5

Specifically part of my system stores encrypted information in a database. I wrote the code that actually does the encrypting/decrypting using an existing cipher.

How should I go about making sure that the system I designed is secure?

The only option I know of is hiring a security consultant or company to audit my security protocol. Any information concerning this option is appreciated, as well as other options.

D.W.
  • 98,420
  • 30
  • 267
  • 572
crawfish
  • 279
  • 1
  • 6
  • What OS are you using? You would need to isolate this the way that it runs e.g. separate machine and communicates in a properly filtered way, as well that the remote shell and exploit doesnt work and it has some firewall too. Actually I am looking for the same to be done in Ubuntu 12, were there is AppArmor for this. – Andrew Smith Jul 16 '12 at 21:28
  • Did you mean `web service` as in SOAP/REST or just a web application portal? – Majoris Jul 17 '12 at 01:08

3 Answers3

5

You can

  • have your code audited
  • have your design audited
  • perform blackbox checks against your web service

see: http://en.wikipedia.org/wiki/Security_testing

An audit should be performed by a person that was not involved in the creation of your service and infrastructure. That may be another team or department of your company – or some external consultancy.

And: use tested techniques & components in your design, which means: do not re-invent the wheel (c.f. http://en.wikipedia.org/wiki/Not_invented_here)

mdo
  • 326
  • 1
  • 6
3

Checking that you've used cryptography properly is a little tricky, and requires special expertise. I would not expect a typical black-box penetration test to be a very effective way of checking it, or a good use of your money. Instead, you probably want a security audit or security review, preferably by someone familiar with cryptography.

One of the best ways to reduce risk is to minimize the extent to which you are designing your own encryption method. In cryptographer parlance: don't roll your own crypto. For instance, you might encrypt the data using GPG (or something that encrypts to OpenPGP format).

See Lessons learned and misconceptions regarding encryption and cryptology for further suggestions. Don't forget to use authentication (e.g., use authenticated encryption, or encrypt-then-authenticate). Use good key management (e.g., generate a truly random crypto key; don't generate your crypto key from a passphrase).

Community
  • 1
D.W.
  • 98,420
  • 30
  • 267
  • 572
  • I've read that post a few times, even asked a question about PGP as a result: http://security.stackexchange.com/questions/17077/using-gpg-or-pgp-for-symmetric-database-encryption-decryption-in-c Basically I've determined that I am not able to use PGP or GPG and have to "roll my own crypto" (which is an awfully vague expression in my opinion). But having said that, I think a security audit seems to be my only option, so thanks for the confirmation – crawfish Jul 17 '12 at 18:55
2

Have a read of the option listed in my answer to 'What is the difference between a penetration test and a vulnerability assessment?'

All the steps listed in that answer are potentially relevant, depending on what you need to get out of them. Here are the categories, but for a full explanation visit the other question.

  • Discovery
  • Vulnerability Scan
  • Vulnerability Assessment
  • Security Assessment
  • Penetration Test
  • Security Audit
  • Security Review
Community
  • 1
Rory Alsop
  • 61,367
  • 12
  • 115
  • 320