On Mon, Aug 22, 2011 at 10:34 AM, Condor <condor@stz-bg.com> wrote:
> I did not worry about hackers attack, I worrying how to secure data
> if I physical loss hard drives or server. Let's just imagine that you have
> a server and you store on it important data like credit cards, bank acc,
> password, clients names, addresses, social numbers, phone numbers and
> some think like that ... very important information. When front end is
> secured Im worry if I loss hard drives or server. I think if some one
> buy so expensive server is not necessary some one with gun to watching it.
The best solution typically is to see how much of the stuff like
credit card numbers you can avoid storing. Absence of the target is
in fact the best way to keep the target secure.
If yo must store credit card data, then the PCI-DSS requires that
these be stored encrypted with proper key management controls in
place. The key management controls are the hard part. Throwing
together something that's PCI-DSS-compliant on the surface looks easy.
Doing it right is surprisingly hard. On top of this you have to
think about the fact that key management can become a significant
issue. When you change keys, think about the level of work that
requires on the part of the database server to decrypt stuff with the
old key and encrypt it all with the new key....
Best Wishes,
Chris Travers
