SlideShare a Scribd company logo

Kebocoran Data_ Tindakan Hacker atau Kriminal_ Bagaimana kita mengantisipasinya_.pdf

E
Equnix Business Solutions

Equnix Business Solutions (Equnix) is an IT Solution provider in Indonesia, providing comprehensive solution services especially on the infrastructure side for corporate business needs based on research and Open Source. Equnix has 3 (three) main services known as the Trilogy of Services: Support (Maintenance/Managed), World class level of Software Development, and Expert Consulting and Assessment for High Performance Transactions System. Equnix is customer oriented, not product or principal. Equal opportunity based on merit is our credo in managing HR development.

Technology
1 of 22
Download to read offline
Kebocoran Data: Tindakan Hacker atau Kriminal? Bagaimana kita mengantisipasinya?
1. Improve the object functionality 2. Add some other function to the object 3. Creates a tools, software / anything needed by them in order to being useful (for them and others) 4. Collaborate, Open, and great personal integrity 1. Trespassing 2. Unauthorized Access: Penetration, 3. Steals, Robs, etc. 4. Looking for bounty 5. Abuse with damage (personal, public, etc) 6. Obscure, Covered, and in shadow Hacker Criminal
Richard Stallman Linus Torvalds Eric Raymond Greg Kroah Hartmann The Real Life Honourable Hacker
3P’s of security factor People Process Policy
1. Internal Fraud (Policy, People) a. Bad Intention Administrator b. 3rd party outsource 2. Unauthorized Access (Process, People) a. Social Engineering b. Privilege Access Abusive What is the cause of data leak?
3. NDA Violation (People) a. Bad Partner b. Bad Vendor 4. No Compliant Security System (Policy, Process, People) a. Backdoor, b. Security loophole c. Dual party superuser access What is the cause of data leak?
5. Security Breach (Policy, Process) a. Exploits (bug, backdoor, loopholes) b. Zero Day: tuxnet c. Injection (code, sql, etc) d. Penetration e. Side channel: eavesdropping, meltdown, spectre, etc 6. Others What is the cause of data leak?
Case - Heartbleed - Is a Bug found on OpenSSL implementation - Leak memory content running through server to client, vice versa - Allowed to exploit/extract user’s data from server through eavesdropping - Private keys are exposed - Check CVE-2014-0160 for more information
Security - CIA SOVEREIGNITY
Security - Data State
Hashing, what it is for? What is one-way encryption OR Hashing for? 1. As a product part of Encryption technology, but not considered as Encryption since it lose its capability to decypher back. Encryption is defined to encode plaintext into a ciphertext, which able to decode back into plaintext. 2. Hash function creates a digest, or a calculation or mapping a data into a simple, shorter data which can be relate. But it doesn’t guarantee to relate back 3. Hash data is a representative of the real data, for identity for some extent. 4. Hash function should be deterministic, giving consistent the same result for the same input. SHA-256/384/512, … Hash function is different compare to CRC32, Parity Code, Check Digit. But for some extend hash data can be use for Parity or Signature.
Security - Public Key Infrastructure Cryptography Products: A. Symmetric Encryption: a. AES: 128, 256 b. 3DES c. Camelia B. Asymmetric Encryption a. PKI - RSA C. Hashing Algorithm a. SHA-1, SHA256, SHA512 b. MD5 (obsolete)
Security - Encryption:A/Symmetric? Asymmetric keys usage: 1. Authentication, 2. Avoid MITM while sending key, 3. PKI (Public Key Infrastructure) 4. Pinpad ATM, EDC, 5. Mostly Financial Institution Part of End-to-end Security key factor Symmetric keys usage: 1. Avoid Unauthorized access to Data-At-Rest (Column Level Encryption, TDE, Storage Encryption) 2. Avoid Unauthorized access to Data-In-Transit, (SSL, IPSEC, TLS) 3. HTTPS, SSH, ... Part of End-to-end Security key factor
Key Management The most important in security is not about Encryption Algorithm, how long is your key, how big or small is your data, or where to put the data… It is about where to put the key, how to take the key, who can take the key, etc. IT IS ABOUT KEY MANAGEMENT HSM completes End-to-end Security design approach: 1. Authentication uses SSO 2. Network transfer secured by SSL 3. Each SSL and SSO Server require key, the key is provided and managed by HSM. 4. Hardware Module avoids physical breach.
Security - Single Sign On (SSO) Single Sign On works by having a central server, which all the applications trust. SSO requires one time authentication with a single set of login credentials to access multiple applications. It eliminates the hassle of remembering complex usernames and passwords for different services by providing a centralized user authentication service.
Security - Authentication? Authentication? Kerberos Authentication Flow CHAP (Challenge Authenticator Protocol, is also used in PostgreSQL. Describe as below: As long as there is no password data revelation on PostgreSQL, it is safe. Password is stored using hashing, some other data required to help
Security - User Management A system requires a User Access Management in order to managed the User’s access, role and its credentials. There are some options for managing the user’s access: 1. Single Sign On to store the User’s credential and its role. 2. Use HSM or Key Vault as centralized authenticator of the Credential 3. Use 2FA, with help of security device or biometric and authentication process is done in the 3rd party such as biometric server or HSM. 4. Use the same credential that is being used for Database access, in the other word, application doesn’t manage one, instead using Database’s credentials. A Database also requires a User Access Management in order to managed the User’s access, role and its credentials. There are some options for managing the Database user’s access: 1. Single Sign On to store the User’s credential and its role. 2. Use HSM or Key Vault as centralized authenticator of the Credential, approved 3rd party authenticator, such as: Kerbero, LDAP, etc. 3. Use 2FA, with help of security device or biometric and authentication process is done in the 3rd party such as biometric server or HSM. 4. Manage Privileges for Database objects 5. Account all User’s activities
Type of Data At Rest Encryption Storage Level Encryption is enabled by Operating System. Thus, it is not relate directly with database, even Database Server transparently didn’t recognize it. Storage-level Encryption
Type of Data At Rest Encryption Tablespace Encryption with transparent and very seamless access from Application into the Database Server, usually considered as TDE (Transparent Data Encryption) Tablespace-level Encryption
Type of Data At Rest Encryption Application Level Encryption can be done by 2 approach: using crypto functions (PgCrypto) or using API for crypto. The Apps itself which encrypt and decrypt data, and the app itself who deal with the Auth Key Management Application-level Encryption
THANKYOU For more information, please visit https:/ /equnix.asia
Kebocoran Data_ Tindakan Hacker atau Kriminal_ Bagaimana kita mengantisipasinya_.pdf

