Database Network Encryption

In Lingnan University, all database servers and application servers are protected by network firewall which is the first line of defence of malicious attacks from accessing the University sensitive data and causing potential damage. Apart from the firewall appliances protection, which mainly safeguards the servers by blocking hackers from access the internal system, ITSC has further enhanced the data protection by encrypting the communication channel between the database server and application during data retrieval.

Figure 1 illustrates the data communication along the way from end users to the backend Database Server and Application Server. To increase data protection, the data transmission between the Database Server and Application Server is now encrypted to avoid the potential security risk from being tapped by the hackers.

Database Network Encryption (Before)

Figure 1. Data encryption is enabled between end user and backend servers, but it is disabled between backend servers themselves.

In April 2023, ITSC has tested the native network encryption in the Database server in order to encrypt data over the network between the communication channel of the client connections to the server. Figure 2 illustrates the holistic path between end users and backend servers which are all encrypted to protect the internal system from network sniffing with the implementation.

Database Network Encryption (After)

Figure 2. Data encryption is enabled in the holistic path after parameter configuration.