Soumettre la recherche
Mettre en ligne
2014 OpenSuse Conf: Protect your MySQL Server
•
Télécharger en tant que PPTX, PDF
•
0 j'aime
•
934 vues
Georgi Kodinov
Suivre
Dos and Don'ts of secure MySQL deployment
Lire moins
Lire la suite
Logiciels
Technologie
Signaler
Partager
Signaler
Partager
1 sur 31
Télécharger maintenant
Recommandé
Mastering VMware Datacenter - 15 Modules
Mastering VMware Datacenter - 15 Modules
M.M.Rahman Munna, Linux, VMware and Mail Server Expert
Linux system administration - part-2
Linux system administration - part-2
M.M.Rahman Munna, Linux, VMware and Mail Server Expert
MySQL Tech Tour 2015 - Manage & Tune
MySQL Tech Tour 2015 - Manage & Tune
Mark Swarbrick
2016 oSC MySQL Firewall
2016 oSC MySQL Firewall
Georgi Kodinov
MySQL Tech Tour 2015 - 5.7 Security
MySQL Tech Tour 2015 - 5.7 Security
Mark Swarbrick
Mastering VMware Datacenter Part-1
Mastering VMware Datacenter Part-1
M.M.Rahman Munna, Linux, VMware and Mail Server Expert
MySQL Enterprise Monitor
MySQL Enterprise Monitor
Mario Beck
Best Practices with IPS on Oracle Solaris 11
Best Practices with IPS on Oracle Solaris 11
glynnfoster
Recommandé
Mastering VMware Datacenter - 15 Modules
Mastering VMware Datacenter - 15 Modules
M.M.Rahman Munna, Linux, VMware and Mail Server Expert
Linux system administration - part-2
Linux system administration - part-2
M.M.Rahman Munna, Linux, VMware and Mail Server Expert
MySQL Tech Tour 2015 - Manage & Tune
MySQL Tech Tour 2015 - Manage & Tune
Mark Swarbrick
2016 oSC MySQL Firewall
2016 oSC MySQL Firewall
Georgi Kodinov
MySQL Tech Tour 2015 - 5.7 Security
MySQL Tech Tour 2015 - 5.7 Security
Mark Swarbrick
Mastering VMware Datacenter Part-1
Mastering VMware Datacenter Part-1
M.M.Rahman Munna, Linux, VMware and Mail Server Expert
MySQL Enterprise Monitor
MySQL Enterprise Monitor
Mario Beck
Best Practices with IPS on Oracle Solaris 11
Best Practices with IPS on Oracle Solaris 11
glynnfoster
Web Server Hardening
Web Server Hardening
n|u - The Open Security Community
Oracle Solaris 11.1 New Features
Oracle Solaris 11.1 New Features
Orgad Kimchi
MySQL sys schema deep dive
MySQL sys schema deep dive
Mark Leith
VMWare Lab For Training, Testing or Proof of Concept
VMWare Lab For Training, Testing or Proof of Concept
Virtual Infrastructure Administrator
Discoverer 11.1.1.7 web logic (10.3.6) & ebs r12 12.1.3) implementation guide...
Discoverer 11.1.1.7 web logic (10.3.6) & ebs r12 12.1.3) implementation guide...
ginniapps
UCS Automation through the use of API's and UCS PowerTool
UCS Automation through the use of API's and UCS PowerTool
Cisco Canada
Presentation deploying oracle database 11g securely on oracle solaris
Presentation deploying oracle database 11g securely on oracle solaris
xKinAnx
Oracle Solaris 11 platform for ECI Telecom private cloud infrastructure
Oracle Solaris 11 platform for ECI Telecom private cloud infrastructure
Orgad Kimchi
MySQL sys schema deep dive
MySQL sys schema deep dive
Mark Leith
The MySQL SYS Schema
The MySQL SYS Schema
Mark Leith
MySQL Replication Performance in the Cloud
MySQL Replication Performance in the Cloud
Vitor Oliveira
Dr3150012012202 1.getting started
Dr3150012012202 1.getting started
Namgu Jeong
Oracle Fusion Middleware Infrastructure Best Practices
Oracle Fusion Middleware Infrastructure Best Practices
Revelation Technologies
MySQL Webinar Series 3/4 - MySQl Monitoring With Enterprise Monitor + Query A...
