SlideShare a Scribd company logo

Decrease Your MySQL Attack Surface

Download as PPTX, PDF
Georgi Kodinov
Georgi Kodinov

Security is not a question of "if" but "when". People will hit at your server(s). A smaller attack surface means they'll be more likely to miss too. And inflict less damage in general. Let's find out some easy steps we can take to decrease MySQL's attack surface in a typical web setup

Technology
1 of 26
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Decrease Your MySQL Attack Surface Georgi “Joro” Kodinov Team Lead MySQL Server General Team
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 2
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 3 Goal: Make You Think About Security !
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Agenda 4  What is “Attack Surface” ?  Why is it important to minimize it ?  Ways to decrease the attack surface  Further reading
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | What is “Attack Surface” ? 5
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. “The attack surface of a software environment is the sum of the different points where an unauthorized user can try to enter data to or extract data from an environment.” – Wikipedia 6
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. What is “Attack Surface” ? • It’s a property of the whole environment – database, web server, application, network • Covers entering AND extracting data – Data are precious commodity • Is exploited by unauthorized users – That includes not-sufficiently-authorized too ! 7 Takeaway Points
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Why is it Important to Minimize the Attack Surface ? 8
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 9 It is FRIGHTENINGLY EASY to find and exploit weaknesses !
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Even Safer Harbor Statement ! • This information is for demonstration only • It does not necessarily correspond to any actual live sites • You should use this information only to assess the defenses of your own installations • Never use the techniques displayed for any unauthorized access ! • Be very careful and double-check all tools you get from 3d parties before using them ! 10
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. • 22165 wide open MySQL servers available on the Net • Root passwords where applicable • Most are probably vulnerable to manipulating the underlying OS too • Some of these are pretty recent finds too • All of that on a free, open web site 11 Finding You on the Net
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. • All it needs to start is login access • Can work its way in through SQL injection too • Can automatically test password hashes against dictionary tables • Can retrieve OS files through the database • Can store the password hashes for later offline cracking • Can inject UDF shared objects into the database • “wizard” mode for “novice users” • Free and open source tool 12 And Going On Is Just As Easy …
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 13 All that from using web search for few hours !
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 14 Imagine the outcome if I was a professional !
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 15 … or even up to no good !
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Dolphins can kill sharks when working together ! 16
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Ways to Decrease the Attack Surface 17
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Always Be Up-to-date ! • It’s a race ! • 10 CVE reports addressed in the latest 5.6 MySQL Critical Patch Upgrade • Oracle provides a yum/apt repository – http://dev.mysql.com/downloads/repo/ 18 Ways to decrease the attack surface
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Remove the stuff you don’t need • Run mysql_secure_installation. Now ! • Review and restrict the network interfaces that the server listens on • Generate SSL keys and make sure the server can “talk” SSL • Remove extra user accounts and privileges • Remove unneeded files and packages 19 Ways to decrease the attack surface
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Have a Backup Plan • Schedule regular backups • Backup data, logs, and configuration • If your data are important, make backups of backups • Perform regular emergency drills 20 Ways to decrease the attack surface
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Be Vigilant: Monitor, Audit, Log, Observe • Consider enabling query logging. Create a log backup policy. • Audit the server configuration for changes. Revert the bogus ones • Monitor your server logs. Set alerts for “unusual” patterns. • Monitor security related stats. Set alerts for “unusual” patterns. • Regularly probe your “defenses” by trying bad things on purpose • Consider using Enterprise Audit 21 Ways to decrease the attack surface
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Take Control of Your User Accounts • Set passwords complexity standards • Rotate your passwords • Pick the right authentication method for your accounts • Audit changes to user account security • Avoid storing passwords in your scripts • Consider using Enterprise Authentication 22 Ways to decrease the attack surface
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Useful Parameters Parameter Recommended Value secure_file_priv Designated directory symbolic_links Boolean NO default-storage-engine InnoDB general-log Boolean ON log-raw Default : OFF skip-networking ON, if you can afford it. SSL options Set to valid values
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Useful Parameters Parameter Recommended Value plugin-dir Designated read-only directory chroot Designated directory, if you can afford it core-file OFF des-key-file File with DES keys read_only ON for slaves ! sha256_password RSA key RSA public private keys if can’t use SSL tmpdir Designated directory out of secure-file-priv
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Questions and Answers 25
Decrease Your MySQL Attack Surface

Recommended

2016 oSC MySQL Firewall
2016 oSC MySQL Firewall2016 oSC MySQL Firewall
2016 oSC MySQL FirewallGeorgi Kodinov
 