Recommended

Securing data at rest with encryption
Securing data at rest with encryptionSecuring data at rest with encryption
Securing data at rest with encryptionRuban Deventhiran
 
assign3.docx
assign3.docxassign3.docx
assign3.docxCaptain898
 
enhanced secure multi keyword top k retrieval in cloud
enhanced secure multi keyword top k retrieval in cloudenhanced secure multi keyword top k retrieval in cloud
enhanced secure multi keyword top k retrieval in cloudINFOGAIN PUBLICATION
 
Decentralized access control with authentication anonymous of data stored in ...
Decentralized access control with authentication anonymous of data stored in ...Decentralized access control with authentication anonymous of data stored in ...
Decentralized access control with authentication anonymous of data stored in ...Guellord Mpia
 
Authentication and session v4
Authentication and session v4Authentication and session v4
Authentication and session v4skimil
 
IJSRED-V2I5P16
IJSRED-V2I5P16IJSRED-V2I5P16
IJSRED-V2I5P16IJSRED
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Attribute-Based Data Sharing
Attribute-Based Data SharingAttribute-Based Data Sharing
Attribute-Based Data SharingIJERA Editor
 

Recommended

Securing data at rest with encryption
Securing data at rest with encryptionSecuring data at rest with encryption
Securing data at rest with encryptionRuban Deventhiran
 
assign3.docx
assign3.docxassign3.docx
assign3.docxCaptain898
 
enhanced secure multi keyword top k retrieval in cloud
enhanced secure multi keyword top k retrieval in cloudenhanced secure multi keyword top k retrieval in cloud
enhanced secure multi keyword top k retrieval in cloudINFOGAIN PUBLICATION
 
Decentralized access control with authentication anonymous of data stored in ...
Decentralized access control with authentication anonymous of data stored in ...Decentralized access control with authentication anonymous of data stored in ...
Decentralized access control with authentication anonymous of data stored in ...Guellord Mpia
 
Authentication and session v4
Authentication and session v4Authentication and session v4
Authentication and session v4skimil
 
IJSRED-V2I5P16
IJSRED-V2I5P16IJSRED-V2I5P16
IJSRED-V2I5P16IJSRED
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Attribute-Based Data Sharing
Attribute-Based Data SharingAttribute-Based Data Sharing
Attribute-Based Data SharingIJERA Editor
 
IMPLEMENTATION OF METHODS FOR TRANSACTION IN SECURE ONLINE BANKING
IMPLEMENTATION OF METHODS FOR TRANSACTION IN SECURE ONLINE BANKINGIMPLEMENTATION OF METHODS FOR TRANSACTION IN SECURE ONLINE BANKING
IMPLEMENTATION OF METHODS FOR TRANSACTION IN SECURE ONLINE BANKINGInternational Journal of Technical Research & Application
 
Secure 3 kany-vanda
Secure 3 kany-vandaSecure 3 kany-vanda
Secure 3 kany-vandaVanda KANY
 
Cryptography and authentication
Cryptography and authenticationCryptography and authentication
Cryptography and authenticationmbadhi
 
