SlideShare a Scribd company logo

MySQL Security

M
Mario Beck

MySQL offers several new functionality to enhance security and make MySQL suitable for critical environments. Several add-ons help achieving regulatory compliance like PCI-DSS. Here is an overview of these features.

Technology
1 of 29
Download to read offline
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Security Mario Beck EMEA Presales Manager MySQL Mario.beck@oracle.com
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 43% of companies have experienced a data breach in the past year. Source: Ponemon Institute, 2014 Oracle Confidential – Internal/Restricted/Highly Restricted 2
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Mega Breaches 552 Million identities exposed in 2013. 493% increase over previous year 77% Web sites with vulnerabilities. 1-in-8 of all websites had a critical vulnerability. 8 Breaches that exposed more than 10 million records in 2013. Total Breaches increased 62% in 2013 Oracle Confidential – Internal/Restricted/Highly Restricted 3 Source: Internet Security Threat Report 2014, Symantec
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | • Poor Configurations – Set controls and change default setting • Over Privileged Accounts – Privilege Policies • Weak Access Control – Dedicated Administrative Accounts • Weak Authentication – Strong Password Enforcement • Weak Auditing – Compliance & Audit Policies • Lack of Encryption – Data, Back, & Network Encryption • Proper Credential or Key Management – Use mysql_config_editor , Key Vaults • Unsecured Backups – Encrypted Backups • No Monitoring – Security Monitoring, Users, Objects • Poorly Coded Applications – Database Firewall 4 Database Vulnerabilities
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Regulatory Compliance • Regulations – PCI – DSS: Payment Card Data – HIPAA: Privacy of Health Data – Sarbanes Oxley: Accuracy of Financial Data – EU Data Protection Directive: Protection of Personal Data – Data Protection Act (UK): Protection of Personal Data • Requirements – Continuous Monitoring (Users, Schema, Backups, etc) – Data Protection (Encryption, Privilege Management, etc.) – Data Retention (Backups, User Activity, etc.) – Data Auditing (User activity, etc.) 5
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | HIPPA • Access Controls – Access only to those persons or software programs that have been granted access rights – Unique User Identification, Emergency Access Procedure, Automatic Logoff, Encryption and Decryption • Authentication – Verify that a person or entity seeking electronic health information is the one claimed • Integrity – Protect electronic protected health information from improper alteration or destruction • Transmission Security – Guard against unauthorized access that is being transmitted over a network • Encryption – Encrypt electronic protected health information • Audit Control – Record and examine activity that contain or use electronic protected health information 7
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | DBA Responsibilities • Ensure only users who should get access, can get access • Limit what users and applications can do • Limit from where users and applications can access data • Watch what is happening, and when it happened • Make sure to back things up securely • Minimize attack surface
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Block Threats Auditing Regulatory Compliance Login and Query Activities SSL/TLS Public Key Private Key Digital Signatures Privilege Management Administration Database & Objects Proxy Users MySQL Linux / LDAP Windows AD Custom Oracle Confidential – Internal 9 MySQL Security Overview AuthorizationAuthentication Firewall & Auditing Encryption Security
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Authentication • Built in Authentication – user table stores users and encrypted passwords • X.509 – Server authenticates client certificates • MySQL Native, SHA 256 Password plugin – Native uses SHA1 or plugin with SHA-256 hashing and per user salting for user account passwords. • MySQL Enterprise Authentication – Microsoft Active Directory – Linux PAMs (Pluggable Authentication Modules) • Support LDAP and more • Custom Authentication 10
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Password Policies • Accounts without Passwords – Assign passwords to all accounts to prevent unauthorized use • Password Validation Plugin – Enforce Strong Passwords • Password Expiration/Rotation – Require users to reset their password • Account lockout (in v. 5.7) 11
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Authentication 12 • Integrate with Centralized Authentication Infrastructure – Centralized Account Management – Password Policy Management – Groups & Roles • PAM (Pluggable Authentication Modules) – Standard interface (Unix, LDAP, Kerberos, others) – Windows • Access native Windows service - Use to Authenticate users using Windows Active Directory or to a native host Integrates MySQL with existing security infrastructures
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Encryption • SSL/TLS Encryption – Between MySQL clients and Server – Replication: Between Master & Slave • Data Encryption – AES Encrypt/Decrypt 13 • MySQL Enterprise Encryption – Asymmetric Encrypt/Decrypt – Generate Public Key and Private Keys – Derive Session Keys – Digital Signatures • MySQL Enterprise Backup – AES Encrypt/Decrypt
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Encryption • MySQL encryption functions – Symmetric encryption AES256 (All Editions) – Public-key / asymmetric cryptography – RSA • Key management functions – Generate public and private keys – Key exchange methods: DH • Sign and verify data functions – Cryptographic hashing for digital signing, verification, & validation – RSA,DSA 14
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 15 High Level – Transparent Data Encryption MySQL Database Encrypted Tablespace Files Protected Key Hacker / Dishonest OS User Accesses Files Directly Information Access Blocked By Encryption New in MySQL 5.7.11!
