Fourth layer – data layer

Let's assume that due to some vulnerability, an attacker has made his way inside the servers and has full control of the database server. To his surprise, he finds that all critical data, such as passwords, are hashed with a salt and the cardholder data is encrypted.

Thus, even though he gets hold of the data, it is not very useful to him.

The tools and techniques that are part of this layer are AES, LUKS, KMS for encryption, SHA256 for hashing, and random salt values to prevent rainbow table attacks.