SlideShare a Scribd company logo

MySQL Security

Ted Wennmark
Ted Wennmark

MySQL Security session at MySQL TT in Nordics

Technology
1 of 41
Download to read offline
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL TT: Security Ted Wennmark, MySQL SC and Cluster specialist, EMEA ted.wennmark@oracle.com
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 43% of companies have experienced a data breach in the past year. Source: Ponemon Institute, 2014 Oracle Confidential – Internal/Restricted/Highly Restricted 2
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | • Poor Configurations – Set limits and change default setting • Over Privileged Accounts – Privilege Policies •Weak Authentication – Use Strong Password • Weak Auditing – Compliance & Audit Policies • Lack of Encryption – Data, Back, & Network Encryption • Proper Credential/Key Management – Use mysql_config_editor , Key Vaults • Unsecured Backups – Encrypted Backups • No Monitoring – Security Monitoring, Users, Objects • Poorly Coded Applications – Database Firewall 3 Database Vulnerabilities
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Database Attacks • SQL Injection – Prevention: DB Firewall, White List, Input Validation • Buffer Overflow – Prevention: Frequently apply Database Software updates, DB Firewall, White List, Input Validation • Brute Force Attack – Prevention: lock out accounts after a defined number of incorrect attempts. • Network Eavesdropping – Prevention: Require SSL/TLS for all Connections and Transport • Malware – Prevention: Tight Access Controls, Limited Network IP access, Change default settings 4
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Regulatory Compliance • Regulations – PCI – DSS: Payment Card Data – HIPAA: Privacy of Health Data – Sarbanes Oxley: Accuracy of Financial Data – EU Data Protection Directive: Protection of Personal Data – Data Protection Act (UK): Protection of Personal Data • Requirements – Continuous Monitoring (Users, Schema, Backups, etc) – Data Protection (Encryption, Privilege Management, etc.) – Data Retention (Backups, User Activity, etc.) – Data Auditing (User activity, etc.) 5 https://www.mysql.com/why-mysql/white-papers/mysql-pci-data-security-compliance/
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | DBA Responsibilities • Ensure only users who should get access, can get access • Limit what users and applications can do • Limit from where users and applications can access data • Watch what is happening, and when it happened • Make sure to back things up securely • Minimize attack surface
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Block Threats Auditing Regulatory Compliance Login and Query Activities SSL/TLS Public Key Private Key Digital Signatures Privilege Management Administration Database & Objects Proxy Users MySQL Linux / LDAP Windows AD Custom Oracle Confidential – Internal 7 MySQL Security Overview AuthorizationAuthentication Firewall& Auditing Encryption Security
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Authorization • Administrative Privileges • Database Privileges • Session Limits and Object Privileges • Fine grained controls over user privileges – Creating, altering and deleting databases – Creating, altering and deleting tables – Execute INSERT, SELECT, UPDATE, DELETE queries – Create, execute, or delete stored procedures and with what rights – Create or delete indexes 8 Security Privilege Management in MySQL Workbench
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Privilege Management • user: user accounts, global privileges columns • db: database-level privileges • tables_priv: Contains table-level privileges • columns_priv: Contains column-level privileges • procs_priv: Contains stored procedure and function privileges • proxies_priv: Contains proxy-user 9
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Authentication • Built in Authentication – user table stores users and encrypted passwords • GRANT READ ON *.* TO ted@<ip> REQUIRE X509 – Server authenticates client certificates and force user to use SSL • SHA-256 Password plugin – Default plug-in use SHA-1 for encrypting passwords. • MySQL Enterprise Authentication – Microsoft Active Directory – Linux PAMs (Pluggable Authentication Modules) • Support LDAP and more 10
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Password Policies • Accounts without Passwords – Assign passwords to all accounts to prevent unauthorized use • Password Validation Plugin – Enforce Strong Passwords • Password Expiration/Rotation – Require users to reset their password – New global parameter default_password_lifetime in 5.7 (default=360) – mysql.user -> password_lifetime column for per user settings (default NULL) • Account lockout (in v. 5.7) 11
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Encryption • SSL/TLS Encryption – Between MySQL clients and Server – Replication: Between Master & Slave – Per connection basis • Data Encryption – AES Encrypt/Decrypt 12 • MySQL Enterprise Encryption – Asymmetric Encrypt/Decrypt – Generate Public Key and Private Keys – Derive Session Keys – Digital Signatures • MySQL Enterprise Backup – Support for encrypted backups
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Database Auditing • Auditing for Security & Compliance – FIPS, HIPAA, PCI-DSS, SOX, DISA STIG, … • MySQL built-in logging infrastructure: – general log, error log • MySQL Enterprise Audit – Granularity made for auditing – Can be modified live – Contains additional details – Compatible with Oracle Audit Vault.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Database Firewall • SQL Injection: #1 Web Application Vulnerability – 77% of Web Sites had vulnerabilities – 1 in 8 critical vulnerabilities • MySQL Enterprise Firewall – Monitor database statements in real-time – Automatic White List “rules” generation for any application – Out of policy database transactions detected and blocked 14
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 15 MySQL Database Hardening User Management • Remove Extra Accounts • Grant Minimal Privileges • Audit users and privileges Configuration • Firewall • Auditing and Logging • Limit Network Access • Monitor changes Installation • Mysql_secure_installation • Keep MySQL up to date − MySQL Installer for Windows − Yum/Apt Repository Backups • Monitor Backups • Encrypt Backups Encryption • SSL/TLS for Secure Connections • Data Encryption (AES, RSA) Passwords • Strong Password Policy • Hashing, Expiration • Password Validation Plugin
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL 5.7 Linux Packages - Security Improvements • Test/Demo database has been removed – Now in separate packages (prod/dev) • Anonymous account creation is removed. • Creation of single root account – local host only • Default installation ensures encrypted communication by default – Automatic generation of SSL/RSA Certs/Keys • For EE : At server startup if options Certs/Keys were not set • For CE : Through new mysql_ssl_rsa_setup utility • Automatic detection of SSL Certs/Keys • Client attempts secure TLS connection by default 16 MySQL Installer for Windows includes various Security Setup and Hardening Steps
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Database Hardening: Installation • MySQL_Secure_Installation / MySQL Installer for Windows – Set a strong password for root account – Remove root accounts that are accessible from outside the local host – Remove anonymous-user accounts – Remove the test database • Which by default can be accessed by all users • Including Anonymous Users • Keep MySQL up to date – Repos – YUM/APT/SUSE – MySQL Installer for Windows 17
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Software Updates - Database and OS Maintenance • Maintaining security requires keeping Operating System and MySQL security patches up to date. – May require a restart (mysql or operating system) to take effect. • To enable seamless upgrades consider MySQL Replication – Allows for changes to be performed in a rolling fashion • Best practice to upgrade slaves first – MySQL 5.6 and above supports GTID-based replication • Provides for simple rolling upgrades • Follow OS vendor specific hardening Guidelines – For example • http://www.oracle.com/technetwork/articles/servers-storage-admin/tips-harden-oracle-linux-1695888.html 18