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Introduction to using MySQL Transparent Data Encryption SQL • New option in CREATE TABLE ENCRYPTION=“Y” • New SQL : ALTER INSTANCE ROTATE INNODB MASTER KEY Plugin Infrastructure • New plugin type : keyring • Ability to load plugin before InnoDB initialization : --early-plugin-load Keyring plugin • Used to retrieve keys InnoDB • Support for encrypted tables • IMPORT/EXPORT of encrypted tables • Support for master key rotation Confidential – Oracle Internal/Restricted/Highly Restricted 16
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Backup • Online Backup for InnoDB (scriptable interface) • Full, Incremental, Partial Backups (with compression) • Strong Encryption (AES 256) • Point in Time, Full, Partial Recovery options • Metadata on status, progress, history • Scales – High Performance/Unlimited Database Size • Windows, Linux, Unix • Certified with Oracle Secure Backup, NetBackup, Tivoli, others 17
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Database Auditing • Auditing for Security & Compliance –FIPS, HIPAA, PCI-DSS, SOX, DISA STIG, … • MySQL built-in logging infrastructure: –general log, error log • MySQL Enterprise Audit –Granularity made for auditing –Can be modified live –Contains additional details –Compatible with Oracle Audit Vault.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Audit • Out-of-the-box logging of connections, logins, and query • User defined policies for filtering, and log rotation • Dynamically enabled, disabled: no server restart • XML-based audit stream per Oracle Audit Vault spec 19 Adds regulatory compliance to MySQL applications (HIPAA, Sarbanes-Oxley, PCI, etc.)
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Firewall • Real Time Protection – Queries analyzed and matched against White List • Blocks SQL Injection Attacks – Positive Security Model • Block Suspicious Traffic – Out of Policy Transactions detected & blocked • Learns White List – Automated creation of approved list of SQL command patterns on a per user basis • Transparent – No changes to application required 20 MySQL Enterprise Firewall monitoring
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Firewall • SQL Injection Protection with Positive Security Model 21 • Out of policy database transactions detected and blocked • Logging & Analysis Select * from employee where id=22 Select * from employee where id=22 or 1=1 Block & Log✖ Allow✔ White ListApplications
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Firewall Overview 22 Inbound SQL traffic Firewall Web Applications Internet In Whitelist ALLOW MySQL Instance SQL Injection Attack Via Brower Blocks SQL Attacks Allows Normal SQL Results Table Table Table Not In Whitelist BLOCK
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Firewall Details • Firewall operation is turned on at a per user level • Per User States are – RECORDING CALL mysql.sp_set_firewall_mode(´user@localhost´, ´RECORDING´); – PROTECTING CALL mysql.sp_set_firewall_mode(´user@localhost´, ´PROTECTING´); – OFF CALL mysql.sp_set_firewall_mode(´user@localhost´, ´OFF´); – DETECTING CALL mysql.sp_set_firewall_mode(´user@localhost´, ´DETECTING´); 23
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 24 Per User Firewall White Lists
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | What happens when SQL is blocked? • The client application gets an ERROR mysql> SELECT first_name, last_name FROM customer WHERE customer_id = 1 OR TRUE; ERROR 1045 (28000): Statement was blocked by Firewall mysql> SHOW DATABASES; ERROR 1045 (28000): Statement was blocked by Firewall mysql> TRUNCATE TABLE mysql.user; ERROR 1045 (28000): Statement was blocked by Firewall • Reported to the Error Log • Increment Counter 25
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Monitoring the Firewall Firewall Status Counters mysql> SHOW STATUS LIKE 'Firewall%'; +-------------------------+-------+ | Variable_name | Value | +-------------------------+-------+ | Firewall_access_denied | 32 | | Firewall_access_granted | 138 | | Firewall_cached_entries | 39 | +-------------------------+-------+ 3 rows in set (0,00 sec) 26
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | What’s the whitelist look like? • mysql> SELECT userhost, substr(rule,1,80) FROM mysql.firewall_whitelist WHERE userhost= 'wpuser@localhost'; +------------------+----------------------------------------------------------------------------------+ | userhost | substr(rule,1,80) | +------------------+----------------------------------------------------------------------------------+ | wpuser@localhost | SELECT * FROM `wp_posts` WHERE `ID` = ? LIMIT ? | | wpuser@localhost | SELECT `option_value` FROM `wp_options` WHERE `option_name` = ? LIMIT ? | | wpuser@localhost | SELECT `wp_posts` . * FROM `wp_posts` WHERE ? = ? AND `wp_posts` . `ID` = ? AND | ... | wpuser@localhost | UPDATE `wp_posts` SET `comment_count` = ? WHERE `ID` = ? | | wpuser@localhost | SELECT `t` . * , `tt` . * FROM `wp_terms` AS `t` INNER JOIN `wp_term_taxonomy` A | | wpuser@localhost | SELECT `t` . * , `tt` . * FROM `wp_terms` AS `t` INNER JOIN `wp_term_taxonomy` A | +------------------+----------------------------------------------------------------------------------+ 27
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Firewall Documentation • http://dev.mysql.com/doc/refman/5.6/en/firewall.html • http://mysqlserverteam.com/new-mysql-enterprise-firewall-prevent-sql- injection-attacks/ 28
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Block Threats Auditing Regulatory Compliance Login and Query Activities SSL/TLS Public Key Private Key Digital Signatures Privilege Management Administration Database & Objects Proxy Users MySQL Linux / LDAP Windows AD Custom Oracle Confidential – Internal 29 MySQL Security Overview AuthorizationAuthentication Firewall & Auditing Encryption Security
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Thank You