MySQL Webinar Series 3/4 - MySQl Monitoring With Enterprise Monitor + Query A...
Mark Swarbrick
Oracle Failover Database Cluster with Grid Infrastructure 12c
Oracle Failover Database Cluster with Grid Infrastructure 12c
Trivadis
Cisco ASA Firewalls
Cisco ASA Firewalls
Bryley Systems Inc.
Introduction to MySQL
Introduction to MySQL
Ted Wennmark
MySQL Security
MySQL Security
Ted Wennmark
Performance schema and sys schema
Performance schema and sys schema
Mark Leith
New Not Your Father's Enterprise Manager
New Not Your Father's Enterprise Manager
Kellyn Pot'Vin-Gorman
Mysql user-camp-march-11th-2016
Mysql user-camp-march-11th-2016
Harin Vadodaria
MySQL for Oracle DBAs
MySQL for Oracle DBAs
Mario Beck
Contenu connexe
Tendances
Web Server Hardening
Web Server Hardening
n|u - The Open Security Community
Oracle Solaris 11.1 New Features
Oracle Solaris 11.1 New Features
Orgad Kimchi
MySQL sys schema deep dive
MySQL sys schema deep dive
Mark Leith
VMWare Lab For Training, Testing or Proof of Concept
VMWare Lab For Training, Testing or Proof of Concept
Virtual Infrastructure Administrator
Discoverer 11.1.1.7 web logic (10.3.6) & ebs r12 12.1.3) implementation guide...
Discoverer 11.1.1.7 web logic (10.3.6) & ebs r12 12.1.3) implementation guide...
ginniapps
UCS Automation through the use of API's and UCS PowerTool
UCS Automation through the use of API's and UCS PowerTool
Cisco Canada
Presentation deploying oracle database 11g securely on oracle solaris
Presentation deploying oracle database 11g securely on oracle solaris
xKinAnx
Oracle Solaris 11 platform for ECI Telecom private cloud infrastructure
Oracle Solaris 11 platform for ECI Telecom private cloud infrastructure
Orgad Kimchi
MySQL sys schema deep dive
MySQL sys schema deep dive
Mark Leith
The MySQL SYS Schema
The MySQL SYS Schema
Mark Leith
MySQL Replication Performance in the Cloud
MySQL Replication Performance in the Cloud
Vitor Oliveira
Dr3150012012202 1.getting started
Dr3150012012202 1.getting started
Namgu Jeong
Oracle Fusion Middleware Infrastructure Best Practices
Oracle Fusion Middleware Infrastructure Best Practices
Revelation Technologies
MySQL Webinar Series 3/4 - MySQl Monitoring With Enterprise Monitor + Query A...
MySQL Webinar Series 3/4 - MySQl Monitoring With Enterprise Monitor + Query A...
Mark Swarbrick
Oracle Failover Database Cluster with Grid Infrastructure 12c
Oracle Failover Database Cluster with Grid Infrastructure 12c
Trivadis
Cisco ASA Firewalls
Cisco ASA Firewalls
Bryley Systems Inc.
Introduction to MySQL
Introduction to MySQL
Ted Wennmark
MySQL Security
MySQL Security
Ted Wennmark
Performance schema and sys schema
Performance schema and sys schema
Mark Leith
New Not Your Father's Enterprise Manager
New Not Your Father's Enterprise Manager
Kellyn Pot'Vin-Gorman
Tendances
(20)
Web Server Hardening
Web Server Hardening
Oracle Solaris 11.1 New Features
Oracle Solaris 11.1 New Features
MySQL sys schema deep dive
MySQL sys schema deep dive
VMWare Lab For Training, Testing or Proof of Concept
VMWare Lab For Training, Testing or Proof of Concept
Discoverer 11.1.1.7 web logic (10.3.6) & ebs r12 12.1.3) implementation guide...
