN level? Do you plan to roll-over the keys, or just keep the same encryption key for eternity? Will encryption break table indexes, references or field types? How will you share the encryption key across a database cluster?

I'm only raising these points because database encryption is usually something management wants, but no-one really can explain the value-add or how it will be implemented...

Answer 4

Think what you try to achieve with the encryption? There's no simple secure solution unfortunately.

Remember that the key you are using for encryption can be fetched from your code. So from hacker perspective, getting around that encryption is quite easy. You need to think your architecture and infra as well.

Answer 5

First of all, only data encryption is not the answer.

You should know and control "Who can access and accessed data".

Although you encrypt data itself, attacker can get the encrypted data. To prevent it, you should control the access privilege or authority. Also, you should know who accessed encrypted data. Because in these days, data can be stolen by not only external users, but also internal users.

You should encrypt data, control privilege and audit who accessed.

In those days, those three(3) technology have been developed in each way. Most companies have bought each solutions.

But for personal user, it is hard to buy it and build those environment itself. In addition, MySQL's Encryption Function doesn't provide those functions.

I would you like to review this link that provides those three(3) functions.

In my experience, it can provide certain security.(I'm CISO of SME.)