Recommended

MySQL 5.7: Focus on Replication
MySQL 5.7: Focus on ReplicationMySQL 5.7: Focus on Replication
MySQL 5.7: Focus on ReplicationMario Beck
 
MySQL 5.7: What's New, Nov. 2015
MySQL 5.7: What's New, Nov. 2015MySQL 5.7: What's New, Nov. 2015
MySQL 5.7: What's New, Nov. 2015Mario Beck
 
MySQL Community and Commercial Edition
MySQL Community and Commercial EditionMySQL Community and Commercial Edition
MySQL Community and Commercial EditionMario Beck
 
NoSQL and MySQL: News about JSON
NoSQL and MySQL: News about JSONNoSQL and MySQL: News about JSON
NoSQL and MySQL: News about JSONMario Beck
 
MySQL 5.7 Replication News
MySQL 5.7 Replication News MySQL 5.7 Replication News
MySQL 5.7 Replication News Ted Wennmark
 
MySQL Tech Tour 2015 - 5.7 Security
MySQL Tech Tour 2015 - 5.7 SecurityMySQL Tech Tour 2015 - 5.7 Security
MySQL Tech Tour 2015 - 5.7 SecurityMark Swarbrick
 
MySQL for Software-as-a-Service (SaaS)
MySQL for Software-as-a-Service (SaaS)MySQL for Software-as-a-Service (SaaS)
MySQL for Software-as-a-Service (SaaS)Mario Beck
 
MySQL for Oracle DBAs
MySQL for Oracle DBAsMySQL for Oracle DBAs
MySQL for Oracle DBAsMario Beck
 

Recommended

MySQL 5.7: Focus on Replication
MySQL 5.7: Focus on ReplicationMySQL 5.7: Focus on Replication
MySQL 5.7: Focus on ReplicationMario Beck
 
MySQL 5.7: What's New, Nov. 2015
MySQL 5.7: What's New, Nov. 2015MySQL 5.7: What's New, Nov. 2015
MySQL 5.7: What's New, Nov. 2015Mario Beck
 
MySQL Community and Commercial Edition
MySQL Community and Commercial EditionMySQL Community and Commercial Edition
MySQL Community and Commercial EditionMario Beck
 
NoSQL and MySQL: News about JSON
NoSQL and MySQL: News about JSONNoSQL and MySQL: News about JSON
NoSQL and MySQL: News about JSONMario Beck
 
MySQL 5.7 Replication News
MySQL 5.7 Replication News MySQL 5.7 Replication News
MySQL 5.7 Replication News Ted Wennmark
 
MySQL Tech Tour 2015 - 5.7 Security
MySQL Tech Tour 2015 - 5.7 SecurityMySQL Tech Tour 2015 - 5.7 Security
MySQL Tech Tour 2015 - 5.7 SecurityMark Swarbrick
 
MySQL for Software-as-a-Service (SaaS)
MySQL for Software-as-a-Service (SaaS)MySQL for Software-as-a-Service (SaaS)
MySQL for Software-as-a-Service (SaaS)Mario Beck
 
MySQL for Oracle DBAs
MySQL for Oracle DBAsMySQL for Oracle DBAs
MySQL for Oracle DBAsMario Beck
 
MySQL Tech Tour 2015 - 5.7 Whats new
MySQL Tech Tour 2015 - 5.7 Whats newMySQL Tech Tour 2015 - 5.7 Whats new
MySQL Tech Tour 2015 - 5.7 Whats newMark Swarbrick
 
MySQL High Availibility Solutions
MySQL High Availibility SolutionsMySQL High Availibility Solutions
MySQL High Availibility SolutionsMark Swarbrick
 
MySQL Document Store
MySQL Document StoreMySQL Document Store
MySQL Document StoreMario Beck
 
MySQL Security
MySQL SecurityMySQL Security
MySQL SecurityTed Wennmark
 
MySQL 5.6, news in 5.7 and our HA options
MySQL 5.6, news in 5.7 and our HA optionsMySQL 5.6, news in 5.7 and our HA options
MySQL 5.6, news in 5.7 and our HA optionsTed Wennmark
 
MySQL InnoDB Cluster - A complete High Availability solution for MySQL
MySQL InnoDB Cluster - A complete High Availability solution for MySQLMySQL InnoDB Cluster - A complete High Availability solution for MySQL
MySQL InnoDB Cluster - A complete High Availability solution for MySQLOlivier DASINI
 
MySQL Manchester TT - 5.7 Whats new
MySQL Manchester TT - 5.7 Whats newMySQL Manchester TT - 5.7 Whats new
MySQL Manchester TT - 5.7 Whats newMark Swarbrick
 
MySQL Day Paris 2016 - MySQL HA: InnoDB Cluster and NDB Cluster
MySQL Day Paris 2016 - MySQL HA: InnoDB Cluster and NDB ClusterMySQL Day Paris 2016 - MySQL HA: InnoDB Cluster and NDB Cluster
MySQL Day Paris 2016 - MySQL HA: InnoDB Cluster and NDB ClusterOlivier DASINI
 
MySQL Intro JSON NoSQL
MySQL Intro JSON NoSQLMySQL Intro JSON NoSQL
MySQL Intro JSON NoSQLMark Swarbrick
 
MySQL Day Paris 2016 - Introducing Oracle MySQL Cloud Service
MySQL Day Paris 2016 - Introducing Oracle MySQL Cloud ServiceMySQL Day Paris 2016 - Introducing Oracle MySQL Cloud Service
MySQL Day Paris 2016 - Introducing Oracle MySQL Cloud ServiceOlivier DASINI
 
Why MySQL High Availability Matters
Why MySQL High Availability MattersWhy MySQL High Availability Matters
Why MySQL High Availability MattersMatt Lord
 
MySQL Day Paris 2016 - MySQL Enterprise Edition
MySQL Day Paris 2016 - MySQL Enterprise EditionMySQL Day Paris 2016 - MySQL Enterprise Edition
MySQL Day Paris 2016 - MySQL Enterprise EditionOlivier DASINI
 
MySQL Tech Tour 2015 - Alt Intro
MySQL Tech Tour 2015 - Alt IntroMySQL Tech Tour 2015 - Alt Intro
MySQL Tech Tour 2015 - Alt IntroMark Swarbrick
 
Mysql security 5.7
Mysql security 5.7 Mysql security 5.7
Mysql security 5.7 Mark Swarbrick
 
MySQL Enterprise Portfolio
MySQL Enterprise PortfolioMySQL Enterprise Portfolio
MySQL Enterprise PortfolioAbel Flórez
 
MySQL Enterprise Edition Overview
MySQL Enterprise Edition OverviewMySQL Enterprise Edition Overview
MySQL Enterprise Edition OverviewMario Beck
 
