Security 101
Weak Passwords = Vulnerable
Solution is simple –
put policies in place
3. Security
デモ(2)
パスワードバリデーションがあり、利用すべきではない推測しやすいパスワード(企業名等)を辞書登録しておくことでよりセキュアにすることが可能。
■ 軽くデモをする。
1) 辞書ファイルを表示
cat /usr/local/mysql/data/prohibit_dictionary.txt
2) アカウントを作成してみる
NG: GRANT ALL PRIVILEGES ON *.* TO sec_user@localhost IDENTIFIED BY 'validate_Password.so.01A';
OK: GRANT ALL PRIVILEGES ON *.* TO sec_user@localhost IDENTIFIED BY 'validate_Bassword.so.01A';
Policy Tests Performed
0 or LOW Length
1 or MEDIUM Length; numeric, lowercase/uppercase, and special characters
2 or STRONG Length; numeric, lowercase/uppercase, and special characters; dictionary file
インストール
admin@192.168.56.201 [mysql]> install plugin validate_password soname 'validate_password.so';
Query OK, 0 rows affected (0.07 sec)
admin@192.168.56.201 [mysql]> select plugin_name,plugin_status from information_schema.plugins
-> where plugin_type like 'validate%';
+-------------------+---------------+
| plugin_name | plugin_status |
+-------------------+---------------+
| validate_password | ACTIVE |
+-------------------+---------------+
1 row in set (0.00 sec)
admin@192.168.56.201 [mysql]>
以下、オプションファイル
plugin-load=validate_password.so
validate-password=FORCE_PLUS_PERMANENT
validate_password_policy=2
validate_password_dictionary_file=/usr/local/mysql/data/band_dictionary.txt
Encryption provides access control and data protection
Minimize - Less is More
Users to minimal rights, Least Attack surfaces
MEE includes the following Security and Data Protection features:
MySQL Enterprise Backup
MySQL Enterprise Backup reduces the risk of data loss by delivering online "Hot" backups of your databases. It supports full, incremental and partial backups, Point-in-Time Recovery and backup compression.
MySQL Enterprise Authentication
MySQL Enterprise Security provides ready to use external authentication modules to easily integrate MySQL with existing security infrastructures including PAM and Windows Active Directory. MySQL users can be authenticated using Pluggable Authentication Modules ("PAM") or native Windows OS services.
MySQL Enterprise Encryption
MySQL Enterprise Encryption provides encryption, key generation, digital signatures and other cryptographic features to help organizations protect confidential data and comply with regulatory requirements.
MySQL Enterprise Firewall
MySQL Enterprise Firewall guards against cyber security threats by providing real-time protection against database specific attacks, such as an SQL Injection. MySQL Enterprise Firewall monitors for database threats, automatically creates a whitelist of approved SQL statements and blocks unauthorized database activity.
MySQL Enterprise Audit
MySQL Enterprise Audit enables you to quickly and seamlessly add policy-based auditing compliance to new and existing applications. You can dynamically enable user level activity logging, implement activity-based policies, manage audit log files and integrate MySQL auditing with Oracle and third-party solutions.
This provides you with an overview of the MySQL Enterprise Edition security features and you can find out a lot more details on mysql.com with white papers and on-demand webinars specifically focused on MySQL security.