Fosdem17 honeypot your database server
Fosdem17 honeypot your database serverFosdem17 honeypot your database server
Fosdem17 honeypot your database serverGeorgi Kodinov
 
OUGLS 2016: How profiling works in MySQL
OUGLS 2016: How profiling works in MySQLOUGLS 2016: How profiling works in MySQL
OUGLS 2016: How profiling works in MySQLGeorgi Kodinov
 
The MySQL SYS Schema
The MySQL SYS SchemaThe MySQL SYS Schema
The MySQL SYS SchemaMark Leith
 
MySQL sys schema deep dive
MySQL sys schema deep diveMySQL sys schema deep dive
MySQL sys schema deep diveMark Leith
 
Install oracle siebel on windows 2008 r2
Install oracle siebel on windows 2008 r2Install oracle siebel on windows 2008 r2
Install oracle siebel on windows 2008 r2Osama Mustafa
 
Oracle Enterprise manager 13c Installation
Oracle Enterprise manager 13c InstallationOracle Enterprise manager 13c Installation
Oracle Enterprise manager 13c InstallationOsama Mustafa
 
Hardening Apache Web Server by Aswin
Hardening Apache Web Server by AswinHardening Apache Web Server by Aswin
Hardening Apache Web Server by AswinAgate Studio
 

Recommended

2016 oSC MySQL Firewall
2016 oSC MySQL Firewall2016 oSC MySQL Firewall
2016 oSC MySQL FirewallGeorgi Kodinov
 
Fosdem17 honeypot your database server
Fosdem17 honeypot your database serverFosdem17 honeypot your database server
Fosdem17 honeypot your database serverGeorgi Kodinov
 
OUGLS 2016: How profiling works in MySQL
OUGLS 2016: How profiling works in MySQLOUGLS 2016: How profiling works in MySQL
OUGLS 2016: How profiling works in MySQLGeorgi Kodinov
 
The MySQL SYS Schema
The MySQL SYS SchemaThe MySQL SYS Schema
The MySQL SYS SchemaMark Leith
 
MySQL sys schema deep dive
MySQL sys schema deep diveMySQL sys schema deep dive
MySQL sys schema deep diveMark Leith
 
Install oracle siebel on windows 2008 r2
Install oracle siebel on windows 2008 r2Install oracle siebel on windows 2008 r2
Install oracle siebel on windows 2008 r2Osama Mustafa
 
Oracle Enterprise manager 13c Installation
Oracle Enterprise manager 13c InstallationOracle Enterprise manager 13c Installation
Oracle Enterprise manager 13c InstallationOsama Mustafa
 
Hardening Apache Web Server by Aswin
Hardening Apache Web Server by AswinHardening Apache Web Server by Aswin
Hardening Apache Web Server by AswinAgate Studio
 
Performance schema and sys schema
Performance schema and sys schemaPerformance schema and sys schema
Performance schema and sys schemaMark Leith
 
OUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source CodeOUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source CodeGeorgi Kodinov
 
MySQL sys schema deep dive
MySQL sys schema deep diveMySQL sys schema deep dive
MySQL sys schema deep diveMark Leith
 
MySQL Monitoring Mechanisms
MySQL Monitoring MechanismsMySQL Monitoring Mechanisms
MySQL Monitoring MechanismsMark Leith
 
How to add storage to esxi 5.5
How to add storage to esxi 5.5How to add storage to esxi 5.5
How to add storage to esxi 5.5Osama Mustafa
 
J2ee user managment using dwh builder
J2ee user managment using dwh builderJ2ee user managment using dwh builder
J2ee user managment using dwh builderOsama Mustafa
 
MySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench IntegrationMySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench IntegrationMario Beck
 
Mysql tech day_paris_ps_and_sys
Mysql tech day_paris_ps_and_sysMysql tech day_paris_ps_and_sys
Mysql tech day_paris_ps_and_sysMark Leith
 
Eouc 12 on 12c osama mustafa
Eouc 12 on 12c osama mustafaEouc 12 on 12c osama mustafa
Eouc 12 on 12c osama mustafaOsama Mustafa
 
Web Server Hardening
Web Server HardeningWeb Server Hardening
Web Server Hardeningn|u - The Open Security Community
 
Oracle autovue
Oracle autovueOracle autovue
Oracle autovueOsama Mustafa
 
Performance schema and_ps_helper
Performance schema and_ps_helperPerformance schema and_ps_helper
Performance schema and_ps_helperMark Leith
 
Oam install & config
Oam install & configOam install & config
Oam install & configVigilant Technologies
 
En rhel-deploy-oracle-rac-database-12c-rhel-7
En rhel-deploy-oracle-rac-database-12c-rhel-7En rhel-deploy-oracle-rac-database-12c-rhel-7
En rhel-deploy-oracle-rac-database-12c-rhel-7Rotua Damanik
 
Performance Schema and Sys Schema in MySQL 5.7
Performance Schema and Sys Schema in MySQL 5.7Performance Schema and Sys Schema in MySQL 5.7
Performance Schema and Sys Schema in MySQL 5.7Mark Leith
 
Create an Amazon Redshift Cluster with FlyData!
Create an Amazon Redshift Cluster with FlyData!Create an Amazon Redshift Cluster with FlyData!
Create an Amazon Redshift Cluster with FlyData!FlyData Inc.
 