Database managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxeDatabase managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxechnrketan
 
Encryption by fastech
Encryption by fastechEncryption by fastech
Encryption by fastechAbdulafeez Fasasi
 
Paper2
Paper2Paper2
Paper2Vikas Khairnar
 
Frost & Sullivan: Moving Forward with Distributed Cryptography
Frost & Sullivan: Moving Forward with Distributed CryptographyFrost & Sullivan: Moving Forward with Distributed Cryptography
Frost & Sullivan: Moving Forward with Distributed CryptographyEMC
 
Implementation of De-Duplication Algorithm
Implementation of De-Duplication AlgorithmImplementation of De-Duplication Algorithm
Implementation of De-Duplication AlgorithmIRJET Journal
 
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Editor IJMTER
 
CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) ghayour abbas
 
OWASP_Training.pptx
OWASP_Training.pptxOWASP_Training.pptx
OWASP_Training.pptxPradip Bhattarai
 
CHAPTER 7 Authentication and Authorization On
CHAPTER 7 Authentication and Authorization OnCHAPTER 7 Authentication and Authorization On
CHAPTER 7 Authentication and Authorization OnMaximaSheffield592
 
Key aggregate searchable encryption (kase) for group data sharing via cloud s...
Key aggregate searchable encryption (kase) for group data sharing via cloud s...Key aggregate searchable encryption (kase) for group data sharing via cloud s...
Key aggregate searchable encryption (kase) for group data sharing via cloud s...Pvrtechnologies Nellore
 
Multi-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data EncryptionMulti-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data EncryptionCSCJournals
 
HP secure mail techincal brief and the ibe advantage
HP secure mail techincal brief and the ibe advantageHP secure mail techincal brief and the ibe advantage
HP secure mail techincal brief and the ibe advantageat MicroFocus Italy ❖✔
 
A Review on Key-Aggregate Cryptosystem for Climbable Knowledge Sharing in Clo...
A Review on Key-Aggregate Cryptosystem for Climbable Knowledge Sharing in Clo...A Review on Key-Aggregate Cryptosystem for Climbable Knowledge Sharing in Clo...
A Review on Key-Aggregate Cryptosystem for Climbable Knowledge Sharing in Clo...Editor IJCATR
 
Big data security_issues_research_paper
Big data security_issues_research_paperBig data security_issues_research_paper
Big data security_issues_research_paperLuisa Francisco
 
CLOUD SECURITY.pptx
CLOUD SECURITY.pptxCLOUD SECURITY.pptx
CLOUD SECURITY.pptxMrPrathapG
 
Serverless Security Checklist
Serverless Security ChecklistServerless Security Checklist
Serverless Security ChecklistSimform
 
2nd rvw
2nd rvw2nd rvw
2nd rvwSubraja Subi
 
Yang perlu kita ketahui Untuk memahami aspek utama IT dalam bisnis_.pdf
Yang perlu kita ketahui Untuk memahami aspek utama IT dalam bisnis_.pdfYang perlu kita ketahui Untuk memahami aspek utama IT dalam bisnis_.pdf
Yang perlu kita ketahui Untuk memahami aspek utama IT dalam bisnis_.pdfEqunix Business Solutions
 
Kuliah Tamu - Dari Proses Bisnis Menuju Struktur Data.pdf
Kuliah Tamu - Dari Proses Bisnis Menuju Struktur Data.pdfKuliah Tamu - Dari Proses Bisnis Menuju Struktur Data.pdf
Kuliah Tamu - Dari Proses Bisnis Menuju Struktur Data.pdfEqunix Business Solutions
 

More Related Content

Similar to Kebocoran Data_ Tindakan Hacker atau Kriminal_ Bagaimana kita mengantisipasinya_.pdf

Secure 3 kany-vanda
Secure 3 kany-vandaSecure 3 kany-vanda
Secure 3 kany-vandaVanda KANY
 
Cryptography and authentication
Cryptography and authenticationCryptography and authentication
Cryptography and authenticationmbadhi
 
Database managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxeDatabase managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxechnrketan
 
Frost & Sullivan: Moving Forward with Distributed Cryptography
Frost & Sullivan: Moving Forward with Distributed CryptographyFrost & Sullivan: Moving Forward with Distributed Cryptography
Frost & Sullivan: Moving Forward with Distributed CryptographyEMC
 
Implementation of De-Duplication Algorithm
Implementation of De-Duplication AlgorithmImplementation of De-Duplication Algorithm
Implementation of De-Duplication AlgorithmIRJET Journal
 
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Editor IJMTER
 
CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) ghayour abbas
 
CHAPTER 7 Authentication and Authorization On
CHAPTER 7 Authentication and Authorization OnCHAPTER 7 Authentication and Authorization On
CHAPTER 7 Authentication and Authorization OnMaximaSheffield592
 