Discoverer 11.1.1.7 web logic (10.3.6) & ebs r12 12.1.3) implementation guide...
UCS Automation through the use of API's and UCS PowerTool
UCS Automation through the use of API's and UCS PowerTool
Presentation deploying oracle database 11g securely on oracle solaris
Presentation deploying oracle database 11g securely on oracle solaris
Oracle Solaris 11 platform for ECI Telecom private cloud infrastructure
Oracle Solaris 11 platform for ECI Telecom private cloud infrastructure
MySQL sys schema deep dive
MySQL sys schema deep dive
The MySQL SYS Schema
The MySQL SYS Schema
MySQL Replication Performance in the Cloud
MySQL Replication Performance in the Cloud
Dr3150012012202 1.getting started
Dr3150012012202 1.getting started
Oracle Fusion Middleware Infrastructure Best Practices
Oracle Fusion Middleware Infrastructure Best Practices
MySQL Webinar Series 3/4 - MySQl Monitoring With Enterprise Monitor + Query A...
MySQL Webinar Series 3/4 - MySQl Monitoring With Enterprise Monitor + Query A...
Oracle Failover Database Cluster with Grid Infrastructure 12c
Oracle Failover Database Cluster with Grid Infrastructure 12c
Cisco ASA Firewalls
Cisco ASA Firewalls
Introduction to MySQL
Introduction to MySQL
MySQL Security
MySQL Security
Performance schema and sys schema
Performance schema and sys schema
New Not Your Father's Enterprise Manager
New Not Your Father's Enterprise Manager
Similaire à 2014 OpenSuse Conf: Protect your MySQL Server
Mysql user-camp-march-11th-2016
Mysql user-camp-march-11th-2016
Harin Vadodaria
MySQL for Oracle DBAs
MySQL for Oracle DBAs
Mario Beck
MySQL Community and Commercial Edition
MySQL Community and Commercial Edition
Mario Beck
Modern Data Security with MySQL
Modern Data Security with MySQL
Vittorio Cioe
MySQL for Oracle DBAs
MySQL for Oracle DBAs
Ben Krug
MySQL Fabric Tutorial, October 2014
MySQL Fabric Tutorial, October 2014
Lars Thalmann
Zero to Manageability in 60 Minutes: Building a Solid Foundation for Oracle E...
Zero to Manageability in 60 Minutes: Building a Solid Foundation for Oracle E...
Courtney Llamas
Netherlands Tech Tour - 06 MySQL Enterprise Monitor
Netherlands Tech Tour - 06 MySQL Enterprise Monitor
Mark Swarbrick
MySQL The State of the Dolphin - jun15
MySQL The State of the Dolphin - jun15
MySQL Brasil
Oracle Enterprise Manager for MySQL
Oracle Enterprise Manager for MySQL
Mario Beck
Oracle EM12c Release 4 New Features!
Oracle EM12c Release 4 New Features!
Kellyn Pot'Vin-Gorman
1 my sql20151219-kaji_ivan
1 my sql20151219-kaji_ivan
Ivan Tu
Kscope Not Your Father's Enterprise Manager
Kscope Not Your Father's Enterprise Manager
Kellyn Pot'Vin-Gorman
MySQL Quick Dive
MySQL Quick Dive
Sudipta Kumar Sahoo
Basic MySQL Troubleshooting for Oracle DBAs
Basic MySQL Troubleshooting for Oracle DBAs
Sveta Smirnova
Marcin Szałowicz - MySQL Workbench
Marcin Szałowicz - MySQL Workbench
Women in Technology Poland
MySQL enterprise edition
MySQL enterprise edition
Mark Swarbrick
MySQL Web Reference Architecture
MySQL Web Reference Architecture
Ricky Setyawan
MySQL 5.7: Performance Schema Improvements
MySQL 5.7: Performance Schema Improvements
Mark Leith
Mysql repos testing.odp
Mysql repos testing.odp
Ramana Yeruva
Similaire à 2014 OpenSuse Conf: Protect your MySQL Server
(20)
Mysql user-camp-march-11th-2016
Mysql user-camp-march-11th-2016
MySQL for Oracle DBAs
MySQL for Oracle DBAs
MySQL Community and Commercial Edition
MySQL Community and Commercial Edition
Modern Data Security with MySQL
Modern Data Security with MySQL
MySQL for Oracle DBAs
MySQL for Oracle DBAs
MySQL Fabric Tutorial, October 2014
MySQL Fabric Tutorial, October 2014
Zero to Manageability in 60 Minutes: Building a Solid Foundation for Oracle E...