Oracle Linux 7 Beta First Look (Installations)
Oracle Linux 7 Beta First Look (Installations)Oracle Linux 7 Beta First Look (Installations)
Oracle Linux 7 Beta First Look (Installations)Osama Mustafa
 
Oracle olap-installation
Oracle olap-installationOracle olap-installation
Oracle olap-installationAmit Sharma
 
Install oracle database 12c software on windows
Install oracle database 12c software on windowsInstall oracle database 12c software on windows
Install oracle database 12c software on windowsBiju Thomas
 
Web Application firewall-Mod security
Web Application firewall-Mod securityWeb Application firewall-Mod security
Web Application firewall-Mod securityRomansh Yadav
 
Coherence 12.1.3 hidden gems
Coherence 12.1.3 hidden gemsCoherence 12.1.3 hidden gems
Coherence 12.1.3 hidden gemsharvraja
 
MySQL For Linux Sysadmins
MySQL For Linux SysadminsMySQL For Linux Sysadmins
MySQL For Linux SysadminsMorgan Tocker
 

More Related Content

What's hot

Performance schema and sys schema
Performance schema and sys schemaPerformance schema and sys schema
Performance schema and sys schemaMark Leith
 
OUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source CodeOUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source CodeGeorgi Kodinov
 
MySQL sys schema deep dive
MySQL sys schema deep diveMySQL sys schema deep dive
MySQL sys schema deep diveMark Leith
 
MySQL Monitoring Mechanisms
MySQL Monitoring MechanismsMySQL Monitoring Mechanisms
MySQL Monitoring MechanismsMark Leith
 
How to add storage to esxi 5.5
How to add storage to esxi 5.5How to add storage to esxi 5.5
How to add storage to esxi 5.5Osama Mustafa
 
J2ee user managment using dwh builder
J2ee user managment using dwh builderJ2ee user managment using dwh builder
J2ee user managment using dwh builderOsama Mustafa
 
MySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench IntegrationMySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench IntegrationMario Beck
 
Mysql tech day_paris_ps_and_sys
Mysql tech day_paris_ps_and_sysMysql tech day_paris_ps_and_sys
Mysql tech day_paris_ps_and_sysMark Leith
 
Eouc 12 on 12c osama mustafa
Eouc 12 on 12c osama mustafaEouc 12 on 12c osama mustafa
Eouc 12 on 12c osama mustafaOsama Mustafa
 
Performance schema and_ps_helper
Performance schema and_ps_helperPerformance schema and_ps_helper
Performance schema and_ps_helperMark Leith
 
En rhel-deploy-oracle-rac-database-12c-rhel-7
En rhel-deploy-oracle-rac-database-12c-rhel-7En rhel-deploy-oracle-rac-database-12c-rhel-7
En rhel-deploy-oracle-rac-database-12c-rhel-7Rotua Damanik
 
Performance Schema and Sys Schema in MySQL 5.7
Performance Schema and Sys Schema in MySQL 5.7Performance Schema and Sys Schema in MySQL 5.7
Performance Schema and Sys Schema in MySQL 5.7Mark Leith
 
Create an Amazon Redshift Cluster with FlyData!
Create an Amazon Redshift Cluster with FlyData!Create an Amazon Redshift Cluster with FlyData!
Create an Amazon Redshift Cluster with FlyData!FlyData Inc.
 
Oracle Linux 7 Beta First Look (Installations)
Oracle Linux 7 Beta First Look (Installations)Oracle Linux 7 Beta First Look (Installations)
Oracle Linux 7 Beta First Look (Installations)Osama Mustafa
 
Oracle olap-installation
Oracle olap-installationOracle olap-installation
Oracle olap-installationAmit Sharma
 
Install oracle database 12c software on windows
Install oracle database 12c software on windowsInstall oracle database 12c software on windows
Install oracle database 12c software on windowsBiju Thomas
 
Web Application firewall-Mod security
Web Application firewall-Mod securityWeb Application firewall-Mod security
Web Application firewall-Mod securityRomansh Yadav
 