Key aggregate searchable encryption (kase) for group data sharing via cloud s...
Key aggregate searchable encryption (kase) for group data sharing via cloud s...Key aggregate searchable encryption (kase) for group data sharing via cloud s...
Key aggregate searchable encryption (kase) for group data sharing via cloud s...Pvrtechnologies Nellore
 
Multi-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data EncryptionMulti-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data EncryptionCSCJournals
 
HP secure mail techincal brief and the ibe advantage
HP secure mail techincal brief and the ibe advantageHP secure mail techincal brief and the ibe advantage
HP secure mail techincal brief and the ibe advantageat MicroFocus Italy ❖✔
 
A Review on Key-Aggregate Cryptosystem for Climbable Knowledge Sharing in Clo...
A Review on Key-Aggregate Cryptosystem for Climbable Knowledge Sharing in Clo...A Review on Key-Aggregate Cryptosystem for Climbable Knowledge Sharing in Clo...
A Review on Key-Aggregate Cryptosystem for Climbable Knowledge Sharing in Clo...Editor IJCATR
 
Big data security_issues_research_paper
Big data security_issues_research_paperBig data security_issues_research_paper
Big data security_issues_research_paperLuisa Francisco
 
CLOUD SECURITY.pptx
CLOUD SECURITY.pptxCLOUD SECURITY.pptx
CLOUD SECURITY.pptxMrPrathapG
 
Serverless Security Checklist
Serverless Security ChecklistServerless Security Checklist
Serverless Security ChecklistSimform
 

Similar to Kebocoran Data_ Tindakan Hacker atau Kriminal_ Bagaimana kita mengantisipasinya_.pdf (20)

IMPLEMENTATION OF METHODS FOR TRANSACTION IN SECURE ONLINE BANKING
IMPLEMENTATION OF METHODS FOR TRANSACTION IN SECURE ONLINE BANKINGIMPLEMENTATION OF METHODS FOR TRANSACTION IN SECURE ONLINE BANKING
IMPLEMENTATION OF METHODS FOR TRANSACTION IN SECURE ONLINE BANKING
 
Secure 3 kany-vanda
Secure 3 kany-vandaSecure 3 kany-vanda
Secure 3 kany-vanda
 
Cryptography and authentication
Cryptography and authenticationCryptography and authentication
Cryptography and authentication
 
Database managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxeDatabase managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxe
 
Encryption by fastech
Encryption by fastechEncryption by fastech
Encryption by fastech
 
Paper2
Paper2Paper2
Paper2
 
Frost & Sullivan: Moving Forward with Distributed Cryptography
Frost & Sullivan: Moving Forward with Distributed CryptographyFrost & Sullivan: Moving Forward with Distributed Cryptography
Frost & Sullivan: Moving Forward with Distributed Cryptography
 
Implementation of De-Duplication Algorithm
Implementation of De-Duplication AlgorithmImplementation of De-Duplication Algorithm
Implementation of De-Duplication Algorithm
 
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
 
CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System)
 
OWASP_Training.pptx
OWASP_Training.pptxOWASP_Training.pptx
OWASP_Training.pptx
 
CHAPTER 7 Authentication and Authorization On
CHAPTER 7 Authentication and Authorization OnCHAPTER 7 Authentication and Authorization On
CHAPTER 7 Authentication and Authorization On
 
Key aggregate searchable encryption (kase) for group data sharing via cloud s...
Key aggregate searchable encryption (kase) for group data sharing via cloud s...Key aggregate searchable encryption (kase) for group data sharing via cloud s...
Key aggregate searchable encryption (kase) for group data sharing via cloud s...
 
Multi-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data EncryptionMulti-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data Encryption
 
HP secure mail techincal brief and the ibe advantage
HP secure mail techincal brief and the ibe advantageHP secure mail techincal brief and the ibe advantage
HP secure mail techincal brief and the ibe advantage
 
A Review on Key-Aggregate Cryptosystem for Climbable Knowledge Sharing in Clo...
A Review on Key-Aggregate Cryptosystem for Climbable Knowledge Sharing in Clo...A Review on Key-Aggregate Cryptosystem for Climbable Knowledge Sharing in Clo...
A Review on Key-Aggregate Cryptosystem for Climbable Knowledge Sharing in Clo...
 