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Database Hardening: Configuration • Audit Activity – Use Enterprise Audit – Alt. Transiently enable Query Logging – Monitor and Inspect regularly • Disable or Limit Remote Access – If local “skip-networking” or bind- address=127.0.0.1 – If Remote access then limit hosts/IP • Change root username 19 • Disable unauthorized reading from local files – Disable LOAD DATA LOCAL INFILE • Run MySQL on non default port – More difficult to find database • Limit MySQL OS User • Use InnoDB • Enable SSL
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Database Hardening: Backups • Backups are Business Critical – Used to restore after attack – Migrate, move or clone server – Part of Audit Trail • Regularly Scheduled Backups • Monitor Backups • Encrypt Backups • Do not forget about Recovery plans 20
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Edition • MySQL Enterprise Authentication – External Authentication Modules • Microsoft AD, Linux PAMs • MySQL Enterprise Encryption – Public/Private Key Cryptography – Asymmetric Encryption – Digital Signatures, Data Validation • MySQL Enterprise Firewall – Query Monitoring, White List Matching, • MySQL Enterprise Audit – User Activity Auditing, Regulatory Compliance 21 • MySQL Enterprise Monitor – Changes in Database Configurations, Users Permissions, Database Schema, Passwords • MySQL Enterprise Backup – Securing Backups, AES 256 encryption
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Monitor • Enforce MySQL Security Best Practices – Identifies Vulnerabilties – Assesses current setup against security hardening policies • Monitoring & Alerting – User Monitoring – Password Monitoring – Schema Change Monitoring – Backup Monitoring • Configuration Management – Configuration Tuning Advice • Centralized User Management 22 "I definitely recommend the MySQL Enterprise Monitor to DBAs who don't have a ton of MySQL experience. It makes monitoring MySQL security, performance and availability very easy to understand and to act on.” Sandi Barr Sr. Software Engineer Schneider Electric
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Enterprise Manager for MySQL 23 Performance Security Availability • Availability monitoring • Performance monitoring • Configuration monitoring • All available metrics collected – Allowing for custom threshold based incident reports • MySQL auto-detection
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Firewall • Real Time Protection – Queries analyzed and matched against White List • Blocks SQL Injection Attacks – Positive Security Model • Block Suspicious Traffic – Out of Policy Transactions detected & blocked • Learns White List – Automated creation of approved list of SQL command patterns on a per user basis • Transparent – No changes to application required 24 MySQL Enterprise Firewall monitoring
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Firewall • Block SQL Injection Attacks – Allow: SQL Statements that match Whitelist – Block: SQL statements that are not on Whitelist • Intrusion Detection System – Detect: SQL statements that are not on Whitelist • SQL Statements execute and alert administrators 25 Select *.* from employee where id=22 Select *.* from employee where id=22 or 1=1 Block✖ Allow✔ White List Applications Detect & Alert Intrusion Detection
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Firewall: Overview 26 Inbound SQL Traffic Web Applications SQL Injection Attack Via Brower ALLOW BLOCK DETECT 1 2 3 Instance MySQL Enterprise FirewallInternet
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 27 Receive SQL from client Digest into parser tokens Firewall Store SQL digest in Firewall whitelist Check user Firewall mode Detect or protect mode In whitelist? Execute SQL Send Firewall alert to error log Reject SQL Recording Yes Detect Protect Off MySQL Enterprise Firewall Workflow No Protect or Detect
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Firewall Details • Firewall operation is turned on at a per user level • Per User States are –RECORDING –PROTECTING –DETECTING –OFF 28
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 29 MySQL Enterprise Firewall: Per User Whitelists
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Firewall: What happens when SQL is blocked in Protect Mode? • The client application gets an ERROR mysql> SELECT first_name, last_name FROM customer WHERE customer_id = 1 OR TRUE; ERROR 1045 (28000): Statement was blocked by Firewall mysql> SHOW DATABASES; ERROR 1045 (28000): Statement was blocked by Firewall mysql> TRUNCATE TABLE mysql.user; ERROR 1045 (28000): Statement was blocked by Firewall • Reported to the Error Log • Increment Counter 30
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Firewall: Monitoring Firewall Status Counters 31
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Firewall: Whitelist Example • mysql> SELECT userhost, substr(rule,1,80) FROM mysql.firewall_whitelist WHERE userhost= 'wpuser@localhost'; +------------------+----------------------------------------------------------------------------------+ | userhost | substr(rule,1,80) | +------------------+----------------------------------------------------------------------------------+ | wpuser@localhost | SELECT * FROM `wp_posts` WHERE `ID` = ? LIMIT ? | | wpuser@localhost | SELECT `option_value` FROM `wp_options` WHERE `option_name` = ? LIMIT ? | | wpuser@localhost | SELECT `wp_posts` . * FROM `wp_posts` WHERE ? = ? AND `wp_posts` . `ID` = ? AND | ... | wpuser@localhost | UPDATE `wp_posts` SET `comment_count` = ? WHERE `ID` = ? | | wpuser@localhost | SELECT `t` . * , `tt` . * FROM `wp_terms` AS `t` INNER JOIN `wp_term_taxonomy` A | | wpuser@localhost | SELECT `t` . * , `tt` . * FROM `wp_terms` AS `t` INNER JOIN `wp_term_taxonomy` A | +------------------+----------------------------------------------------------------------------------+ 32
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Authentication 33 • Integrate with Centralized Authentication Infrastructure – Centralized Account Management – Password Policy Management – Groups & Roles • PAM (Pluggable Authentication Modules) – Standard interface (Unix, LDAP, Kerberos, others) – Windows • Access native Windows service - Use to Authenticate users using Windows Active Directory or to a native host Integrates MySQL with existing security infrastructures
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Authentication: PAM • Standard Interface – LDAP – Unix/Linux • Proxy Users 34
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Authentication: Windows •Windows Active Directory •Windows Native Services 35
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Encryption • MySQL encryption functions – Symmetric encryption AES256 (All Editions) – Public-key / asymmetric cryptography – RSA • Key management functions – Generate public and private keys – Key exchange methods: DH • Sign and verify data functions – Cryptographic hashing for digital signing, verification, & validation – RSA,DSA 36
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Audit • Out-of-the-box logging of connections, logins, and query • User defined policies for filtering, and log rotation • Dynamically enabled, disabled: no server restart • XML-based audit stream per Oracle Audit Vault spec 37 Adds regulatory compliance to MySQL applications (HIPAA, Sarbanes-Oxley, PCI, etc.)
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Audit 38 2. User Joe connects and runs a query 1. DBA enables Audit plugin 3. Joe’s connection & query logged
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Backup • Online Backup for InnoDB (scriptable interface) • Full, Incremental, Partial Backups (with compression) • Strong Encryption (AES 256) • Point in Time, Full, Partial Recovery options • Metadata on status, progress, history • Scales – High Performance/Unlimited Database Size • Windows, Linux, Unix • Certified with Oracle Secure Backup, NetBackup, Tivoli, others 39
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Audit Vault and Database Firewall • Oracle DB Firewall – Oracle, MySQL, SQL Server, IBM DB2, Sybase – Activity Monitoring & Logging – White List, Black List, Exception List • Audit Vault – Built-in Compliance Reports – External storage for audit archive 40
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Thank You