What's hot (20)

Performance schema and sys schema
Performance schema and sys schemaPerformance schema and sys schema
Performance schema and sys schema
 
OUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source CodeOUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source Code
 
MySQL sys schema deep dive
MySQL sys schema deep diveMySQL sys schema deep dive
MySQL sys schema deep dive
 
MySQL Monitoring Mechanisms
MySQL Monitoring MechanismsMySQL Monitoring Mechanisms
MySQL Monitoring Mechanisms
 
How to add storage to esxi 5.5
How to add storage to esxi 5.5How to add storage to esxi 5.5
How to add storage to esxi 5.5
 
J2ee user managment using dwh builder
J2ee user managment using dwh builderJ2ee user managment using dwh builder
J2ee user managment using dwh builder
 
MySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench IntegrationMySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench Integration
 
Mysql tech day_paris_ps_and_sys
Mysql tech day_paris_ps_and_sysMysql tech day_paris_ps_and_sys
Mysql tech day_paris_ps_and_sys
 
Eouc 12 on 12c osama mustafa
Eouc 12 on 12c osama mustafaEouc 12 on 12c osama mustafa
Eouc 12 on 12c osama mustafa
 
Web Server Hardening
Web Server HardeningWeb Server Hardening
Web Server Hardening
 
Oracle autovue
Oracle autovueOracle autovue
Oracle autovue
 
Performance schema and_ps_helper
Performance schema and_ps_helperPerformance schema and_ps_helper
Performance schema and_ps_helper
 
Oam install & config
Oam install & configOam install & config
Oam install & config
 
En rhel-deploy-oracle-rac-database-12c-rhel-7
En rhel-deploy-oracle-rac-database-12c-rhel-7En rhel-deploy-oracle-rac-database-12c-rhel-7
En rhel-deploy-oracle-rac-database-12c-rhel-7
 
Performance Schema and Sys Schema in MySQL 5.7
Performance Schema and Sys Schema in MySQL 5.7Performance Schema and Sys Schema in MySQL 5.7
Performance Schema and Sys Schema in MySQL 5.7
 
Create an Amazon Redshift Cluster with FlyData!
Create an Amazon Redshift Cluster with FlyData!Create an Amazon Redshift Cluster with FlyData!
Create an Amazon Redshift Cluster with FlyData!
 
Oracle Linux 7 Beta First Look (Installations)
Oracle Linux 7 Beta First Look (Installations)Oracle Linux 7 Beta First Look (Installations)
Oracle Linux 7 Beta First Look (Installations)
 
Oracle olap-installation
Oracle olap-installationOracle olap-installation
Oracle olap-installation
 
Install oracle database 12c software on windows
Install oracle database 12c software on windowsInstall oracle database 12c software on windows
Install oracle database 12c software on windows
 
Web Application firewall-Mod security
Web Application firewall-Mod securityWeb Application firewall-Mod security
Web Application firewall-Mod security
 

Similar to Decrease Your MySQL Attack Surface

Coherence 12.1.3 hidden gems
Coherence 12.1.3 hidden gemsCoherence 12.1.3 hidden gems
Coherence 12.1.3 hidden gemsharvraja
 
MySQL For Linux Sysadmins
MySQL For Linux SysadminsMySQL For Linux Sysadmins
MySQL For Linux SysadminsMorgan Tocker
 
Netherlands Tech Tour 05 - Strategic Operationalization of MySQL
Netherlands Tech Tour 05 - Strategic Operationalization of MySQLNetherlands Tech Tour 05 - Strategic Operationalization of MySQL
Netherlands Tech Tour 05 - Strategic Operationalization of MySQLMark Swarbrick
 
Database as a Service, Collaborate 2016
Database as a Service, Collaborate 2016Database as a Service, Collaborate 2016
Database as a Service, Collaborate 2016Kellyn Pot'Vin-Gorman
 
Scalablity and benchmark in mysql performance
Scalablity and benchmark in mysql performanceScalablity and benchmark in mysql performance
Scalablity and benchmark in mysql performanceAmrendra Kumar
 
2 Guide MySQL Cloud Service Provisioning.
2 Guide MySQL Cloud Service Provisioning.2 Guide MySQL Cloud Service Provisioning.
2 Guide MySQL Cloud Service Provisioning.Virve Kettunen
 
Oracle Management Cloud
Oracle Management CloudOracle Management Cloud
Oracle Management CloudFabio Batista
 
Increased Developer Productivity for IoT with Java and Reactive Blocks (Oracl...
Increased Developer Productivity for IoT with Java and Reactive Blocks (Oracl...Increased Developer Productivity for IoT with Java and Reactive Blocks (Oracl...
Increased Developer Productivity for IoT with Java and Reactive Blocks (Oracl...Bart Jonkers
 