Big data security_issues_research_paper
Big data security_issues_research_paperBig data security_issues_research_paper
Big data security_issues_research_paper
 
CLOUD SECURITY.pptx
CLOUD SECURITY.pptxCLOUD SECURITY.pptx
CLOUD SECURITY.pptx
 
Serverless Security Checklist
Serverless Security ChecklistServerless Security Checklist
Serverless Security Checklist
 
2nd rvw
2nd rvw2nd rvw
2nd rvw
 

More from Equnix Business Solutions

Yang perlu kita ketahui Untuk memahami aspek utama IT dalam bisnis_.pdf
Yang perlu kita ketahui Untuk memahami aspek utama IT dalam bisnis_.pdfYang perlu kita ketahui Untuk memahami aspek utama IT dalam bisnis_.pdf
Yang perlu kita ketahui Untuk memahami aspek utama IT dalam bisnis_.pdfEqunix Business Solutions
 
Kuliah Tamu - Dari Proses Bisnis Menuju Struktur Data.pdf
Kuliah Tamu - Dari Proses Bisnis Menuju Struktur Data.pdfKuliah Tamu - Dari Proses Bisnis Menuju Struktur Data.pdf
Kuliah Tamu - Dari Proses Bisnis Menuju Struktur Data.pdfEqunix Business Solutions
 
EWTT22_ Apakah Open Source Cocok digunakan dalam Korporasi_.pdf
EWTT22_ Apakah Open Source Cocok digunakan dalam Korporasi_.pdfEWTT22_ Apakah Open Source Cocok digunakan dalam Korporasi_.pdf
EWTT22_ Apakah Open Source Cocok digunakan dalam Korporasi_.pdfEqunix Business Solutions
 
Oracle to PostgreSQL, Challenges to Opportunity.pdf
Oracle to PostgreSQL, Challenges to Opportunity.pdfOracle to PostgreSQL, Challenges to Opportunity.pdf
Oracle to PostgreSQL, Challenges to Opportunity.pdfEqunix Business Solutions
 
[EWTT2022] Strategi Implementasi Database dalam Microservice Architecture.pdf
[EWTT2022] Strategi Implementasi Database dalam Microservice Architecture.pdf[EWTT2022] Strategi Implementasi Database dalam Microservice Architecture.pdf
[EWTT2022] Strategi Implementasi Database dalam Microservice Architecture.pdfEqunix Business Solutions
 
Webinar2021 - Does HA Can Help You Balance Your Load-.pdf
Webinar2021 - Does HA Can Help You Balance Your Load-.pdfWebinar2021 - Does HA Can Help You Balance Your Load-.pdf
Webinar2021 - Does HA Can Help You Balance Your Load-.pdfEqunix Business Solutions
 
Webinar2021 - In-Memory Database, is it really faster-.pdf
Webinar2021 - In-Memory Database, is it really faster-.pdfWebinar2021 - In-Memory Database, is it really faster-.pdf
Webinar2021 - In-Memory Database, is it really faster-.pdfEqunix Business Solutions
 
equpos - General Presentation v20230420.pptx
equpos - General Presentation v20230420.pptxequpos - General Presentation v20230420.pptx
equpos - General Presentation v20230420.pptxEqunix Business Solutions
 
Equnix Appliance- Jawaban terbaik untuk kebutuhan komputasi yang mumpuni.pdf
Equnix Appliance- Jawaban terbaik untuk kebutuhan komputasi yang mumpuni.pdfEqunix Appliance- Jawaban terbaik untuk kebutuhan komputasi yang mumpuni.pdf
Equnix Appliance- Jawaban terbaik untuk kebutuhan komputasi yang mumpuni.pdfEqunix Business Solutions
 
OSPX - Professional PostgreSQL Certification Scheme v20201111.pdf
OSPX - Professional PostgreSQL Certification Scheme v20201111.pdfOSPX - Professional PostgreSQL Certification Scheme v20201111.pdf
OSPX - Professional PostgreSQL Certification Scheme v20201111.pdfEqunix Business Solutions
 
PGConf.ASIA 2019 - The Future of TDEforPG - Taiki Kondo
PGConf.ASIA 2019 - The Future of TDEforPG - Taiki KondoPGConf.ASIA 2019 - The Future of TDEforPG - Taiki Kondo
PGConf.ASIA 2019 - The Future of TDEforPG - Taiki KondoEqunix Business Solutions
 
PGConf.ASIA 2019 - PGSpider High Performance Cluster Engine - Shigeo Hirose
PGConf.ASIA 2019 - PGSpider High Performance Cluster Engine - Shigeo HirosePGConf.ASIA 2019 - PGSpider High Performance Cluster Engine - Shigeo Hirose
PGConf.ASIA 2019 - PGSpider High Performance Cluster Engine - Shigeo HiroseEqunix Business Solutions
 
PGConf.ASIA 2019 - High Availability, 10 Seconds Failover - Lucky Haryadi
PGConf.ASIA 2019 - High Availability, 10 Seconds Failover - Lucky HaryadiPGConf.ASIA 2019 - High Availability, 10 Seconds Failover - Lucky Haryadi
PGConf.ASIA 2019 - High Availability, 10 Seconds Failover - Lucky HaryadiEqunix Business Solutions
 