Recommended

Mysql security 5.7
Mysql security 5.7 Mysql security 5.7
Mysql security 5.7 Mark Swarbrick
 
MySQL Router REST API
MySQL Router REST APIMySQL Router REST API
MySQL Router REST APIFrederic Descamps
 
Oracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cOracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cNabeel Yoosuf
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
Deploying Privileged Access Workstations (PAWs)
Deploying Privileged Access Workstations (PAWs)Deploying Privileged Access Workstations (PAWs)
Deploying Privileged Access Workstations (PAWs)Blue Teamer
 
MySQL Advanced Administrator 2021 - 네오클로바
MySQL Advanced Administrator 2021 - 네오클로바MySQL Advanced Administrator 2021 - 네오클로바
MySQL Advanced Administrator 2021 - 네오클로바NeoClova
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on itWSO2
 
MySQL InnoDB Cluster - New Features in 8.0 Releases - Best Practices
MySQL InnoDB Cluster - New Features in 8.0 Releases - Best PracticesMySQL InnoDB Cluster - New Features in 8.0 Releases - Best Practices
MySQL InnoDB Cluster - New Features in 8.0 Releases - Best PracticesKenny Gryp
 

Recommended

Mysql security 5.7
Mysql security 5.7 Mysql security 5.7
Mysql security 5.7 Mark Swarbrick
 
MySQL Router REST API
MySQL Router REST APIMySQL Router REST API
MySQL Router REST APIFrederic Descamps
 
Oracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cOracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cNabeel Yoosuf
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
Deploying Privileged Access Workstations (PAWs)
Deploying Privileged Access Workstations (PAWs)Deploying Privileged Access Workstations (PAWs)
Deploying Privileged Access Workstations (PAWs)Blue Teamer
 
MySQL Advanced Administrator 2021 - 네오클로바
MySQL Advanced Administrator 2021 - 네오클로바MySQL Advanced Administrator 2021 - 네오클로바
MySQL Advanced Administrator 2021 - 네오클로바NeoClova
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on itWSO2
 
MySQL InnoDB Cluster - New Features in 8.0 Releases - Best Practices
MySQL InnoDB Cluster - New Features in 8.0 Releases - Best PracticesMySQL InnoDB Cluster - New Features in 8.0 Releases - Best Practices
MySQL InnoDB Cluster - New Features in 8.0 Releases - Best PracticesKenny Gryp
 
Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling EverythingAnne Oikarinen
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Frameworkn|u - The Open Security Community
 
Peeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API SecurityPeeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API SecurityMatt Tesauro
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
5. Identity and Access Management
5. Identity and Access Management5. Identity and Access Management
5. Identity and Access ManagementSam Bowne
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Introducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database FirewallIntroducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database FirewallTroy Kitch
 
Cloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarCloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarJoseph Holbrook, Chief Learning Officer (CLO)
 
Oracle Architecture
Oracle ArchitectureOracle Architecture
Oracle ArchitectureNeeraj Singh
 
Extreme Replication - Performance Tuning Oracle GoldenGate
Extreme Replication - Performance Tuning Oracle GoldenGateExtreme Replication - Performance Tuning Oracle GoldenGate
Extreme Replication - Performance Tuning Oracle GoldenGateBobby Curtis
 
Oracle Key Vault Overview
Oracle Key Vault OverviewOracle Key Vault Overview
Oracle Key Vault OverviewTroy Kitch
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...
Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...
Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...Quest
 
Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Hossam .M Hamed
 
MySQL 8 High Availability with InnoDB Clusters
MySQL 8 High Availability with InnoDB ClustersMySQL 8 High Availability with InnoDB Clusters
MySQL 8 High Availability with InnoDB ClustersMiguel Araújo
 
The Unintended Risks of Trusting Active Directory
The Unintended Risks of Trusting Active DirectoryThe Unintended Risks of Trusting Active Directory
The Unintended Risks of Trusting Active DirectoryWill Schroeder
 
Application Security
Application SecurityApplication Security
Application SecurityReggie Niccolo Santos
 
Oracle RAC features on Exadata
Oracle RAC features on ExadataOracle RAC features on Exadata
Oracle RAC features on ExadataAnil Nair
 
MySQL InnoDB Cluster - Advanced Configuration & Operations
MySQL InnoDB Cluster - Advanced Configuration & OperationsMySQL InnoDB Cluster - Advanced Configuration & Operations
MySQL InnoDB Cluster - Advanced Configuration & OperationsFrederic Descamps
 
Wazuh Security Platform
Wazuh Security PlatformWazuh Security Platform
Wazuh Security PlatformPituphong Yavirach
 
MySQL Tech Tour 2015 - 5.7 Security
MySQL Tech Tour 2015 - 5.7 SecurityMySQL Tech Tour 2015 - 5.7 Security
MySQL Tech Tour 2015 - 5.7 SecurityMark Swarbrick
 