10 Razões para Usar MySQL em Startups
10 Razões para Usar MySQL em Startups10 Razões para Usar MySQL em Startups
10 Razões para Usar MySQL em StartupsMySQL Brasil
 
Real life-maf-2015
Real life-maf-2015Real life-maf-2015
Real life-maf-2015Luc Bors
 
Oracle EM12c Release 4 New Features!
Oracle EM12c Release 4 New Features!Oracle EM12c Release 4 New Features!
Oracle EM12c Release 4 New Features!Kellyn Pot'Vin-Gorman
 
Using MySQL Enterprise Monitor for Continuous Performance Improvement
Using MySQL Enterprise Monitor for Continuous Performance ImprovementUsing MySQL Enterprise Monitor for Continuous Performance Improvement
Using MySQL Enterprise Monitor for Continuous Performance ImprovementMark Matthews
 
3 Guide MySQL Cloud Service Database Access
3 Guide MySQL Cloud Service Database Access 3 Guide MySQL Cloud Service Database Access
3 Guide MySQL Cloud Service Database Access Virve Kettunen
 
Surviving Life in the JavaScript Ecosystem
Surviving Life in the JavaScript EcosystemSurviving Life in the JavaScript Ecosystem
Surviving Life in the JavaScript EcosystemGeertjan Wielenga
 
Oracle Enterprise Manager for MySQL
Oracle Enterprise Manager for MySQLOracle Enterprise Manager for MySQL
Oracle Enterprise Manager for MySQLMario Beck
 
Real life-maf-2015-k scope-final
Real life-maf-2015-k scope-finalReal life-maf-2015-k scope-final
Real life-maf-2015-k scope-finalLuc Bors
 
Tweet for Beer - Beertap Powered by Java Goes IoT, Cloud, and JavaFX
Tweet for Beer - Beertap Powered by Java Goes IoT, Cloud, and JavaFXTweet for Beer - Beertap Powered by Java Goes IoT, Cloud, and JavaFX
Tweet for Beer - Beertap Powered by Java Goes IoT, Cloud, and JavaFXBruno Borges
 
Demo intelligent user experience with oracle mobility for publishing
Demo intelligent user experience with oracle mobility for publishingDemo intelligent user experience with oracle mobility for publishing
Demo intelligent user experience with oracle mobility for publishingVasily Demin
 

Similar to Decrease Your MySQL Attack Surface (20)

Coherence 12.1.3 hidden gems
Coherence 12.1.3 hidden gemsCoherence 12.1.3 hidden gems
Coherence 12.1.3 hidden gems
 
MySQL For Linux Sysadmins
MySQL For Linux SysadminsMySQL For Linux Sysadmins
MySQL For Linux Sysadmins
 
Netherlands Tech Tour 05 - Strategic Operationalization of MySQL
Netherlands Tech Tour 05 - Strategic Operationalization of MySQLNetherlands Tech Tour 05 - Strategic Operationalization of MySQL
Netherlands Tech Tour 05 - Strategic Operationalization of MySQL
 
Database as a Service, Collaborate 2016
Database as a Service, Collaborate 2016Database as a Service, Collaborate 2016
Database as a Service, Collaborate 2016
 
Scalablity and benchmark in mysql performance
Scalablity and benchmark in mysql performanceScalablity and benchmark in mysql performance
Scalablity and benchmark in mysql performance
 
2 Guide MySQL Cloud Service Provisioning.
2 Guide MySQL Cloud Service Provisioning.2 Guide MySQL Cloud Service Provisioning.
2 Guide MySQL Cloud Service Provisioning.
 
Oracle Management Cloud
Oracle Management CloudOracle Management Cloud
Oracle Management Cloud
 
Increased Developer Productivity for IoT with Java and Reactive Blocks (Oracl...
Increased Developer Productivity for IoT with Java and Reactive Blocks (Oracl...Increased Developer Productivity for IoT with Java and Reactive Blocks (Oracl...
Increased Developer Productivity for IoT with Java and Reactive Blocks (Oracl...
 
10 Razões para Usar MySQL em Startups
10 Razões para Usar MySQL em Startups10 Razões para Usar MySQL em Startups
10 Razões para Usar MySQL em Startups
 
Real life-maf-2015
Real life-maf-2015Real life-maf-2015
Real life-maf-2015
 
Oracle EM12c Release 4 New Features!
Oracle EM12c Release 4 New Features!Oracle EM12c Release 4 New Features!
Oracle EM12c Release 4 New Features!
 
