有人正在存储信用卡数据 - 他们是如何做的? [英] Somebody is storing credit card data - how are they doing it?
问题描述
安全合法地存储信用卡信息非常困难,不应尝试 。我没有存储信用卡数据的意图,但我很想知道以下内容:
我的信用卡信息正在存储在一些服务器上,在世界各地。这个数据(希望)不被存储在商家的服务器上,但是在某些时候,它需要被存储以验证和收取由商家提交的数据识别的帐户。我的问题是:如果您有任务存储信用卡数据,您将采用什么加密策略来保护磁盘上的数据?从我可以告诉提交的信用卡信息正在被或多或少的实时检查。我怀疑用于保护数据的任何加密密钥都是手动输入的,因此正在进行解密,这意味着密钥本身正在存储在磁盘上。如何在自动化系统中保护您的数据和密钥?
如果我正在存储号码,我会成为拥有大量数据库的巨大服务提供商。该数据库分布在由多个机柜组成的高度冗余的存储阵列中,在独立的房间中,或理想地在由SAN连接的单独的地理位置。我最大的内部威胁是分布式实体工厂,不断磨损的驱动器,以及技术人员,管理员和工程师的每日班次。这是一个巨大的威胁。
因此,我将对通过网络连接到大容量存储的物理隔离计算机上的数据进行加密。该软件将尽可能简单:加密和数字验证。公共接口和业务逻辑到别的地方。访问将被记录到单独的SAN中。
使用AES加密。原始AES密钥仅存储在RAM中。密钥包装在每个管理员的PGP文件中,他们有自己的密码来启用服务器。不太可信的人员可以给予部分密码以用于灾难恢复,或者密码可以存储在某个地方的保管库中。对于加密,为每个卡号选择唯一的初始化向量(IV),使用该IV对AES进行加密,并将IV和加密号存储到SAN中。仅使用特权客户端接口进行解密;用于购买的正常客户端连接可以永远不会获得解密。
Storing credit card information securely and legally is very difficult and should not be attempted. I have no intention of storing credit card data but I'm dying to figure out the following:
My credit card info is being stored on a server some where in the world. This data is (hopefully) not being stored on a merchant's server, but at some point it needs to be stored to verify and charge the account identified by merchant submitted data.
My question is this: if you were tasked with storing credit card data what encryption strategy would you use to secure the data on-disk? From what I can tell submitted credit card info is being checked more or less in real time. I doubt that any encryption key used to secure the data is being entered manually, so decryption is being done on the fly, which implies that the keys themselves are being stored on-disk. How would you secure your data and your keys in an automated system like this?
If I was storing the number, I would be a giant service provider with a massive database. That database is spread across a highly-redundant storage array consisting of multiple cabinets, in separate rooms or ideally in separate geographical locations, connected by a SAN. My biggest insider threat is the distributed physical plant, the constant stream of worn-out drives, and several daily shifts of technicians, administrators, and engineers. It's a huge threat.
Therefore I would encrypt the data on a physically-isolated computer that connects to the mass storage over a network. The software would be as simple as possible: encryption and number verification. The public interfaces and business logic goes elsewhere. Accesses would be logged to a separate SAN.
Encrypt with something like AES. The raw AES key is only ever stored in RAM. The key is wrapped in a PGP file for each administrator, who has their own passphrase to enable the server. Less-trusted personnel can be given partial passphrases to use in disaster recovery, or passphrases can be stored in a vault somewhere. For encryption, pick a unique initialization vector (IV) for each card number, AES-encrypt the number using that IV, and store the IV and encrypted number to the SAN. Decryption only occurs using a privileged client interface; normal client connections used for purchases can never get a decryption.
这篇关于有人正在存储信用卡数据 - 他们是如何做的?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