MySQL Security
MySQL SecurityMySQL Security
MySQL SecurityMario Beck
 

More Related Content

What's hot

Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling EverythingAnne Oikarinen
 
Peeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API SecurityPeeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API SecurityMatt Tesauro
 
5. Identity and Access Management
5. Identity and Access Management5. Identity and Access Management
5. Identity and Access ManagementSam Bowne
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Introducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database FirewallIntroducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database FirewallTroy Kitch
 
Oracle Architecture
Oracle ArchitectureOracle Architecture
Oracle ArchitectureNeeraj Singh
 
Extreme Replication - Performance Tuning Oracle GoldenGate
Extreme Replication - Performance Tuning Oracle GoldenGateExtreme Replication - Performance Tuning Oracle GoldenGate
Extreme Replication - Performance Tuning Oracle GoldenGateBobby Curtis
 
Oracle Key Vault Overview
Oracle Key Vault OverviewOracle Key Vault Overview
Oracle Key Vault OverviewTroy Kitch
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...
Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...
Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...Quest
 
Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Hossam .M Hamed
 
MySQL 8 High Availability with InnoDB Clusters
MySQL 8 High Availability with InnoDB ClustersMySQL 8 High Availability with InnoDB Clusters
MySQL 8 High Availability with InnoDB ClustersMiguel Araújo
 
The Unintended Risks of Trusting Active Directory
The Unintended Risks of Trusting Active DirectoryThe Unintended Risks of Trusting Active Directory
The Unintended Risks of Trusting Active DirectoryWill Schroeder
 
Oracle RAC features on Exadata
Oracle RAC features on ExadataOracle RAC features on Exadata
Oracle RAC features on ExadataAnil Nair
 
MySQL InnoDB Cluster - Advanced Configuration & Operations
MySQL InnoDB Cluster - Advanced Configuration & OperationsMySQL InnoDB Cluster - Advanced Configuration & Operations
MySQL InnoDB Cluster - Advanced Configuration & OperationsFrederic Descamps
 

What's hot (20)

Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling Everything
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
Peeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API SecurityPeeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API Security
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
5. Identity and Access Management
5. Identity and Access Management5. Identity and Access Management
5. Identity and Access Management
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Introducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database FirewallIntroducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database Firewall
 
Cloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarCloud Security Fundamentals Webinar
Cloud Security Fundamentals Webinar
 
Oracle Architecture
Oracle ArchitectureOracle Architecture
Oracle Architecture
 
Extreme Replication - Performance Tuning Oracle GoldenGate
Extreme Replication - Performance Tuning Oracle GoldenGateExtreme Replication - Performance Tuning Oracle GoldenGate
Extreme Replication - Performance Tuning Oracle GoldenGate
 
Oracle Key Vault Overview
Oracle Key Vault OverviewOracle Key Vault Overview
Oracle Key Vault Overview
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 
Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...
Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...
Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...
 
Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop
 
MySQL 8 High Availability with InnoDB Clusters
MySQL 8 High Availability with InnoDB ClustersMySQL 8 High Availability with InnoDB Clusters
MySQL 8 High Availability with InnoDB Clusters
 
The Unintended Risks of Trusting Active Directory
The Unintended Risks of Trusting Active DirectoryThe Unintended Risks of Trusting Active Directory
The Unintended Risks of Trusting Active Directory
 
Application Security
Application SecurityApplication Security
Application Security
 
Oracle RAC features on Exadata
Oracle RAC features on ExadataOracle RAC features on Exadata
Oracle RAC features on Exadata
 
MySQL InnoDB Cluster - Advanced Configuration & Operations
MySQL InnoDB Cluster - Advanced Configuration & OperationsMySQL InnoDB Cluster - Advanced Configuration & Operations
MySQL InnoDB Cluster - Advanced Configuration & Operations
 
Wazuh Security Platform
Wazuh Security PlatformWazuh Security Platform
Wazuh Security Platform
 

Similar to MySQL Security

MySQL Tech Tour 2015 - 5.7 Security
MySQL Tech Tour 2015 - 5.7 SecurityMySQL Tech Tour 2015 - 5.7 Security
MySQL Tech Tour 2015 - 5.7 SecurityMark Swarbrick
 
MySQL Security
MySQL SecurityMySQL Security
MySQL SecurityMario Beck
 
MySQL for Oracle DBAs
MySQL for Oracle DBAsMySQL for Oracle DBAs
MySQL for Oracle DBAsMario Beck
 
Modern Data Security with MySQL
Modern Data Security with MySQLModern Data Security with MySQL
Modern Data Security with MySQLVittorio Cioe
 
2015: Whats New in MySQL 5.7, At Oracle Open World, November 3rd, 2015
2015: Whats New in MySQL 5.7, At Oracle Open World, November 3rd, 2015 2015: Whats New in MySQL 5.7, At Oracle Open World, November 3rd, 2015
2015: Whats New in MySQL 5.7, At Oracle Open World, November 3rd, 2015 Geir Høydalsvik
 
Mysql user-camp-march-11th-2016
Mysql user-camp-march-11th-2016Mysql user-camp-march-11th-2016
Mysql user-camp-march-11th-2016Harin Vadodaria
 
MySQL for Oracle DBAs
MySQL for Oracle DBAsMySQL for Oracle DBAs
MySQL for Oracle DBAsBen Krug
 
2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL ServerGeorgi Kodinov
 
MySQL Cloud Service Deep Dive
MySQL Cloud Service Deep DiveMySQL Cloud Service Deep Dive
MySQL Cloud Service Deep DiveMorgan Tocker
 
MySQL Day Paris 2016 - MySQL Enterprise Edition
MySQL Day Paris 2016 - MySQL Enterprise EditionMySQL Day Paris 2016 - MySQL Enterprise Edition
MySQL Day Paris 2016 - MySQL Enterprise EditionOlivier DASINI
 
BGOUG17: Cloudy with a chance of MySQL
BGOUG17: Cloudy with a chance of MySQLBGOUG17: Cloudy with a chance of MySQL
BGOUG17: Cloudy with a chance of MySQLGeorgi Kodinov
 
MySQL Enterprise Edition - Complete Guide (2019)
MySQL Enterprise Edition - Complete Guide (2019)MySQL Enterprise Edition - Complete Guide (2019)
MySQL Enterprise Edition - Complete Guide (2019)Keith Hollman
 
MySQL Enterprise Portfolio
MySQL Enterprise PortfolioMySQL Enterprise Portfolio
MySQL Enterprise PortfolioAbel Flórez
 
