Sensitive Data

Access to Sensitive Data in Storage

You must secure sensitive data in storage to prevent a user malicious or otherwise from gaining access to and reading the data.

Countermeasures to protect sensitive data in storage include:

• Use restricted ACLs on the persistent data stores that contain sensitive data.

• Store encrypted data.

• Use identity and role-based authorization to ensure that only the user or users with the appropriate level of authority are allowed access to sensitive data. Use role-based security to differentiate between users who can view data and users who can modify data.

Network Eavesdropping

The HTTP data for Web application travels across networks in plaintext and is subject to network eavesdropping attacks, where an attacker uses network monitoring software to capture and potentially modify sensitive data.

Countermeasures to prevent network eavesdropping and to provide privacy include:

• Encrypt the data.

• Use an encrypted communication channel, for example, SSL.

Data Tampering

Data tampering refers to the unauthorized modification of data, often as it is passed over the network.

One countermeasure to prevent data tampering is to protect sensitive data passed across the network with tamper-resistant protocols such as hashed message authentication codes (HMACs).

An HMAC provides message integrity in the following way:

1. The sender uses a shared secret key to create a hash based on the message payload.

2. The sender transmits the hash along with the message payload.

3. The receiver uses the shared key to recalculate the hash based on the received message payload. The receiver then compares the new hash value with the transmitted hash value. If they are the same, the message cannot have been tampered with.