What's new in MySQL 5.7, Oracle Virtual Technology Summit, 2016
What's new in MySQL 5.7, Oracle Virtual Technology Summit, 2016What's new in MySQL 5.7, Oracle Virtual Technology Summit, 2016
What's new in MySQL 5.7, Oracle Virtual Technology Summit, 2016Geir Høydalsvik
 
MySQL 5.7 - What's new, How to upgrade and Document Store
MySQL 5.7 - What's new, How to upgrade and Document StoreMySQL 5.7 - What's new, How to upgrade and Document Store
MySQL 5.7 - What's new, How to upgrade and Document StoreAbel Flórez
 
MySQL Manchester TT - Security
MySQL Manchester TT - SecurityMySQL Manchester TT - Security
MySQL Manchester TT - SecurityMark Swarbrick
 
MySQL Enterprise Monitor
MySQL Enterprise MonitorMySQL Enterprise Monitor
MySQL Enterprise MonitorMario Beck
 
Modern Data Security with MySQL
Modern Data Security with MySQLModern Data Security with MySQL
Modern Data Security with MySQLVittorio Cioe
 
AV/DF Advanced Security Option
AV/DF Advanced Security OptionAV/DF Advanced Security Option
AV/DF Advanced Security OptionDLT Solutions
 

More Related Content

What's hot

MySQL Tech Tour 2015 - 5.7 Whats new
MySQL Tech Tour 2015 - 5.7 Whats newMySQL Tech Tour 2015 - 5.7 Whats new
MySQL Tech Tour 2015 - 5.7 Whats newMark Swarbrick
 
MySQL High Availibility Solutions
MySQL High Availibility SolutionsMySQL High Availibility Solutions
MySQL High Availibility SolutionsMark Swarbrick
 
MySQL Document Store
MySQL Document StoreMySQL Document Store
MySQL Document StoreMario Beck
 
MySQL 5.6, news in 5.7 and our HA options
MySQL 5.6, news in 5.7 and our HA optionsMySQL 5.6, news in 5.7 and our HA options
MySQL 5.6, news in 5.7 and our HA optionsTed Wennmark
 
MySQL InnoDB Cluster - A complete High Availability solution for MySQL
MySQL InnoDB Cluster - A complete High Availability solution for MySQLMySQL InnoDB Cluster - A complete High Availability solution for MySQL
MySQL InnoDB Cluster - A complete High Availability solution for MySQLOlivier DASINI
 
MySQL Manchester TT - 5.7 Whats new
MySQL Manchester TT - 5.7 Whats newMySQL Manchester TT - 5.7 Whats new
MySQL Manchester TT - 5.7 Whats newMark Swarbrick
 
MySQL Day Paris 2016 - MySQL HA: InnoDB Cluster and NDB Cluster
MySQL Day Paris 2016 - MySQL HA: InnoDB Cluster and NDB ClusterMySQL Day Paris 2016 - MySQL HA: InnoDB Cluster and NDB Cluster
MySQL Day Paris 2016 - MySQL HA: InnoDB Cluster and NDB ClusterOlivier DASINI
 
MySQL Intro JSON NoSQL
MySQL Intro JSON NoSQLMySQL Intro JSON NoSQL
MySQL Intro JSON NoSQLMark Swarbrick
 
MySQL Day Paris 2016 - Introducing Oracle MySQL Cloud Service
MySQL Day Paris 2016 - Introducing Oracle MySQL Cloud ServiceMySQL Day Paris 2016 - Introducing Oracle MySQL Cloud Service
MySQL Day Paris 2016 - Introducing Oracle MySQL Cloud ServiceOlivier DASINI
 
Why MySQL High Availability Matters
Why MySQL High Availability MattersWhy MySQL High Availability Matters
Why MySQL High Availability MattersMatt Lord
 
MySQL Day Paris 2016 - MySQL Enterprise Edition
MySQL Day Paris 2016 - MySQL Enterprise EditionMySQL Day Paris 2016 - MySQL Enterprise Edition
MySQL Day Paris 2016 - MySQL Enterprise EditionOlivier DASINI
 
MySQL Tech Tour 2015 - Alt Intro
MySQL Tech Tour 2015 - Alt IntroMySQL Tech Tour 2015 - Alt Intro
MySQL Tech Tour 2015 - Alt IntroMark Swarbrick
 
MySQL Enterprise Portfolio
MySQL Enterprise PortfolioMySQL Enterprise Portfolio
MySQL Enterprise PortfolioAbel Flórez
 
MySQL Enterprise Edition Overview
MySQL Enterprise Edition OverviewMySQL Enterprise Edition Overview
MySQL Enterprise Edition OverviewMario Beck
 
What's new in MySQL 5.7, Oracle Virtual Technology Summit, 2016
What's new in MySQL 5.7, Oracle Virtual Technology Summit, 2016What's new in MySQL 5.7, Oracle Virtual Technology Summit, 2016
What's new in MySQL 5.7, Oracle Virtual Technology Summit, 2016Geir Høydalsvik
 
MySQL 5.7 - What's new, How to upgrade and Document Store
MySQL 5.7 - What's new, How to upgrade and Document StoreMySQL 5.7 - What's new, How to upgrade and Document Store
MySQL 5.7 - What's new, How to upgrade and Document StoreAbel Flórez
 
MySQL Manchester TT - Security
MySQL Manchester TT - SecurityMySQL Manchester TT - Security
MySQL Manchester TT - SecurityMark Swarbrick
 
MySQL Enterprise Monitor
MySQL Enterprise MonitorMySQL Enterprise Monitor
MySQL Enterprise MonitorMario Beck
 

What's hot (20)

MySQL Tech Tour 2015 - 5.7 Whats new
MySQL Tech Tour 2015 - 5.7 Whats newMySQL Tech Tour 2015 - 5.7 Whats new
MySQL Tech Tour 2015 - 5.7 Whats new
 