PGConf.ASIA 2019 Bali - Mission Critical Production High Availability Postgre...
PGConf.ASIA 2019 Bali - Mission Critical Production High Availability Postgre...PGConf.ASIA 2019 Bali - Mission Critical Production High Availability Postgre...
PGConf.ASIA 2019 Bali - Mission Critical Production High Availability Postgre...Equnix Business Solutions
 
PGConf.ASIA 2019 Bali - Keynote Speech 3 - Kohei KaiGai
PGConf.ASIA 2019 Bali - Keynote Speech 3 - Kohei KaiGaiPGConf.ASIA 2019 Bali - Keynote Speech 3 - Kohei KaiGai
PGConf.ASIA 2019 Bali - Keynote Speech 3 - Kohei KaiGaiEqunix Business Solutions
 
PGConf.ASIA 2019 Bali - Keynote Speech 2 - Ivan Pachenko
PGConf.ASIA 2019 Bali - Keynote Speech 2 - Ivan PachenkoPGConf.ASIA 2019 Bali - Keynote Speech 2 - Ivan Pachenko
PGConf.ASIA 2019 Bali - Keynote Speech 2 - Ivan PachenkoEqunix Business Solutions
 
PGConf.ASIA 2019 Bali - Keynote Speech 1 - Bruce Momjian
PGConf.ASIA 2019 Bali - Keynote Speech 1 - Bruce MomjianPGConf.ASIA 2019 Bali - Keynote Speech 1 - Bruce Momjian
PGConf.ASIA 2019 Bali - Keynote Speech 1 - Bruce MomjianEqunix Business Solutions
 

More from Equnix Business Solutions (20)

Yang perlu kita ketahui Untuk memahami aspek utama IT dalam bisnis_.pdf
Yang perlu kita ketahui Untuk memahami aspek utama IT dalam bisnis_.pdfYang perlu kita ketahui Untuk memahami aspek utama IT dalam bisnis_.pdf
Yang perlu kita ketahui Untuk memahami aspek utama IT dalam bisnis_.pdf
 
Kuliah Tamu - Dari Proses Bisnis Menuju Struktur Data.pdf
Kuliah Tamu - Dari Proses Bisnis Menuju Struktur Data.pdfKuliah Tamu - Dari Proses Bisnis Menuju Struktur Data.pdf
Kuliah Tamu - Dari Proses Bisnis Menuju Struktur Data.pdf
 
EWTT22_ Apakah Open Source Cocok digunakan dalam Korporasi_.pdf
EWTT22_ Apakah Open Source Cocok digunakan dalam Korporasi_.pdfEWTT22_ Apakah Open Source Cocok digunakan dalam Korporasi_.pdf
EWTT22_ Apakah Open Source Cocok digunakan dalam Korporasi_.pdf
 
Oracle to PostgreSQL, Challenges to Opportunity.pdf
Oracle to PostgreSQL, Challenges to Opportunity.pdfOracle to PostgreSQL, Challenges to Opportunity.pdf
Oracle to PostgreSQL, Challenges to Opportunity.pdf
 
[EWTT2022] Strategi Implementasi Database dalam Microservice Architecture.pdf
[EWTT2022] Strategi Implementasi Database dalam Microservice Architecture.pdf[EWTT2022] Strategi Implementasi Database dalam Microservice Architecture.pdf
[EWTT2022] Strategi Implementasi Database dalam Microservice Architecture.pdf
 
PostgreSQL as Enterprise Solution v1.1.pdf
PostgreSQL as Enterprise Solution v1.1.pdfPostgreSQL as Enterprise Solution v1.1.pdf
PostgreSQL as Enterprise Solution v1.1.pdf
 
Webinar2021 - Does HA Can Help You Balance Your Load-.pdf
Webinar2021 - Does HA Can Help You Balance Your Load-.pdfWebinar2021 - Does HA Can Help You Balance Your Load-.pdf
Webinar2021 - Does HA Can Help You Balance Your Load-.pdf
 
Webinar2021 - In-Memory Database, is it really faster-.pdf
Webinar2021 - In-Memory Database, is it really faster-.pdfWebinar2021 - In-Memory Database, is it really faster-.pdf
Webinar2021 - In-Memory Database, is it really faster-.pdf
 
EQUNIX - PPT 11DB-Postgres™.pdf
EQUNIX - PPT 11DB-Postgres™.pdfEQUNIX - PPT 11DB-Postgres™.pdf
EQUNIX - PPT 11DB-Postgres™.pdf
 
equpos - General Presentation v20230420.pptx
equpos - General Presentation v20230420.pptxequpos - General Presentation v20230420.pptx
equpos - General Presentation v20230420.pptx
 