Using MySQL Enterprise Monitor for Continuous Performance Improvement
Using MySQL Enterprise Monitor for Continuous Performance ImprovementUsing MySQL Enterprise Monitor for Continuous Performance Improvement
Using MySQL Enterprise Monitor for Continuous Performance Improvement
 
3 Guide MySQL Cloud Service Database Access
3 Guide MySQL Cloud Service Database Access 3 Guide MySQL Cloud Service Database Access
3 Guide MySQL Cloud Service Database Access
 
Surviving Life in the JavaScript Ecosystem
Surviving Life in the JavaScript EcosystemSurviving Life in the JavaScript Ecosystem
Surviving Life in the JavaScript Ecosystem
 
MySQL Security & GDPR
MySQL Security & GDPRMySQL Security & GDPR
MySQL Security & GDPR
 
Oracle Enterprise Manager for MySQL
Oracle Enterprise Manager for MySQLOracle Enterprise Manager for MySQL
Oracle Enterprise Manager for MySQL
 
Real life-maf-2015-k scope-final
Real life-maf-2015-k scope-finalReal life-maf-2015-k scope-final
Real life-maf-2015-k scope-final
 
Em13c New Features- Two of Two
Em13c New Features- Two of TwoEm13c New Features- Two of Two
Em13c New Features- Two of Two
 
Tweet for Beer - Beertap Powered by Java Goes IoT, Cloud, and JavaFX
Tweet for Beer - Beertap Powered by Java Goes IoT, Cloud, and JavaFXTweet for Beer - Beertap Powered by Java Goes IoT, Cloud, and JavaFX
Tweet for Beer - Beertap Powered by Java Goes IoT, Cloud, and JavaFX
 
Demo intelligent user experience with oracle mobility for publishing
Demo intelligent user experience with oracle mobility for publishingDemo intelligent user experience with oracle mobility for publishing
Demo intelligent user experience with oracle mobility for publishing
 

More from Georgi Kodinov

2023 TurnovoConf MySQL Authentication.pptx
2023 TurnovoConf MySQL Authentication.pptx2023 TurnovoConf MySQL Authentication.pptx
2023 TurnovoConf MySQL Authentication.pptxGeorgi Kodinov
 
2022 TurnovoConf MySQL за начинаещи.pptx
2022 TurnovoConf MySQL за начинаещи.pptx2022 TurnovoConf MySQL за начинаещи.pptx
2022 TurnovoConf MySQL за начинаещи.pptxGeorgi Kodinov
 
OpenSUSE Conf 2020 MySQL Clone
OpenSUSE Conf 2020 MySQL CloneOpenSUSE Conf 2020 MySQL Clone
OpenSUSE Conf 2020 MySQL CloneGeorgi Kodinov
 
2020 pre fosdem mysql clone
2020 pre fosdem mysql clone2020 pre fosdem mysql clone
2020 pre fosdem mysql cloneGeorgi Kodinov
 
2019 BGOUG Autumn MySQL Clone
2019 BGOUG Autumn MySQL Clone2019 BGOUG Autumn MySQL Clone
2019 BGOUG Autumn MySQL CloneGeorgi Kodinov
 
2019 indit blackhat_honeypot your database server
2019 indit blackhat_honeypot your database server2019 indit blackhat_honeypot your database server
2019 indit blackhat_honeypot your database serverGeorgi Kodinov
 
PLe19 How To Instrument Your Code in performance_schema
PLe19 How To Instrument Your Code in performance_schemaPLe19 How To Instrument Your Code in performance_schema
PLe19 How To Instrument Your Code in performance_schemaGeorgi Kodinov
 
DevTalks.ro 2019 What's New in MySQL 8.0 Security
DevTalks.ro 2019 What's New in MySQL 8.0 SecurityDevTalks.ro 2019 What's New in MySQL 8.0 Security
DevTalks.ro 2019 What's New in MySQL 8.0 SecurityGeorgi Kodinov
 
DevTalks.ro 2019 MySQL Data Masking Talk
DevTalks.ro 2019 MySQL Data Masking TalkDevTalks.ro 2019 MySQL Data Masking Talk
DevTalks.ro 2019 MySQL Data Masking TalkGeorgi Kodinov
 
FOSDEM19 MySQL Component Infrastructure
FOSDEM19 MySQL Component InfrastructureFOSDEM19 MySQL Component Infrastructure
FOSDEM19 MySQL Component InfrastructureGeorgi Kodinov
 
MySQL Enterprise Data Masking
MySQL Enterprise Data MaskingMySQL Enterprise Data Masking
MySQL Enterprise Data MaskingGeorgi Kodinov
 
Percona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 SecurityPercona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 SecurityGeorgi Kodinov
 
