• Like
Safety LAMP: data security & agile languages
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Safety LAMP: data security & agile languages

  • 1,244 views
Published

 

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,244
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
3
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Safety LAMPdata securityin the age of agile languages Josh Berkus PostgreSQL Experts, Inc. Enterprise LAMP 2009
  • 2. LAMP 1.0 (1998)LinuxApacheMySQLPerl,PHP,Python
  • 3. LAMP 1.1 (2002)LinuxApacheMiddlewarePostgreSQL
  • 4. LAMP 2.0 (2008)Linux,Solaris, BSDApache,Lighttpd, appserversMySQL,PostgreSQL, SQLite,CouchDB, Memcached,etc.Python,Ruby,PHP,Perl, Javascript
  • 5. LAMP 2.0 (2008)Linux,Solaris, BSDApache,Lighttpd, appserversMySQL,PostgreSQL, SQLite,CouchDB, Memcached,etc.Python,Ruby,PHP,Perl, Javascript
  • 6. Why should you care aboutdata security?
  • 7. “I dont need to know”“Our network security will takecare of it.”“I applied all the web server andPHP patches.”“Security belongs in theapplication layer.”“Database security slowsdevelopment.”“Nobody will hack my website. Werun Linux.”
  • 8. microsoft
  • 9. nokia
  • 10. government agencies
  • 11. the U.N.
  • 12. political parties
  • 13. The cost ofunsafe dataContacting 19,000 customers:$380,000Paying for credit reports for19,000 customers:$931,000Shipping stolen merchandise:$4,600,000Lost customer goodwill andreputation as an insecure &careless company:Priceless!
  • 14. Why is LAMP special?1. Agility LAMP platforms are designed for rapid development and deployment2. Constant Upgrades LAMP components are rapidly advancing3. Lightweight LAMP stacks are simple and have few layers
  • 15. Why is LAMP special?1. Agility rapidly deploy security holes2. Constant Upgrades new versions new exploits3. Lightweight few layers fast to hack
  • 16. How do you makeyour data safe?
  • 17. securityprinciples
  • 18. one:security != control
  • 19. control systems
  • 20. control systemscorrectly employedimproved security
  • 21. control systemsincorrectly employed reduced security
  • 22. two: securityis a process
  • 23. two: securityis a processnot a result
  • 24. security process 1.plan 2.design 3.develop 4.test 5.deploy 6.monitor 7.repeat
  • 25. perimeter-only security anti-DOS firewall open opendatabase webserver load- server balancer insecure secure
  • 26. perimeter-only security anti-DOS firewall open opendatabase webserver load- server balancer insecure secure
  • 27. perimeter-only security anti-DOS firewall open opendatabase webserver load- server balancer insecure secure
  • 28. multilayer security permissions tripwire anti-DOS abstraction updates firewall restricted restrictedaudit database webserver load- server balancer secure
  • 29. three:every component in your LAMP stackmust be secure
  • 30. four:how much security do you need?
  • 31. PerformanceDeployment Speed Cost Data Security
  • 32. five:have a threat modelWhat is your vulnerable data?(assets)Who wants this data? (threats)How will they get it? (attackvectors)What are the consequences oflost data? (costs)
  • 33. How do you makeyour data safe?
  • 34. your database engine can help permissions tripwire anti-DOS abstraction updates firewall restricted restrictedaudit database webserver router server secure
  • 35. attack vectors Primary attack vectors for data theft in LAMP:1.SQL injection2.direct connection3.application server compromise4.staff malfeasance/mistake5.physical access
  • 36. attack vectors Primary attack vectors for data theft in LAMP:1.SQL injection2.direct connection3.application server compromise4.staff malfeasance/mistake5.physical access
  • 37. database tools1.access control2.authentication3.drivers4.privileges5.data abstraction6.encryption7.data auditing8.advanced security frameworks
  • 38. access controlGoal: Use database access controllists to prevent connections fromanywhere but specified networks. database webserver server
  • 39. access controlNetwork Isolation: isolated network segment only appservers & admins can connect use firewall tools to restrict ports & networks