Kscope Not Your Father's Enterprise Manager
Kscope Not Your Father's Enterprise ManagerKscope Not Your Father's Enterprise Manager
Kscope Not Your Father's Enterprise ManagerKellyn Pot'Vin-Gorman
 
MySQL Manchester TT - Performance Tuning
MySQL Manchester TT - Performance TuningMySQL Manchester TT - Performance Tuning
MySQL Manchester TT - Performance TuningMark Swarbrick
 
Netherlands Tech Tour - 06 MySQL Enterprise Monitor
Netherlands Tech Tour - 06 MySQL Enterprise MonitorNetherlands Tech Tour - 06 MySQL Enterprise Monitor
Netherlands Tech Tour - 06 MySQL Enterprise MonitorMark Swarbrick
 
Oracle Enterprise Manager Security: A Practitioners Guide
Oracle Enterprise Manager Security: A Practitioners GuideOracle Enterprise Manager Security: A Practitioners Guide
Oracle Enterprise Manager Security: A Practitioners GuideCourtney Llamas
 
MySQL London Tech Tour March 2015 - Embedded Database of Choice
MySQL London Tech Tour March 2015 - Embedded Database of ChoiceMySQL London Tech Tour March 2015 - Embedded Database of Choice
MySQL London Tech Tour March 2015 - Embedded Database of ChoiceMark Swarbrick
 
MySQL enterprise edition
MySQL enterprise edition MySQL enterprise edition
MySQL enterprise edition Mark Swarbrick
 
1 my sql20151219-kaji_ivan
1 my sql20151219-kaji_ivan1 my sql20151219-kaji_ivan
1 my sql20151219-kaji_ivanIvan Tu
 

Similar to MySQL Security (20)

MySQL Tech Tour 2015 - 5.7 Security
MySQL Tech Tour 2015 - 5.7 SecurityMySQL Tech Tour 2015 - 5.7 Security
MySQL Tech Tour 2015 - 5.7 Security
 
MySQL Security
MySQL SecurityMySQL Security
MySQL Security
 
MySQL for Oracle DBAs
MySQL for Oracle DBAsMySQL for Oracle DBAs
MySQL for Oracle DBAs
 
Modern Data Security with MySQL
Modern Data Security with MySQLModern Data Security with MySQL
Modern Data Security with MySQL
 
2015: Whats New in MySQL 5.7, At Oracle Open World, November 3rd, 2015
2015: Whats New in MySQL 5.7, At Oracle Open World, November 3rd, 2015 2015: Whats New in MySQL 5.7, At Oracle Open World, November 3rd, 2015
2015: Whats New in MySQL 5.7, At Oracle Open World, November 3rd, 2015
 
Mysql user-camp-march-11th-2016
Mysql user-camp-march-11th-2016Mysql user-camp-march-11th-2016
Mysql user-camp-march-11th-2016
 
MySQL for Oracle DBAs
MySQL for Oracle DBAsMySQL for Oracle DBAs
MySQL for Oracle DBAs
 
2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server
 
MySQL Cloud Service Deep Dive
MySQL Cloud Service Deep DiveMySQL Cloud Service Deep Dive
MySQL Cloud Service Deep Dive
 
MySQL Day Paris 2016 - MySQL Enterprise Edition
MySQL Day Paris 2016 - MySQL Enterprise EditionMySQL Day Paris 2016 - MySQL Enterprise Edition
MySQL Day Paris 2016 - MySQL Enterprise Edition
 
BGOUG17: Cloudy with a chance of MySQL
BGOUG17: Cloudy with a chance of MySQLBGOUG17: Cloudy with a chance of MySQL
BGOUG17: Cloudy with a chance of MySQL
 
MySQL Enterprise Edition - Complete Guide (2019)
MySQL Enterprise Edition - Complete Guide (2019)MySQL Enterprise Edition - Complete Guide (2019)
MySQL Enterprise Edition - Complete Guide (2019)
 
MySQL Enterprise Portfolio
MySQL Enterprise PortfolioMySQL Enterprise Portfolio
MySQL Enterprise Portfolio
 
Kscope Not Your Father's Enterprise Manager
Kscope Not Your Father's Enterprise ManagerKscope Not Your Father's Enterprise Manager
Kscope Not Your Father's Enterprise Manager
 
MySQL Manchester TT - Performance Tuning
MySQL Manchester TT - Performance TuningMySQL Manchester TT - Performance Tuning
MySQL Manchester TT - Performance Tuning
 
Netherlands Tech Tour - 06 MySQL Enterprise Monitor
Netherlands Tech Tour - 06 MySQL Enterprise MonitorNetherlands Tech Tour - 06 MySQL Enterprise Monitor
Netherlands Tech Tour - 06 MySQL Enterprise Monitor
 
Oracle Enterprise Manager Security: A Practitioners Guide
Oracle Enterprise Manager Security: A Practitioners GuideOracle Enterprise Manager Security: A Practitioners Guide
Oracle Enterprise Manager Security: A Practitioners Guide
 
MySQL London Tech Tour March 2015 - Embedded Database of Choice
MySQL London Tech Tour March 2015 - Embedded Database of ChoiceMySQL London Tech Tour March 2015 - Embedded Database of Choice
MySQL London Tech Tour March 2015 - Embedded Database of Choice
 
MySQL enterprise edition
MySQL enterprise edition MySQL enterprise edition
MySQL enterprise edition
 
1 my sql20151219-kaji_ivan
1 my sql20151219-kaji_ivan1 my sql20151219-kaji_ivan
1 my sql20151219-kaji_ivan
 

More from Ted Wennmark

MySQL NDB Cluster 8.0
MySQL NDB Cluster 8.0MySQL NDB Cluster 8.0
MySQL NDB Cluster 8.0Ted Wennmark
 
Upgrade to MySQL 8.0!
Upgrade to MySQL 8.0!Upgrade to MySQL 8.0!
Upgrade to MySQL 8.0!Ted Wennmark
 
MySQL Performance - Best practices
MySQL Performance - Best practices MySQL Performance - Best practices
MySQL Performance - Best practices Ted Wennmark
 
01 upgrade to my sql8
01 upgrade to my sql8 01 upgrade to my sql8
01 upgrade to my sql8 Ted Wennmark
 
MySQL as a Document Store
MySQL as a Document StoreMySQL as a Document Store
MySQL as a Document StoreTed Wennmark
 