Zero to Manageability in 60 Minutes: Building a Solid Foundation for Oracle E...
Netherlands Tech Tour - 06 MySQL Enterprise Monitor
Netherlands Tech Tour - 06 MySQL Enterprise Monitor
MySQL The State of the Dolphin - jun15
MySQL The State of the Dolphin - jun15
Oracle Enterprise Manager for MySQL
Oracle Enterprise Manager for MySQL
Oracle EM12c Release 4 New Features!
Oracle EM12c Release 4 New Features!
1 my sql20151219-kaji_ivan
1 my sql20151219-kaji_ivan
Kscope Not Your Father's Enterprise Manager
Kscope Not Your Father's Enterprise Manager
MySQL Quick Dive
MySQL Quick Dive
Basic MySQL Troubleshooting for Oracle DBAs
Basic MySQL Troubleshooting for Oracle DBAs
Marcin Szałowicz - MySQL Workbench
Marcin Szałowicz - MySQL Workbench
MySQL enterprise edition
MySQL enterprise edition
MySQL Web Reference Architecture
MySQL Web Reference Architecture
MySQL 5.7: Performance Schema Improvements
MySQL 5.7: Performance Schema Improvements
Mysql repos testing.odp
Mysql repos testing.odp
Plus de Georgi Kodinov
2023 TurnovoConf MySQL Authentication.pptx
2023 TurnovoConf MySQL Authentication.pptx
Georgi Kodinov
2022 TurnovoConf MySQL за начинаещи.pptx
2022 TurnovoConf MySQL за начинаещи.pptx
Georgi Kodinov
OpenSUSE Conf 2020 MySQL Clone
OpenSUSE Conf 2020 MySQL Clone
Georgi Kodinov
2020 pre fosdem mysql clone
2020 pre fosdem mysql clone
Georgi Kodinov
2019 BGOUG Autumn MySQL Clone
2019 BGOUG Autumn MySQL Clone
Georgi Kodinov
2019 indit blackhat_honeypot your database server
2019 indit blackhat_honeypot your database server
Georgi Kodinov
PLe19 How To Instrument Your Code in performance_schema
PLe19 How To Instrument Your Code in performance_schema
Georgi Kodinov
DevTalks.ro 2019 What's New in MySQL 8.0 Security
DevTalks.ro 2019 What's New in MySQL 8.0 Security
Georgi Kodinov
DevTalks.ro 2019 MySQL Data Masking Talk
DevTalks.ro 2019 MySQL Data Masking Talk
Georgi Kodinov
FOSDEM19 MySQL Component Infrastructure
FOSDEM19 MySQL Component Infrastructure
Georgi Kodinov
MySQL Enterprise Data Masking
MySQL Enterprise Data Masking
Georgi Kodinov
Percona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 Security
Georgi Kodinov
How to add stuff to MySQL
How to add stuff to MySQL
Georgi Kodinov
Pl18 saving bandwidth
Pl18 saving bandwidth
Georgi Kodinov
BGOUG17: Cloudy with a chance of MySQL
BGOUG17: Cloudy with a chance of MySQL
Georgi Kodinov
Pl17: MySQL 8.0: security
Pl17: MySQL 8.0: security
Georgi Kodinov
Fosdem17 honeypot your database server
Fosdem17 honeypot your database server
Georgi Kodinov
OUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source Code
Georgi Kodinov
OUGLS 2016: How profiling works in MySQL
OUGLS 2016: How profiling works in MySQL
Georgi Kodinov
Openfest15 MySQL Plugin Development
Openfest15 MySQL Plugin Development
Georgi Kodinov
Plus de Georgi Kodinov
(20)
2023 TurnovoConf MySQL Authentication.pptx
2023 TurnovoConf MySQL Authentication.pptx
2022 TurnovoConf MySQL за начинаещи.pptx
2022 TurnovoConf MySQL за начинаещи.pptx
OpenSUSE Conf 2020 MySQL Clone
OpenSUSE Conf 2020 MySQL Clone
2020 pre fosdem mysql clone
2020 pre fosdem mysql clone
2019 BGOUG Autumn MySQL Clone
2019 BGOUG Autumn MySQL Clone
2019 indit blackhat_honeypot your database server
2019 indit blackhat_honeypot your database server
PLe19 How To Instrument Your Code in performance_schema
PLe19 How To Instrument Your Code in performance_schema
DevTalks.ro 2019 What's New in MySQL 8.0 Security
DevTalks.ro 2019 What's New in MySQL 8.0 Security
DevTalks.ro 2019 MySQL Data Masking Talk
DevTalks.ro 2019 MySQL Data Masking Talk
FOSDEM19 MySQL Component Infrastructure
FOSDEM19 MySQL Component Infrastructure
MySQL Enterprise Data Masking
MySQL Enterprise Data Masking