How to add stuff to MySQL
How to add stuff to MySQLHow to add stuff to MySQL
How to add stuff to MySQLGeorgi Kodinov
 
BGOUG17: Cloudy with a chance of MySQL
BGOUG17: Cloudy with a chance of MySQLBGOUG17: Cloudy with a chance of MySQL
BGOUG17: Cloudy with a chance of MySQLGeorgi Kodinov
 
Pl17: MySQL 8.0: security
Pl17: MySQL 8.0: securityPl17: MySQL 8.0: security
Pl17: MySQL 8.0: securityGeorgi Kodinov
 
Openfest15 MySQL Plugin Development
Openfest15 MySQL Plugin DevelopmentOpenfest15 MySQL Plugin Development
Openfest15 MySQL Plugin DevelopmentGeorgi Kodinov
 
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7Georgi Kodinov
 
BGOUG 2014: Developing Using MySQL
BGOUG 2014: Developing Using MySQLBGOUG 2014: Developing Using MySQL
BGOUG 2014: Developing Using MySQLGeorgi Kodinov
 
2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL ServerGeorgi Kodinov
 

More from Georgi Kodinov (20)

2023 TurnovoConf MySQL Authentication.pptx
2023 TurnovoConf MySQL Authentication.pptx2023 TurnovoConf MySQL Authentication.pptx
2023 TurnovoConf MySQL Authentication.pptx
 
2022 TurnovoConf MySQL за начинаещи.pptx
2022 TurnovoConf MySQL за начинаещи.pptx2022 TurnovoConf MySQL за начинаещи.pptx
2022 TurnovoConf MySQL за начинаещи.pptx
 
OpenSUSE Conf 2020 MySQL Clone
OpenSUSE Conf 2020 MySQL CloneOpenSUSE Conf 2020 MySQL Clone
OpenSUSE Conf 2020 MySQL Clone
 
2020 pre fosdem mysql clone
2020 pre fosdem mysql clone2020 pre fosdem mysql clone
2020 pre fosdem mysql clone
 
2019 BGOUG Autumn MySQL Clone
2019 BGOUG Autumn MySQL Clone2019 BGOUG Autumn MySQL Clone
2019 BGOUG Autumn MySQL Clone
 
2019 indit blackhat_honeypot your database server
2019 indit blackhat_honeypot your database server2019 indit blackhat_honeypot your database server
2019 indit blackhat_honeypot your database server
 
PLe19 How To Instrument Your Code in performance_schema
PLe19 How To Instrument Your Code in performance_schemaPLe19 How To Instrument Your Code in performance_schema
PLe19 How To Instrument Your Code in performance_schema
 
DevTalks.ro 2019 What's New in MySQL 8.0 Security
DevTalks.ro 2019 What's New in MySQL 8.0 SecurityDevTalks.ro 2019 What's New in MySQL 8.0 Security
DevTalks.ro 2019 What's New in MySQL 8.0 Security
 
DevTalks.ro 2019 MySQL Data Masking Talk
DevTalks.ro 2019 MySQL Data Masking TalkDevTalks.ro 2019 MySQL Data Masking Talk
DevTalks.ro 2019 MySQL Data Masking Talk
 
FOSDEM19 MySQL Component Infrastructure
FOSDEM19 MySQL Component InfrastructureFOSDEM19 MySQL Component Infrastructure
FOSDEM19 MySQL Component Infrastructure
 
MySQL Enterprise Data Masking
MySQL Enterprise Data MaskingMySQL Enterprise Data Masking
MySQL Enterprise Data Masking
 
Percona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 SecurityPercona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 Security
 
How to add stuff to MySQL
How to add stuff to MySQLHow to add stuff to MySQL
How to add stuff to MySQL
 
Pl18 saving bandwidth
Pl18 saving bandwidthPl18 saving bandwidth
Pl18 saving bandwidth
 
BGOUG17: Cloudy with a chance of MySQL
BGOUG17: Cloudy with a chance of MySQLBGOUG17: Cloudy with a chance of MySQL
BGOUG17: Cloudy with a chance of MySQL
 
Pl17: MySQL 8.0: security
Pl17: MySQL 8.0: securityPl17: MySQL 8.0: security
Pl17: MySQL 8.0: security
 
Openfest15 MySQL Plugin Development
Openfest15 MySQL Plugin DevelopmentOpenfest15 MySQL Plugin Development
Openfest15 MySQL Plugin Development
 
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
 
BGOUG 2014: Developing Using MySQL
BGOUG 2014: Developing Using MySQLBGOUG 2014: Developing Using MySQL
BGOUG 2014: Developing Using MySQL
 