Upgrade to MySQL 5.7 and latest news planned for MySQL 8
Upgrade to MySQL 5.7 and latest news planned for MySQL 8Upgrade to MySQL 5.7 and latest news planned for MySQL 8
Upgrade to MySQL 5.7 and latest news planned for MySQL 8Ted Wennmark
 
MySQL Enterprise Backup apr 2016
MySQL Enterprise Backup apr 2016MySQL Enterprise Backup apr 2016
MySQL Enterprise Backup apr 2016Ted Wennmark
 
MySQL 5.7 Replication News
MySQL 5.7 Replication News MySQL 5.7 Replication News
MySQL 5.7 Replication News Ted Wennmark
 
MySQL 5.6, news in 5.7 and our HA options
MySQL 5.6, news in 5.7 and our HA optionsMySQL 5.6, news in 5.7 and our HA options
MySQL 5.6, news in 5.7 and our HA optionsTed Wennmark
 
Introduction to MySQL
Introduction to MySQLIntroduction to MySQL
Introduction to MySQLTed Wennmark
 
MySQL Fabric - High Availability & Automated Sharding for MySQL
MySQL Fabric - High Availability & Automated Sharding for MySQLMySQL Fabric - High Availability & Automated Sharding for MySQL
MySQL Fabric - High Availability & Automated Sharding for MySQLTed Wennmark
 
The MySQL Performance Schema & New SYS Schema
The MySQL Performance Schema & New SYS SchemaThe MySQL Performance Schema & New SYS Schema
The MySQL Performance Schema & New SYS SchemaTed Wennmark
 
MySQL Enterprise Monitor
MySQL Enterprise MonitorMySQL Enterprise Monitor
MySQL Enterprise MonitorTed Wennmark
 
What's new in my sql smug
What's new in my sql smugWhat's new in my sql smug
What's new in my sql smugTed Wennmark
 

More from Ted Wennmark (17)

MySQL NDB Cluster 8.0
MySQL NDB Cluster 8.0MySQL NDB Cluster 8.0
MySQL NDB Cluster 8.0
 
Upgrade to MySQL 8.0!
Upgrade to MySQL 8.0!Upgrade to MySQL 8.0!
Upgrade to MySQL 8.0!
 
MySQL Performance - Best practices
MySQL Performance - Best practices MySQL Performance - Best practices
MySQL Performance - Best practices
 
01 upgrade to my sql8
01 upgrade to my sql8 01 upgrade to my sql8
01 upgrade to my sql8
 
MySQL as a Document Store
MySQL as a Document StoreMySQL as a Document Store
MySQL as a Document Store
 
Upgrade to MySQL 5.7 and latest news planned for MySQL 8
Upgrade to MySQL 5.7 and latest news planned for MySQL 8Upgrade to MySQL 5.7 and latest news planned for MySQL 8
Upgrade to MySQL 5.7 and latest news planned for MySQL 8
 
MySQL HA
MySQL HAMySQL HA
MySQL HA
 
MySQL Enterprise Backup apr 2016
MySQL Enterprise Backup apr 2016MySQL Enterprise Backup apr 2016
MySQL Enterprise Backup apr 2016
 
MySQL 5.7 Replication News
MySQL 5.7 Replication News MySQL 5.7 Replication News
MySQL 5.7 Replication News
 
MySQL 5.6, news in 5.7 and our HA options
MySQL 5.6, news in 5.7 and our HA optionsMySQL 5.6, news in 5.7 and our HA options
MySQL 5.6, news in 5.7 and our HA options
 
Introduction to MySQL
Introduction to MySQLIntroduction to MySQL
Introduction to MySQL
 
MySQL Fabric - High Availability & Automated Sharding for MySQL
MySQL Fabric - High Availability & Automated Sharding for MySQLMySQL Fabric - High Availability & Automated Sharding for MySQL
MySQL Fabric - High Availability & Automated Sharding for MySQL
 
The MySQL Performance Schema & New SYS Schema
The MySQL Performance Schema & New SYS SchemaThe MySQL Performance Schema & New SYS Schema
The MySQL Performance Schema & New SYS Schema
 
MySQL Enterprise Monitor
MySQL Enterprise MonitorMySQL Enterprise Monitor
MySQL Enterprise Monitor
 
MySQL@king
MySQL@kingMySQL@king
MySQL@king
 
NoSQL and MySQL
NoSQL and MySQLNoSQL and MySQL
NoSQL and MySQL
 
What's new in my sql smug
What's new in my sql smugWhat's new in my sql smug
What's new in my sql smug
 

Recently uploaded

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 

Recently uploaded (20)