MySQL High Availibility Solutions
MySQL High Availibility SolutionsMySQL High Availibility Solutions
MySQL High Availibility Solutions
 
MySQL Document Store
MySQL Document StoreMySQL Document Store
MySQL Document Store
 
MySQL Security
MySQL SecurityMySQL Security
MySQL Security
 
MySQL 5.6, news in 5.7 and our HA options
MySQL 5.6, news in 5.7 and our HA optionsMySQL 5.6, news in 5.7 and our HA options
MySQL 5.6, news in 5.7 and our HA options
 
MySQL InnoDB Cluster - A complete High Availability solution for MySQL
MySQL InnoDB Cluster - A complete High Availability solution for MySQLMySQL InnoDB Cluster - A complete High Availability solution for MySQL
MySQL InnoDB Cluster - A complete High Availability solution for MySQL
 
MySQL Manchester TT - 5.7 Whats new
MySQL Manchester TT - 5.7 Whats newMySQL Manchester TT - 5.7 Whats new
MySQL Manchester TT - 5.7 Whats new
 
MySQL Day Paris 2016 - MySQL HA: InnoDB Cluster and NDB Cluster
MySQL Day Paris 2016 - MySQL HA: InnoDB Cluster and NDB ClusterMySQL Day Paris 2016 - MySQL HA: InnoDB Cluster and NDB Cluster
MySQL Day Paris 2016 - MySQL HA: InnoDB Cluster and NDB Cluster
 
MySQL Intro JSON NoSQL
MySQL Intro JSON NoSQLMySQL Intro JSON NoSQL
MySQL Intro JSON NoSQL
 
MySQL Day Paris 2016 - Introducing Oracle MySQL Cloud Service
MySQL Day Paris 2016 - Introducing Oracle MySQL Cloud ServiceMySQL Day Paris 2016 - Introducing Oracle MySQL Cloud Service
MySQL Day Paris 2016 - Introducing Oracle MySQL Cloud Service
 
Why MySQL High Availability Matters
Why MySQL High Availability MattersWhy MySQL High Availability Matters
Why MySQL High Availability Matters
 
MySQL Day Paris 2016 - MySQL Enterprise Edition
MySQL Day Paris 2016 - MySQL Enterprise EditionMySQL Day Paris 2016 - MySQL Enterprise Edition
MySQL Day Paris 2016 - MySQL Enterprise Edition
 
MySQL Tech Tour 2015 - Alt Intro
MySQL Tech Tour 2015 - Alt IntroMySQL Tech Tour 2015 - Alt Intro
MySQL Tech Tour 2015 - Alt Intro
 
Mysql security 5.7
Mysql security 5.7 Mysql security 5.7
Mysql security 5.7
 
MySQL Enterprise Portfolio
MySQL Enterprise PortfolioMySQL Enterprise Portfolio
MySQL Enterprise Portfolio
 
MySQL Enterprise Edition Overview
MySQL Enterprise Edition OverviewMySQL Enterprise Edition Overview
MySQL Enterprise Edition Overview
 
What's new in MySQL 5.7, Oracle Virtual Technology Summit, 2016
What's new in MySQL 5.7, Oracle Virtual Technology Summit, 2016What's new in MySQL 5.7, Oracle Virtual Technology Summit, 2016
What's new in MySQL 5.7, Oracle Virtual Technology Summit, 2016
 
MySQL 5.7 - What's new, How to upgrade and Document Store
MySQL 5.7 - What's new, How to upgrade and Document StoreMySQL 5.7 - What's new, How to upgrade and Document Store
MySQL 5.7 - What's new, How to upgrade and Document Store
 
MySQL Manchester TT - Security
MySQL Manchester TT - SecurityMySQL Manchester TT - Security
MySQL Manchester TT - Security
 
MySQL Enterprise Monitor
MySQL Enterprise MonitorMySQL Enterprise Monitor
MySQL Enterprise Monitor
 

Similar to MySQL Security

Modern Data Security with MySQL
Modern Data Security with MySQLModern Data Security with MySQL
Modern Data Security with MySQLVittorio Cioe
 
AV/DF Advanced Security Option
AV/DF Advanced Security OptionAV/DF Advanced Security Option
AV/DF Advanced Security OptionDLT Solutions
 
Oracle Identity & Access Management
Oracle Identity & Access ManagementOracle Identity & Access Management
Oracle Identity & Access ManagementDLT Solutions
 
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom KyteOracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom KyteEdgar Alejandro Villegas
 
Oracle Enterprise Manager Security A Practitioners Guide
Oracle Enterprise Manager Security A Practitioners GuideOracle Enterprise Manager Security A Practitioners Guide
Oracle Enterprise Manager Security A Practitioners GuideCourtney Llamas
 
Oracle Identity Governance Technical Overview - 11gR2PS3
Oracle Identity Governance Technical Overview - 11gR2PS3Oracle Identity Governance Technical Overview - 11gR2PS3
Oracle Identity Governance Technical Overview - 11gR2PS3Atul Goyal
 
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirementsMySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirementsOlivier DASINI
 
Mysql user-camp-march-11th-2016
Mysql user-camp-march-11th-2016Mysql user-camp-march-11th-2016
Mysql user-camp-march-11th-2016Harin Vadodaria
 
MySQL Enterprise Edition - Complete Guide (2019)
MySQL Enterprise Edition - Complete Guide (2019)MySQL Enterprise Edition - Complete Guide (2019)
MySQL Enterprise Edition - Complete Guide (2019)Keith Hollman
 
2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL ServerGeorgi Kodinov
 
DevTalks.ro 2019 What's New in MySQL 8.0 Security
DevTalks.ro 2019 What's New in MySQL 8.0 SecurityDevTalks.ro 2019 What's New in MySQL 8.0 Security
DevTalks.ro 2019 What's New in MySQL 8.0 SecurityGeorgi Kodinov
 