Percona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 Security
How to add stuff to MySQL
How to add stuff to MySQL
Pl18 saving bandwidth
Pl18 saving bandwidth
BGOUG17: Cloudy with a chance of MySQL
BGOUG17: Cloudy with a chance of MySQL
Pl17: MySQL 8.0: security
Pl17: MySQL 8.0: security
Fosdem17 honeypot your database server
Fosdem17 honeypot your database server
OUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: How profiling works in MySQL
OUGLS 2016: How profiling works in MySQL
Openfest15 MySQL Plugin Development
Openfest15 MySQL Plugin Development
Dernier
Lecture # 8 software design and architecture (SDA).ppt
Lecture # 8 software design and architecture (SDA).ppt
esrabilgic2
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
team-WIBU
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
qr0udbr0
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
OnePlan Solutions
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their Engineering
Hironori Washizaki
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
Alina Yurenko
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data Streams
Safe Software
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
Łukasz Chruściel
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and Repair
Lionel Briand
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Development
vyaparkranti
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Drew Moseley
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
jennyeacort
Advantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your Business
Envertis Software Solutions
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Matt Ray
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecture
rahul_net
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
preethippts
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
OnePlan Solutions
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
BrainSell Technologies
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Rob Geurden
Cyber security and its impact on E commerce
Cyber security and its impact on E commerce
manigoyal112
Dernier
(20)
Lecture # 8 software design and architecture (SDA).ppt
Lecture # 8 software design and architecture (SDA).ppt
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their Engineering
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data Streams
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and Repair
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Development
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Advantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your Business
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecture
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Cyber security and its impact on E commerce
Cyber security and its impact on E commerce
2014 OpenSuse Conf: Protect your MySQL Server
1.
Protect Your Server Dos
and Don’ts of secure MySQL Deployment.
2.
Copyright © 2014,
Oracle and/or its affiliates. All rights reserved.2 The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
3.
Copyright © 2014,
Oracle and/or its affiliates. All rights reserved.3 Agenda The post-install situation How to harden it ? More security Security related changes in MySQL 5.7
4.
Copyright © 2014,
Oracle and/or its affiliates. All rights reserved.4 • Former banking IT Manager • Veteran software developer • Leading the MySQL Server General development team • Been with MySQL since 2006 • Regular MySQL conference speaker About Me
5.
Copyright © 2014,
Oracle and/or its affiliates. All rights reserved.5 The Post-Install Situation : MySQL Server security in OpenSuse 13.1
6.
Copyright © 2014,
Oracle and/or its affiliates. All rights reserved.6 The Good News
7.