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 

MySQL Security

  • 1. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL TT: Security Ted Wennmark, MySQL SC and Cluster specialist, EMEA ted.wennmark@oracle.com
  • 2. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 43% of companies have experienced a data breach in the past year. Source: Ponemon Institute, 2014 Oracle Confidential – Internal/Restricted/Highly Restricted 2
  • 3. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | • Poor Configurations – Set limits and change default setting • Over Privileged Accounts – Privilege Policies •Weak Authentication – Use Strong Password • Weak Auditing – Compliance & Audit Policies • Lack of Encryption – Data, Back, & Network Encryption • Proper Credential/Key Management – Use mysql_config_editor , Key Vaults • Unsecured Backups – Encrypted Backups • No Monitoring – Security Monitoring, Users, Objects • Poorly Coded Applications – Database Firewall 3 Database Vulnerabilities
  • 4. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Database Attacks • SQL Injection – Prevention: DB Firewall, White List, Input Validation • Buffer Overflow – Prevention: Frequently apply Database Software updates, DB Firewall, White List, Input Validation • Brute Force Attack – Prevention: lock out accounts after a defined number of incorrect attempts. • Network Eavesdropping – Prevention: Require SSL/TLS for all Connections and Transport • Malware – Prevention: Tight Access Controls, Limited Network IP access, Change default settings 4
  • 5. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Regulatory Compliance • Regulations – PCI – DSS: Payment Card Data – HIPAA: Privacy of Health Data – Sarbanes Oxley: Accuracy of Financial Data – EU Data Protection Directive: Protection of Personal Data – Data Protection Act (UK): Protection of Personal Data • Requirements – Continuous Monitoring (Users, Schema, Backups, etc) – Data Protection (Encryption, Privilege Management, etc.) – Data Retention (Backups, User Activity, etc.) – Data Auditing (User activity, etc.) 5 https://www.mysql.com/why-mysql/white-papers/mysql-pci-data-security-compliance/
  • 6. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | DBA Responsibilities • Ensure only users who should get access, can get access • Limit what users and applications can do • Limit from where users and applications can access data • Watch what is happening, and when it happened • Make sure to back things up securely • Minimize attack surface
  • 7. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Block Threats Auditing Regulatory Compliance Login and Query Activities SSL/TLS Public Key Private Key Digital Signatures Privilege Management Administration Database & Objects Proxy Users MySQL Linux / LDAP Windows AD Custom Oracle Confidential – Internal 7 MySQL Security Overview AuthorizationAuthentication Firewall& Auditing Encryption Security
  • 8. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Authorization • Administrative Privileges • Database Privileges • Session Limits and Object Privileges • Fine grained controls over user privileges – Creating, altering and deleting databases – Creating, altering and deleting tables – Execute INSERT, SELECT, UPDATE, DELETE queries – Create, execute, or delete stored procedures and with what rights – Create or delete indexes 8 Security Privilege Management in MySQL Workbench
  • 9. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Privilege Management • user: user accounts, global privileges columns • db: database-level privileges • tables_priv: Contains table-level privileges • columns_priv: Contains column-level privileges • procs_priv: Contains stored procedure and function privileges • proxies_priv: Contains proxy-user 9
  • 10. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Authentication • Built in Authentication – user table stores users and encrypted passwords • GRANT READ ON *.* TO ted@<ip> REQUIRE X509 – Server authenticates client certificates and force user to use SSL • SHA-256 Password plugin – Default plug-in use SHA-1 for encrypting passwords. • MySQL Enterprise Authentication – Microsoft Active Directory – Linux PAMs (Pluggable Authentication Modules) • Support LDAP and more 10
  • 11. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Password Policies • Accounts without Passwords – Assign passwords to all accounts to prevent unauthorized use • Password Validation Plugin – Enforce Strong Passwords • Password Expiration/Rotation – Require users to reset their password – New global parameter default_password_lifetime in 5.7 (default=360) – mysql.user -> password_lifetime column for per user settings (default NULL) • Account lockout (in v. 5.7) 11
  • 12. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Encryption • SSL/TLS Encryption – Between MySQL clients and Server – Replication: Between Master & Slave – Per connection basis • Data Encryption – AES Encrypt/Decrypt 12 • MySQL Enterprise Encryption – Asymmetric Encrypt/Decrypt – Generate Public Key and Private Keys – Derive Session Keys – Digital Signatures • MySQL Enterprise Backup – Support for encrypted backups
  • 13. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Database Auditing • Auditing for Security & Compliance – FIPS, HIPAA, PCI-DSS, SOX, DISA STIG, … • MySQL built-in logging infrastructure: – general log, error log • MySQL Enterprise Audit – Granularity made for auditing – Can be modified live – Contains additional details – Compatible with Oracle Audit Vault.
  • 14. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Database Firewall • SQL Injection: #1 Web Application Vulnerability – 77% of Web Sites had vulnerabilities – 1 in 8 critical vulnerabilities • MySQL Enterprise Firewall – Monitor database statements in real-time – Automatic White List “rules” generation for any application – Out of policy database transactions detected and blocked 14
  • 15. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 15 MySQL Database Hardening User Management • Remove Extra Accounts • Grant Minimal Privileges • Audit users and privileges Configuration • Firewall • Auditing and Logging • Limit Network Access • Monitor changes Installation • Mysql_secure_installation • Keep MySQL up to date − MySQL Installer for Windows − Yum/Apt Repository Backups • Monitor Backups • Encrypt Backups Encryption • SSL/TLS for Secure Connections • Data Encryption (AES, RSA) Passwords • Strong Password Policy • Hashing, Expiration • Password Validation Plugin
  • 16. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL 5.7 Linux Packages - Security Improvements • Test/Demo database has been removed – Now in separate packages (prod/dev) • Anonymous account creation is removed. • Creation of single root account – local host only • Default installation ensures encrypted communication by default – Automatic generation of SSL/RSA Certs/Keys • For EE : At server startup if options Certs/Keys were not set • For CE : Through new mysql_ssl_rsa_setup utility • Automatic detection of SSL Certs/Keys • Client attempts secure TLS connection by default 16 MySQL Installer for Windows includes various Security Setup and Hardening Steps
  • 17. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Database Hardening: Installation • MySQL_Secure_Installation / MySQL Installer for Windows – Set a strong password for root account – Remove root accounts that are accessible from outside the local host – Remove anonymous-user accounts – Remove the test database • Which by default can be accessed by all users • Including Anonymous Users • Keep MySQL up to date – Repos – YUM/APT/SUSE – MySQL Installer for Windows 17
  • 18. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Software Updates - Database and OS Maintenance • Maintaining security requires keeping Operating System and MySQL security patches up to date. – May require a restart (mysql or operating system) to take effect. • To enable seamless upgrades consider MySQL Replication – Allows for changes to be performed in a rolling fashion • Best practice to upgrade slaves first – MySQL 5.6 and above supports GTID-based replication • Provides for simple rolling upgrades • Follow OS vendor specific hardening Guidelines – For example • http://www.oracle.com/technetwork/articles/servers-storage-admin/tips-harden-oracle-linux-1695888.html 18