Securing data in Oracle Database 12c - 2015
Securing data in Oracle Database 12c - 2015Securing data in Oracle Database 12c - 2015
Securing data in Oracle Database 12c - 2015Connor McDonald
 
Using MySQL Enterprise Monitor for Continuous Performance Improvement
Using MySQL Enterprise Monitor for Continuous Performance ImprovementUsing MySQL Enterprise Monitor for Continuous Performance Improvement
Using MySQL Enterprise Monitor for Continuous Performance ImprovementMark Matthews
 
Oracle Enterprise Manager for MySQL
Oracle Enterprise Manager for MySQLOracle Enterprise Manager for MySQL
Oracle Enterprise Manager for MySQLMario Beck
 
Oracle Enterprise Manager Security: A Practitioners Guide
Oracle Enterprise Manager Security: A Practitioners GuideOracle Enterprise Manager Security: A Practitioners Guide
Oracle Enterprise Manager Security: A Practitioners GuideCourtney Llamas
 
Kscope Not Your Father's Enterprise Manager
Kscope Not Your Father's Enterprise ManagerKscope Not Your Father's Enterprise Manager
Kscope Not Your Father's Enterprise ManagerKellyn Pot'Vin-Gorman
 
MySQL enterprise edition
MySQL enterprise edition MySQL enterprise edition
MySQL enterprise edition Mark Swarbrick
 
Top Azure security fails and how to avoid them
Top Azure security fails and how to avoid themTop Azure security fails and how to avoid them
Top Azure security fails and how to avoid themKarl Ots
 
Enabling digital transformation with MySQL
Enabling digital transformation with MySQLEnabling digital transformation with MySQL
Enabling digital transformation with MySQLMySQL Brasil
 

Similar to MySQL Security (20)

Modern Data Security with MySQL
Modern Data Security with MySQLModern Data Security with MySQL
Modern Data Security with MySQL
 
AV/DF Advanced Security Option
AV/DF Advanced Security OptionAV/DF Advanced Security Option
AV/DF Advanced Security Option
 
MySQL Security & GDPR
MySQL Security & GDPRMySQL Security & GDPR
MySQL Security & GDPR
 
Oracle Identity & Access Management
Oracle Identity & Access ManagementOracle Identity & Access Management
Oracle Identity & Access Management
 
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom KyteOracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
 
Oracle Enterprise Manager Security A Practitioners Guide
Oracle Enterprise Manager Security A Practitioners GuideOracle Enterprise Manager Security A Practitioners Guide
Oracle Enterprise Manager Security A Practitioners Guide
 
Oracle Identity Governance Technical Overview - 11gR2PS3
Oracle Identity Governance Technical Overview - 11gR2PS3Oracle Identity Governance Technical Overview - 11gR2PS3
Oracle Identity Governance Technical Overview - 11gR2PS3
 
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirementsMySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
 
Mysql user-camp-march-11th-2016
Mysql user-camp-march-11th-2016Mysql user-camp-march-11th-2016
Mysql user-camp-march-11th-2016
 
MySQL Enterprise Edition - Complete Guide (2019)
MySQL Enterprise Edition - Complete Guide (2019)MySQL Enterprise Edition - Complete Guide (2019)
MySQL Enterprise Edition - Complete Guide (2019)
 
2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server
 
DevTalks.ro 2019 What's New in MySQL 8.0 Security
DevTalks.ro 2019 What's New in MySQL 8.0 SecurityDevTalks.ro 2019 What's New in MySQL 8.0 Security
DevTalks.ro 2019 What's New in MySQL 8.0 Security
 
Securing data in Oracle Database 12c - 2015
Securing data in Oracle Database 12c - 2015Securing data in Oracle Database 12c - 2015
Securing data in Oracle Database 12c - 2015
 
Using MySQL Enterprise Monitor for Continuous Performance Improvement
Using MySQL Enterprise Monitor for Continuous Performance ImprovementUsing MySQL Enterprise Monitor for Continuous Performance Improvement
Using MySQL Enterprise Monitor for Continuous Performance Improvement
 
Oracle Enterprise Manager for MySQL
Oracle Enterprise Manager for MySQLOracle Enterprise Manager for MySQL
Oracle Enterprise Manager for MySQL
 
Oracle Enterprise Manager Security: A Practitioners Guide
Oracle Enterprise Manager Security: A Practitioners GuideOracle Enterprise Manager Security: A Practitioners Guide
Oracle Enterprise Manager Security: A Practitioners Guide
 
Kscope Not Your Father's Enterprise Manager
Kscope Not Your Father's Enterprise ManagerKscope Not Your Father's Enterprise Manager
Kscope Not Your Father's Enterprise Manager
 
MySQL enterprise edition
MySQL enterprise edition MySQL enterprise edition
MySQL enterprise edition
 
Top Azure security fails and how to avoid them
Top Azure security fails and how to avoid themTop Azure security fails and how to avoid them
Top Azure security fails and how to avoid them
 
Enabling digital transformation with MySQL
Enabling digital transformation with MySQLEnabling digital transformation with MySQL
Enabling digital transformation with MySQL
 

More from Mario Beck

MySQL Cloud Service
MySQL Cloud ServiceMySQL Cloud Service
MySQL Cloud ServiceMario Beck
 
MySQL InnoDB Cluster and NDB Cluster
MySQL InnoDB Cluster and NDB ClusterMySQL InnoDB Cluster and NDB Cluster
MySQL InnoDB Cluster and NDB ClusterMario Beck
 
MySQL Enterprise Backup
MySQL Enterprise BackupMySQL Enterprise Backup
MySQL Enterprise BackupMario Beck
 
MySQL 5.7: Focus on InnoDB
MySQL 5.7: Focus on InnoDBMySQL 5.7: Focus on InnoDB
MySQL 5.7: Focus on InnoDBMario Beck
 
MySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench IntegrationMySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench IntegrationMario Beck
 

More from Mario Beck (6)

MySQL Cloud Service
MySQL Cloud ServiceMySQL Cloud Service
MySQL Cloud Service
 
MySQL InnoDB Cluster and NDB Cluster
MySQL InnoDB Cluster and NDB ClusterMySQL InnoDB Cluster and NDB Cluster
MySQL InnoDB Cluster and NDB Cluster
 
MySQL Enterprise Backup
MySQL Enterprise BackupMySQL Enterprise Backup
MySQL Enterprise Backup
 
MySQL 5.7: Focus on InnoDB
MySQL 5.7: Focus on InnoDBMySQL 5.7: Focus on InnoDB
MySQL 5.7: Focus on InnoDB
 
MySQL Cluster
MySQL ClusterMySQL Cluster
MySQL Cluster
 
MySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench IntegrationMySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench Integration
 

Recently uploaded

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 

Recently uploaded (20)

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 

MySQL Security

  • 1. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Security Mario Beck EMEA Presales Manager MySQL Mario.beck@oracle.com
  • 2. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 43% of companies have experienced a data breach in the past year. Source: Ponemon Institute, 2014 Oracle Confidential – Internal/Restricted/Highly Restricted 2
  • 3. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Mega Breaches 552 Million identities exposed in 2013. 493% increase over previous year 77% Web sites with vulnerabilities. 1-in-8 of all websites had a critical vulnerability. 8 Breaches that exposed more than 10 million records in 2013. Total Breaches increased 62% in 2013 Oracle Confidential – Internal/Restricted/Highly Restricted 3 Source: Internet Security Threat Report 2014, Symantec
  • 4. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | • Poor Configurations – Set controls and change default setting • Over Privileged Accounts – Privilege Policies • Weak Access Control – Dedicated Administrative Accounts • Weak Authentication – Strong Password Enforcement • Weak Auditing – Compliance & Audit Policies • Lack of Encryption – Data, Back, & Network Encryption • Proper Credential or Key Management – Use mysql_config_editor , Key Vaults • Unsecured Backups – Encrypted Backups • No Monitoring – Security Monitoring, Users, Objects • Poorly Coded Applications – Database Firewall 4 Database Vulnerabilities
  • 5. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Regulatory Compliance • Regulations – PCI – DSS: Payment Card Data – HIPAA: Privacy of Health Data – Sarbanes Oxley: Accuracy of Financial Data – EU Data Protection Directive: Protection of Personal Data – Data Protection Act (UK): Protection of Personal Data • Requirements – Continuous Monitoring (Users, Schema, Backups, etc) – Data Protection (Encryption, Privilege Management, etc.) – Data Retention (Backups, User Activity, etc.) – Data Auditing (User activity, etc.) 5
  • 6. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | HIPPA • Access Controls – Access only to those persons or software programs that have been granted access rights – Unique User Identification, Emergency Access Procedure, Automatic Logoff, Encryption and Decryption • Authentication – Verify that a person or entity seeking electronic health information is the one claimed • Integrity – Protect electronic protected health information from improper alteration or destruction • Transmission Security – Guard against unauthorized access that is being transmitted over a network • Encryption – Encrypt electronic protected health information • Audit Control – Record and examine activity that contain or use electronic protected health information 7
  • 7. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | DBA Responsibilities • Ensure only users who should get access, can get access • Limit what users and applications can do • Limit from where users and applications can access data • Watch what is happening, and when it happened • Make sure to back things up securely • Minimize attack surface
  • 8. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Block Threats Auditing Regulatory Compliance Login and Query Activities SSL/TLS Public Key Private Key Digital Signatures Privilege Management Administration Database & Objects Proxy Users MySQL Linux / LDAP Windows AD Custom Oracle Confidential – Internal 9 MySQL Security Overview AuthorizationAuthentication Firewall & Auditing Encryption Security
  • 9. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Authentication • Built in Authentication – user table stores users and encrypted passwords • X.509 – Server authenticates client certificates • MySQL Native, SHA 256 Password plugin – Native uses SHA1 or plugin with SHA-256 hashing and per user salting for user account passwords. • MySQL Enterprise Authentication – Microsoft Active Directory – Linux PAMs (Pluggable Authentication Modules) • Support LDAP and more • Custom Authentication 10
  • 10. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Password Policies • Accounts without Passwords – Assign passwords to all accounts to prevent unauthorized use • Password Validation Plugin – Enforce Strong Passwords • Password Expiration/Rotation – Require users to reset their password • Account lockout (in v. 5.7) 11
  • 11. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Authentication 12 • Integrate with Centralized Authentication Infrastructure – Centralized Account Management – Password Policy Management – Groups & Roles • PAM (Pluggable Authentication Modules) – Standard interface (Unix, LDAP, Kerberos, others) – Windows • Access native Windows service - Use to Authenticate users using Windows Active Directory or to a native host Integrates MySQL with existing security infrastructures
  • 12. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Encryption • SSL/TLS Encryption – Between MySQL clients and Server – Replication: Between Master & Slave • Data Encryption – AES Encrypt/Decrypt 13 • MySQL Enterprise Encryption – Asymmetric Encrypt/Decrypt – Generate Public Key and Private Keys – Derive Session Keys – Digital Signatures • MySQL Enterprise Backup – AES Encrypt/Decrypt
  • 13. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Encryption • MySQL encryption functions – Symmetric encryption AES256 (All Editions) – Public-key / asymmetric cryptography – RSA • Key management functions – Generate public and private keys – Key exchange methods: DH • Sign and verify data functions – Cryptographic hashing for digital signing, verification, & validation – RSA,DSA 14