  • 40. access controlDatabase Access Control restrict which users can connect to which databases from which networksPostgreSQL pg_hba.conf, listen_addresses, pgbouncerMySQL users table, MySQL Proxy
  • 41. authenticationGoal: prevent privilege escalationthrough direct connections to thedatabase.psql -U postgres -hmasterserver -c update usersset password = haxx0rwhere login = administrator
  • 42. authentication methodsident: host OS responsible forsecurity good for: administrative tasks bad for: external users
  • 43. authentication methodshashed user/password good for: most things bad for: application server / network compromise
  • 44. authentication methodskrb5 / sspi / ldap: identitychecked against authenticationservers good for: network/application server compromises bad for: performance, troubleshooting, uptime
  • 45. driver toolsGoal: prevent SQL injectionprepared queries: $q = prepare(“SELECT * FROM profile WHERE user = ?”); execute($q, db_escape($this_user));
  • 46. driver toolsGoal: prevent SQL injectionswitches no multi-statement read-only connection
  • 47. database privilegesGoal: prevent authenticated low-level users from modifying oraccessing restricted data. SELECT FROM users; UPDATE users;
  • 48. database privileges Privileges Rule #1: your app should not be connectingas the database owner or superuser
  • 49. ROLEscreate some ROLEs (users and groups) public application_user db_admin application_admin superuser users admins dataentry readonlyclaudio felipe leo wei-chen guest
  • 50. privilegesbest way to restrict access tospecific dataSQL standardBoth MySQL & PostgreSQL support: database/schema, table, column
  • 51. privilegesPostgreSQL privileges: tables: SELECT, INSERT, UPDATE, DELETE, ALTER schema: USAGE, CREATE, ALTER function: EXECUTE, ALTER database: CONNECT, TEMP, CREATE, OWNER
  • 52. database abstractionGoal: prevent theft of sensitivedata by not allowing direct accessto base tablesschema admin schema member rights members settings profiles messages view user_names users login() change_pw()
  • 53. database abstractionviews a VIEW is a “stored query” with its own permissions limit access to specific rows or columnsstored procedures SECURITY DEFINER procedures allow controlled privilege escalation make sure to lock them down, though!
  • 54. encryptionGoal: prevent misuse of sensitivedata by anyone who has managed tocapture itthe only protection againstphysical possesionencrypt your backups!
  • 55. encryption1. encrypted authentication2. encrypted connections3. encryption of specific data4. whole database encryption
  • 56. the biggest problem with encryption ?
  • 57. What do you do ifthey get in anyway?sometimes your other measures fail exploits loopholes misconfigurationsometimes the bad guys havelegitimate access users staff sysadmins
  • 58. database auditingGoal: know what happened after ithappened, and be able to restoreyour data without searching backuptapes.
  • 59. auditing: logsdozens of log options users connections queries run errorsthe log can help you analyze abreak-in maybe even tell you what was stolen
  • 60. secure your logsbest way to find “DBA corruption” make sure that not even the admins can erase/alter all copies make sure few people can change postgresql.confuse a secured log server “syslog” is good for thismake a plan for secure logarchiving
  • 61. data auditingGoal: figure out exactly which datachanged, when and how, and be able toreverse it.Methods Triggers Replication Snapshots
  • 62. data auditingtable members.profiles member | interests josh | pottery, cookingtable audit_members.profiles member | interests | changed | change_by josh | gaming | 5/23/01 | claudio josh | pottery | 3/24/08 | felipe
  • 63. xtreme security: multilevel
  • 64. xtreme security: SE Postgres
  • 65. contactJosh Berkus josh.berkus@pgexperts.com it.toolbox.com/blogs/database-soupPostgreSQL www.postgresql.org SEPostgres: http://code.google.com/p/sepgsqlPostgreSQL Experts, Inc. www.pgexperts.com Thanks to KaiGai Kohei for SEPostgres diagrams, and to Harrison Fisk for MySQL examples. Thanks to Google Images for the various images, which belong to their original owners. Copyright 2009 Josh Berkus, distributable under the creative commons attribution license