  • 19. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Database Hardening: Configuration • Audit Activity – Use Enterprise Audit – Alt. Transiently enable Query Logging – Monitor and Inspect regularly • Disable or Limit Remote Access – If local “skip-networking” or bind- address=127.0.0.1 – If Remote access then limit hosts/IP • Change root username 19 • Disable unauthorized reading from local files – Disable LOAD DATA LOCAL INFILE • Run MySQL on non default port – More difficult to find database • Limit MySQL OS User • Use InnoDB • Enable SSL
  • 20. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Database Hardening: Backups • Backups are Business Critical – Used to restore after attack – Migrate, move or clone server – Part of Audit Trail • Regularly Scheduled Backups • Monitor Backups • Encrypt Backups • Do not forget about Recovery plans 20
  • 21. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Edition • MySQL Enterprise Authentication – External Authentication Modules • Microsoft AD, Linux PAMs • MySQL Enterprise Encryption – Public/Private Key Cryptography – Asymmetric Encryption – Digital Signatures, Data Validation • MySQL Enterprise Firewall – Query Monitoring, White List Matching, • MySQL Enterprise Audit – User Activity Auditing, Regulatory Compliance 21 • MySQL Enterprise Monitor – Changes in Database Configurations, Users Permissions, Database Schema, Passwords • MySQL Enterprise Backup – Securing Backups, AES 256 encryption
  • 22. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Monitor • Enforce MySQL Security Best Practices – Identifies Vulnerabilties – Assesses current setup against security hardening policies • Monitoring & Alerting – User Monitoring – Password Monitoring – Schema Change Monitoring – Backup Monitoring • Configuration Management – Configuration Tuning Advice • Centralized User Management 22 "I definitely recommend the MySQL Enterprise Monitor to DBAs who don't have a ton of MySQL experience. It makes monitoring MySQL security, performance and availability very easy to understand and to act on.” Sandi Barr Sr. Software Engineer Schneider Electric
  • 23. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Enterprise Manager for MySQL 23 Performance Security Availability • Availability monitoring • Performance monitoring • Configuration monitoring • All available metrics collected – Allowing for custom threshold based incident reports • MySQL auto-detection
  • 24. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Firewall • Real Time Protection – Queries analyzed and matched against White List • Blocks SQL Injection Attacks – Positive Security Model • Block Suspicious Traffic – Out of Policy Transactions detected & blocked • Learns White List – Automated creation of approved list of SQL command patterns on a per user basis • Transparent – No changes to application required 24 MySQL Enterprise Firewall monitoring
  • 25. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Firewall • Block SQL Injection Attacks – Allow: SQL Statements that match Whitelist – Block: SQL statements that are not on Whitelist • Intrusion Detection System – Detect: SQL statements that are not on Whitelist • SQL Statements execute and alert administrators 25 Select *.* from employee where id=22 Select *.* from employee where id=22 or 1=1 Block✖ Allow✔ White List Applications Detect & Alert Intrusion Detection
  • 26. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Firewall: Overview 26 Inbound SQL Traffic Web Applications SQL Injection Attack Via Brower ALLOW BLOCK DETECT 1 2 3 Instance MySQL Enterprise FirewallInternet
  • 27. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 27 Receive SQL from client Digest into parser tokens Firewall Store SQL digest in Firewall whitelist Check user Firewall mode Detect or protect mode In whitelist? Execute SQL Send Firewall alert to error log Reject SQL Recording Yes Detect Protect Off MySQL Enterprise Firewall Workflow No Protect or Detect
  • 28. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Firewall Details • Firewall operation is turned on at a per user level • Per User States are –RECORDING –PROTECTING –DETECTING –OFF 28
  • 29. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 29 MySQL Enterprise Firewall: Per User Whitelists
  • 30. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Firewall: What happens when SQL is blocked in Protect Mode? • The client application gets an ERROR mysql> SELECT first_name, last_name FROM customer WHERE customer_id = 1 OR TRUE; ERROR 1045 (28000): Statement was blocked by Firewall mysql> SHOW DATABASES; ERROR 1045 (28000): Statement was blocked by Firewall mysql> TRUNCATE TABLE mysql.user; ERROR 1045 (28000): Statement was blocked by Firewall • Reported to the Error Log • Increment Counter 30
  • 31. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Firewall: Monitoring Firewall Status Counters 31
  • 32. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Firewall: Whitelist Example • mysql> SELECT userhost, substr(rule,1,80) FROM mysql.firewall_whitelist WHERE userhost= 'wpuser@localhost'; +------------------+----------------------------------------------------------------------------------+ | userhost | substr(rule,1,80) | +------------------+----------------------------------------------------------------------------------+ | wpuser@localhost | SELECT * FROM `wp_posts` WHERE `ID` = ? LIMIT ? | | wpuser@localhost | SELECT `option_value` FROM `wp_options` WHERE `option_name` = ? LIMIT ? | | wpuser@localhost | SELECT `wp_posts` . * FROM `wp_posts` WHERE ? = ? AND `wp_posts` . `ID` = ? AND | ... | wpuser@localhost | UPDATE `wp_posts` SET `comment_count` = ? WHERE `ID` = ? | | wpuser@localhost | SELECT `t` . * , `tt` . * FROM `wp_terms` AS `t` INNER JOIN `wp_term_taxonomy` A | | wpuser@localhost | SELECT `t` . * , `tt` . * FROM `wp_terms` AS `t` INNER JOIN `wp_term_taxonomy` A | +------------------+----------------------------------------------------------------------------------+ 32
  • 33. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Authentication 33 • Integrate with Centralized Authentication Infrastructure – Centralized Account Management – Password Policy Management – Groups & Roles • PAM (Pluggable Authentication Modules) – Standard interface (Unix, LDAP, Kerberos, others) – Windows • Access native Windows service - Use to Authenticate users using Windows Active Directory or to a native host Integrates MySQL with existing security infrastructures
  • 34. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Authentication: PAM • Standard Interface – LDAP – Unix/Linux • Proxy Users 34
  • 35. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Authentication: Windows •Windows Active Directory •Windows Native Services 35
  • 36. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Encryption • MySQL encryption functions – Symmetric encryption AES256 (All Editions) – Public-key / asymmetric cryptography – RSA • Key management functions – Generate public and private keys – Key exchange methods: DH • Sign and verify data functions – Cryptographic hashing for digital signing, verification, & validation – RSA,DSA 36
  • 37. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Audit • Out-of-the-box logging of connections, logins, and query • User defined policies for filtering, and log rotation • Dynamically enabled, disabled: no server restart • XML-based audit stream per Oracle Audit Vault spec 37 Adds regulatory compliance to MySQL applications (HIPAA, Sarbanes-Oxley, PCI, etc.)
  • 38. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Audit 38 2. User Joe connects and runs a query 1. DBA enables Audit plugin 3. Joe’s connection & query logged
  • 39. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Backup • Online Backup for InnoDB (scriptable interface) • Full, Incremental, Partial Backups (with compression) • Strong Encryption (AES 256) • Point in Time, Full, Partial Recovery options • Metadata on status, progress, history • Scales – High Performance/Unlimited Database Size • Windows, Linux, Unix • Certified with Oracle Secure Backup, NetBackup, Tivoli, others 39
  • 40. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Audit Vault and Database Firewall • Oracle DB Firewall – Oracle, MySQL, SQL Server, IBM DB2, Sybase – Activity Monitoring & Logging – White List, Black List, Exception List • Audit Vault – Built-in Compliance Reports – External storage for audit archive 40
  • 41. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Thank You