  • 14. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 15 High Level – Transparent Data Encryption MySQL Database Encrypted Tablespace Files Protected Key Hacker / Dishonest OS User Accesses Files Directly Information Access Blocked By Encryption New in MySQL 5.7.11!
  • 15. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Introduction to using MySQL Transparent Data Encryption SQL • New option in CREATE TABLE ENCRYPTION=“Y” • New SQL : ALTER INSTANCE ROTATE INNODB MASTER KEY Plugin Infrastructure • New plugin type : keyring • Ability to load plugin before InnoDB initialization : --early-plugin-load Keyring plugin • Used to retrieve keys InnoDB • Support for encrypted tables • IMPORT/EXPORT of encrypted tables • Support for master key rotation Confidential – Oracle Internal/Restricted/Highly Restricted 16
  • 16. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Backup • Online Backup for InnoDB (scriptable interface) • Full, Incremental, Partial Backups (with compression) • Strong Encryption (AES 256) • Point in Time, Full, Partial Recovery options • Metadata on status, progress, history • Scales – High Performance/Unlimited Database Size • Windows, Linux, Unix • Certified with Oracle Secure Backup, NetBackup, Tivoli, others 17
  • 17. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Database Auditing • Auditing for Security & Compliance –FIPS, HIPAA, PCI-DSS, SOX, DISA STIG, … • MySQL built-in logging infrastructure: –general log, error log • MySQL Enterprise Audit –Granularity made for auditing –Can be modified live –Contains additional details –Compatible with Oracle Audit Vault.
  • 18. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Audit • Out-of-the-box logging of connections, logins, and query • User defined policies for filtering, and log rotation • Dynamically enabled, disabled: no server restart • XML-based audit stream per Oracle Audit Vault spec 19 Adds regulatory compliance to MySQL applications (HIPAA, Sarbanes-Oxley, PCI, etc.)
  • 19. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Firewall • Real Time Protection – Queries analyzed and matched against White List • Blocks SQL Injection Attacks – Positive Security Model • Block Suspicious Traffic – Out of Policy Transactions detected & blocked • Learns White List – Automated creation of approved list of SQL command patterns on a per user basis • Transparent – No changes to application required 20 MySQL Enterprise Firewall monitoring
  • 20. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Firewall • SQL Injection Protection with Positive Security Model 21 • Out of policy database transactions detected and blocked • Logging & Analysis Select * from employee where id=22 Select * from employee where id=22 or 1=1 Block & Log✖ Allow✔ White ListApplications
  • 21. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Firewall Overview 22 Inbound SQL traffic Firewall Web Applications Internet In Whitelist ALLOW MySQL Instance SQL Injection Attack Via Brower Blocks SQL Attacks Allows Normal SQL Results Table Table Table Not In Whitelist BLOCK
  • 22. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Firewall Details • Firewall operation is turned on at a per user level • Per User States are – RECORDING CALL mysql.sp_set_firewall_mode(´user@localhost´, ´RECORDING´); – PROTECTING CALL mysql.sp_set_firewall_mode(´user@localhost´, ´PROTECTING´); – OFF CALL mysql.sp_set_firewall_mode(´user@localhost´, ´OFF´); – DETECTING CALL mysql.sp_set_firewall_mode(´user@localhost´, ´DETECTING´); 23
  • 23. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 24 Per User Firewall White Lists
  • 24. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | What happens when SQL is blocked? • The client application gets an ERROR mysql> SELECT first_name, last_name FROM customer WHERE customer_id = 1 OR TRUE; ERROR 1045 (28000): Statement was blocked by Firewall mysql> SHOW DATABASES; ERROR 1045 (28000): Statement was blocked by Firewall mysql> TRUNCATE TABLE mysql.user; ERROR 1045 (28000): Statement was blocked by Firewall • Reported to the Error Log • Increment Counter 25
  • 25. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Monitoring the Firewall Firewall Status Counters mysql> SHOW STATUS LIKE 'Firewall%'; +-------------------------+-------+ | Variable_name | Value | +-------------------------+-------+ | Firewall_access_denied | 32 | | Firewall_access_granted | 138 | | Firewall_cached_entries | 39 | +-------------------------+-------+ 3 rows in set (0,00 sec) 26
  • 26. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | What’s the whitelist look like? • mysql> SELECT userhost, substr(rule,1,80) FROM mysql.firewall_whitelist WHERE userhost= 'wpuser@localhost'; +------------------+----------------------------------------------------------------------------------+ | userhost | substr(rule,1,80) | +------------------+----------------------------------------------------------------------------------+ | wpuser@localhost | SELECT * FROM `wp_posts` WHERE `ID` = ? LIMIT ? | | wpuser@localhost | SELECT `option_value` FROM `wp_options` WHERE `option_name` = ? LIMIT ? | | wpuser@localhost | SELECT `wp_posts` . * FROM `wp_posts` WHERE ? = ? AND `wp_posts` . `ID` = ? AND | ... | wpuser@localhost | UPDATE `wp_posts` SET `comment_count` = ? WHERE `ID` = ? | | wpuser@localhost | SELECT `t` . * , `tt` . * FROM `wp_terms` AS `t` INNER JOIN `wp_term_taxonomy` A | | wpuser@localhost | SELECT `t` . * , `tt` . * FROM `wp_terms` AS `t` INNER JOIN `wp_term_taxonomy` A | +------------------+----------------------------------------------------------------------------------+ 27
  • 27. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Firewall Documentation • http://dev.mysql.com/doc/refman/5.6/en/firewall.html • http://mysqlserverteam.com/new-mysql-enterprise-firewall-prevent-sql- injection-attacks/ 28
  • 28. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Block Threats Auditing Regulatory Compliance Login and Query Activities SSL/TLS Public Key Private Key Digital Signatures Privilege Management Administration Database & Objects Proxy Users MySQL Linux / LDAP Windows AD Custom Oracle Confidential – Internal 29 MySQL Security Overview AuthorizationAuthentication Firewall & Auditing Encryption Security
  • 29. Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Thank You