Equnix Appliance- Jawaban terbaik untuk kebutuhan komputasi yang mumpuni.pdf
Equnix Appliance- Jawaban terbaik untuk kebutuhan komputasi yang mumpuni.pdfEqunix Appliance- Jawaban terbaik untuk kebutuhan komputasi yang mumpuni.pdf
Equnix Appliance- Jawaban terbaik untuk kebutuhan komputasi yang mumpuni.pdf
 
OSPX - Professional PostgreSQL Certification Scheme v20201111.pdf
OSPX - Professional PostgreSQL Certification Scheme v20201111.pdfOSPX - Professional PostgreSQL Certification Scheme v20201111.pdf
OSPX - Professional PostgreSQL Certification Scheme v20201111.pdf
 
Equnix Company Profile v20230329.pdf
Equnix Company Profile v20230329.pdfEqunix Company Profile v20230329.pdf
Equnix Company Profile v20230329.pdf
 
PGConf.ASIA 2019 - The Future of TDEforPG - Taiki Kondo
PGConf.ASIA 2019 - The Future of TDEforPG - Taiki KondoPGConf.ASIA 2019 - The Future of TDEforPG - Taiki Kondo
PGConf.ASIA 2019 - The Future of TDEforPG - Taiki Kondo
 
PGConf.ASIA 2019 - PGSpider High Performance Cluster Engine - Shigeo Hirose
PGConf.ASIA 2019 - PGSpider High Performance Cluster Engine - Shigeo HirosePGConf.ASIA 2019 - PGSpider High Performance Cluster Engine - Shigeo Hirose
PGConf.ASIA 2019 - PGSpider High Performance Cluster Engine - Shigeo Hirose
 
PGConf.ASIA 2019 - High Availability, 10 Seconds Failover - Lucky Haryadi
PGConf.ASIA 2019 - High Availability, 10 Seconds Failover - Lucky HaryadiPGConf.ASIA 2019 - High Availability, 10 Seconds Failover - Lucky Haryadi
PGConf.ASIA 2019 - High Availability, 10 Seconds Failover - Lucky Haryadi
 
PGConf.ASIA 2019 Bali - Mission Critical Production High Availability Postgre...
PGConf.ASIA 2019 Bali - Mission Critical Production High Availability Postgre...PGConf.ASIA 2019 Bali - Mission Critical Production High Availability Postgre...
PGConf.ASIA 2019 Bali - Mission Critical Production High Availability Postgre...
 
PGConf.ASIA 2019 Bali - Keynote Speech 3 - Kohei KaiGai
PGConf.ASIA 2019 Bali - Keynote Speech 3 - Kohei KaiGaiPGConf.ASIA 2019 Bali - Keynote Speech 3 - Kohei KaiGai
PGConf.ASIA 2019 Bali - Keynote Speech 3 - Kohei KaiGai
 
PGConf.ASIA 2019 Bali - Keynote Speech 2 - Ivan Pachenko
PGConf.ASIA 2019 Bali - Keynote Speech 2 - Ivan PachenkoPGConf.ASIA 2019 Bali - Keynote Speech 2 - Ivan Pachenko
PGConf.ASIA 2019 Bali - Keynote Speech 2 - Ivan Pachenko
 
PGConf.ASIA 2019 Bali - Keynote Speech 1 - Bruce Momjian
PGConf.ASIA 2019 Bali - Keynote Speech 1 - Bruce MomjianPGConf.ASIA 2019 Bali - Keynote Speech 1 - Bruce Momjian
PGConf.ASIA 2019 Bali - Keynote Speech 1 - Bruce Momjian
 

Recently uploaded

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 

Recently uploaded (20)

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 

Kebocoran Data_ Tindakan Hacker atau Kriminal_ Bagaimana kita mengantisipasinya_.pdf