2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server
 

Recently uploaded

Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 

Recently uploaded (20)

Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 

Decrease Your MySQL Attack Surface

  • 1. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Decrease Your MySQL Attack Surface Georgi “Joro” Kodinov Team Lead MySQL Server General Team
  • 2. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 2
  • 3. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 3 Goal: Make You Think About Security !
  • 4. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Agenda 4  What is “Attack Surface” ?  Why is it important to minimize it ?  Ways to decrease the attack surface  Further reading
  • 5. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | What is “Attack Surface” ? 5
  • 6. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. “The attack surface of a software environment is the sum of the different points where an unauthorized user can try to enter data to or extract data from an environment.” – Wikipedia 6
  • 7. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. What is “Attack Surface” ? • It’s a property of the whole environment – database, web server, application, network • Covers entering AND extracting data – Data are precious commodity • Is exploited by unauthorized users – That includes not-sufficiently-authorized too ! 7 Takeaway Points
  • 8. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Why is it Important to Minimize the Attack Surface ? 8
  • 9. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 9 It is FRIGHTENINGLY EASY to find and exploit weaknesses !
  • 10. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Even Safer Harbor Statement ! • This information is for demonstration only • It does not necessarily correspond to any actual live sites • You should use this information only to assess the defenses of your own installations • Never use the techniques displayed for any unauthorized access ! • Be very careful and double-check all tools you get from 3d parties before using them ! 10
  • 11. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. • 22165 wide open MySQL servers available on the Net • Root passwords where applicable • Most are probably vulnerable to manipulating the underlying OS too • Some of these are pretty recent finds too • All of that on a free, open web site 11 Finding You on the Net
  • 12. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. • All it needs to start is login access • Can work its way in through SQL injection too • Can automatically test password hashes against dictionary tables • Can retrieve OS files through the database • Can store the password hashes for later offline cracking • Can inject UDF shared objects into the database • “wizard” mode for “novice users” • Free and open source tool 12 And Going On Is Just As Easy …
  • 13. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 13 All that from using web search for few hours !
  • 14. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 14 Imagine the outcome if I was a professional !
  • 15. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 15 … or even up to no good !
  • 16. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Dolphins can kill sharks when working together ! 16
  • 17. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Ways to Decrease the Attack Surface 17
  • 18. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Always Be Up-to-date ! • It’s a race ! • 10 CVE reports addressed in the latest 5.6 MySQL Critical Patch Upgrade • Oracle provides a yum/apt repository – http://dev.mysql.com/downloads/repo/ 18 Ways to decrease the attack surface
  • 19. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Remove the stuff you don’t need • Run mysql_secure_installation. Now ! • Review and restrict the network interfaces that the server listens on • Generate SSL keys and make sure the server can “talk” SSL • Remove extra user accounts and privileges • Remove unneeded files and packages 19 Ways to decrease the attack surface
  • 20. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Have a Backup Plan • Schedule regular backups • Backup data, logs, and configuration • If your data are important, make backups of backups • Perform regular emergency drills 20 Ways to decrease the attack surface
  • 21. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Be Vigilant: Monitor, Audit, Log, Observe • Consider enabling query logging. Create a log backup policy. • Audit the server configuration for changes. Revert the bogus ones • Monitor your server logs. Set alerts for “unusual” patterns. • Monitor security related stats. Set alerts for “unusual” patterns. • Regularly probe your “defenses” by trying bad things on purpose • Consider using Enterprise Audit 21 Ways to decrease the attack surface
  • 22. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Take Control of Your User Accounts • Set passwords complexity standards • Rotate your passwords • Pick the right authentication method for your accounts • Audit changes to user account security • Avoid storing passwords in your scripts • Consider using Enterprise Authentication 22 Ways to decrease the attack surface
  • 23. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Useful Parameters Parameter Recommended Value secure_file_priv Designated directory symbolic_links Boolean NO default-storage-engine InnoDB general-log Boolean ON log-raw Default : OFF skip-networking ON, if you can afford it. SSL options Set to valid values
  • 24. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Useful Parameters Parameter Recommended Value plugin-dir Designated read-only directory chroot Designated directory, if you can afford it core-file OFF des-key-file File with DES keys read_only ON for slaves ! sha256_password RSA key RSA public private keys if can’t use SSL tmpdir Designated directory out of secure-file-priv
  • 25. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Questions and Answers 25

Editor's Notes

  1. CVE = Common Vulnerabilities and Exposures
  2. Symbolic_links : don’t follow symlinks Default-storage-engine : less crashes than myisam Log-raw : don’t mask passwords in logs
  3. Chroot : chroot jail Core-file: write core if mysql dies Des-key-file : makes for safer logging