  • 1. Kebocoran Data: Tindakan Hacker atau Kriminal? Bagaimana kita mengantisipasinya?
  • 2. 1. Improve the object functionality 2. Add some other function to the object 3. Creates a tools, software / anything needed by them in order to being useful (for them and others) 4. Collaborate, Open, and great personal integrity 1. Trespassing 2. Unauthorized Access: Penetration, 3. Steals, Robs, etc. 4. Looking for bounty 5. Abuse with damage (personal, public, etc) 6. Obscure, Covered, and in shadow Hacker Criminal
  • 3. Richard Stallman Linus Torvalds Eric Raymond Greg Kroah Hartmann The Real Life Honourable Hacker
  • 4. 3P’s of security factor People Process Policy
  • 5. 1. Internal Fraud (Policy, People) a. Bad Intention Administrator b. 3rd party outsource 2. Unauthorized Access (Process, People) a. Social Engineering b. Privilege Access Abusive What is the cause of data leak?
  • 6. 3. NDA Violation (People) a. Bad Partner b. Bad Vendor 4. No Compliant Security System (Policy, Process, People) a. Backdoor, b. Security loophole c. Dual party superuser access What is the cause of data leak?
  • 7. 5. Security Breach (Policy, Process) a. Exploits (bug, backdoor, loopholes) b. Zero Day: tuxnet c. Injection (code, sql, etc) d. Penetration e. Side channel: eavesdropping, meltdown, spectre, etc 6. Others What is the cause of data leak?
  • 8. Case - Heartbleed - Is a Bug found on OpenSSL implementation - Leak memory content running through server to client, vice versa - Allowed to exploit/extract user’s data from server through eavesdropping - Private keys are exposed - Check CVE-2014-0160 for more information
  • 11. Hashing, what it is for? What is one-way encryption OR Hashing for? 1. As a product part of Encryption technology, but not considered as Encryption since it lose its capability to decypher back. Encryption is defined to encode plaintext into a ciphertext, which able to decode back into plaintext. 2. Hash function creates a digest, or a calculation or mapping a data into a simple, shorter data which can be relate. But it doesn’t guarantee to relate back 3. Hash data is a representative of the real data, for identity for some extent. 4. Hash function should be deterministic, giving consistent the same result for the same input. SHA-256/384/512, … Hash function is different compare to CRC32, Parity Code, Check Digit. But for some extend hash data can be use for Parity or Signature.
  • 12. Security - Public Key Infrastructure Cryptography Products: A. Symmetric Encryption: a. AES: 128, 256 b. 3DES c. Camelia B. Asymmetric Encryption a. PKI - RSA C. Hashing Algorithm a. SHA-1, SHA256, SHA512 b. MD5 (obsolete)
  • 13. Security - Encryption:A/Symmetric? Asymmetric keys usage: 1. Authentication, 2. Avoid MITM while sending key, 3. PKI (Public Key Infrastructure) 4. Pinpad ATM, EDC, 5. Mostly Financial Institution Part of End-to-end Security key factor Symmetric keys usage: 1. Avoid Unauthorized access to Data-At-Rest (Column Level Encryption, TDE, Storage Encryption) 2. Avoid Unauthorized access to Data-In-Transit, (SSL, IPSEC, TLS) 3. HTTPS, SSH, ... Part of End-to-end Security key factor
  • 14. Key Management The most important in security is not about Encryption Algorithm, how long is your key, how big or small is your data, or where to put the data… It is about where to put the key, how to take the key, who can take the key, etc. IT IS ABOUT KEY MANAGEMENT HSM completes End-to-end Security design approach: 1. Authentication uses SSO 2. Network transfer secured by SSL 3. Each SSL and SSO Server require key, the key is provided and managed by HSM. 4. Hardware Module avoids physical breach.
  • 15. Security - Single Sign On (SSO) Single Sign On works by having a central server, which all the applications trust. SSO requires one time authentication with a single set of login credentials to access multiple applications. It eliminates the hassle of remembering complex usernames and passwords for different services by providing a centralized user authentication service.
  • 16. Security - Authentication? Authentication? Kerberos Authentication Flow CHAP (Challenge Authenticator Protocol, is also used in PostgreSQL. Describe as below: As long as there is no password data revelation on PostgreSQL, it is safe. Password is stored using hashing, some other data required to help
  • 17. Security - User Management A system requires a User Access Management in order to managed the User’s access, role and its credentials. There are some options for managing the user’s access: 1. Single Sign On to store the User’s credential and its role. 2. Use HSM or Key Vault as centralized authenticator of the Credential 3. Use 2FA, with help of security device or biometric and authentication process is done in the 3rd party such as biometric server or HSM. 4. Use the same credential that is being used for Database access, in the other word, application doesn’t manage one, instead using Database’s credentials. A Database also requires a User Access Management in order to managed the User’s access, role and its credentials. There are some options for managing the Database user’s access: 1. Single Sign On to store the User’s credential and its role. 2. Use HSM or Key Vault as centralized authenticator of the Credential, approved 3rd party authenticator, such as: Kerbero, LDAP, etc. 3. Use 2FA, with help of security device or biometric and authentication process is done in the 3rd party such as biometric server or HSM. 4. Manage Privileges for Database objects 5. Account all User’s activities
  • 18. Type of Data At Rest Encryption Storage Level Encryption is enabled by Operating System. Thus, it is not relate directly with database, even Database Server transparently didn’t recognize it. Storage-level Encryption
  • 19. Type of Data At Rest Encryption Tablespace Encryption with transparent and very seamless access from Application into the Database Server, usually considered as TDE (Transparent Data Encryption) Tablespace-level Encryption
  • 20. Type of Data At Rest Encryption Application Level Encryption can be done by 2 approach: using crypto functions (PgCrypto) or using API for crypto. The Apps itself which encrypt and decrypt data, and the app itself who deal with the Auth Key Management Application-level Encryption
  • 21. THANKYOU For more information, please visit https:/ /equnix.asia