Copyright © 2014,
Oracle and/or its affiliates. All rights reserved.7 MySQL 5.6.12 The Good News Only 5 MRUs away from dev.mysql.com/downloads ! – New authentication method sha256_password – Manual password expiration : ALTER USER EXPIRE – Password strength verification plugin and API – Login paths – Support SSL CRLs and key files with pass phrases – Use SSL library’s random generator – Obfuscate passwords in logs
8.
Copyright © 2014,
Oracle and/or its affiliates. All rights reserved.8 Installation Layout MySQL server service not on by default Separate mysql-community-server-test rpm Separate mysql-community-server-tools rpm No pre-packaged database No remote access by default The Good News
9.
Copyright © 2014,
Oracle and/or its affiliates. All rights reserved.9 The Not So Good News
10.
Copyright © 2014,
Oracle and/or its affiliates. All rights reserved.10 MySQL 5.6.12 3 CPUs and 24 CVE reported security bugs away from 5.6.15 (last CVE) More than 500 other bugs away from 5.6.18 (current) Lacks the advanced AES function modes The Not So Good News
11.
Copyright © 2014,
Oracle and/or its affiliates. All rights reserved.11 Installation layout mysql_secure_installation not run – Anybody can connect as root – Anonymous access to the server allowed – No password strength checks – Empty passwords for the default accounts – Anybody gets full access to the test database mysql_config_editor not in mysql-community-server-client The Not So Good News
12.
Copyright © 2014,
Oracle and/or its affiliates. All rights reserved.12 Installation layout. Continued. Federated plugin installed by default Archive plugin actually not needed (error on startup) Some testing only authentication plugins installed by mysql- community-server No SSL certificates. Even self-signed ones secure_file_priv set to NULL – grants SQL read and write access to the full OS file system The Not So Good News
13.
Copyright © 2014,
Oracle and/or its affiliates. All rights reserved.13 Installation layout. The Sequel. sha256_password plugin under-configured: no RSA keys No query logging: neither audit nor query log mysqld listens on all network interfaces The Not So Good News
14.
Copyright © 2014,
Oracle and/or its affiliates. All rights reserved.14 Random (Not So) Funny Story Recognize the pattern ? New Code
15.
Copyright © 2014,
Oracle and/or its affiliates. All rights reserved.15 WHAT YOU GET IS A DEVELOPMENT INSTALLATION !
16.
Copyright © 2014,
Oracle and/or its affiliates. All rights reserved.16 How to Harden Your MySQL installation ?
17.
Copyright © 2014,
Oracle and/or its affiliates. All rights reserved.17 Post Server Installation Run mysql_secure_installation ! Now ! Review and restrict the network interfaces that the server listens on Generate SSL keys and make sure the server can “talk” SSL Enable query logging. Create a log backup policy. Remove extra user accounts and privileges Remove unneeded files and packages Schedule regular backups ! Hardening your MySQL installation
18.
Copyright © 2014,
Oracle and/or its affiliates. All rights reserved.18 Post Application(s) Installation Remove extra user accounts. Restrict the remaining ones Review and maximally restrict the grants Make sure the user accounts authenticate using a reliable method Clean up extra temp files Make sure backups are still on and cover the new objects Remove unneeded files and packages Audit the server configuration for changes. Revert the bogus ones Hardening your MySQL installation
19.
Copyright © 2014,
Oracle and/or its affiliates. All rights reserved.19 Daily MySQL Use Keep your installation up to date Monitor your server logs. Set alerts for “unusual” patterns. Monitor security related stats. Set alerts for “unusual” patterns. Monitor the server configuration. Monitor and verify the backups and their integrity Regularly probe your “defenses” by trying bad things on purpose Perform regular emergency drills Set procedures on maintaining your user account base Hardening your MySQL installation
20.
Copyright © 2014,
Oracle and/or its affiliates. All rights reserved.20 More Security
21.
Copyright © 2014,
Oracle and/or its affiliates. All rights reserved.21 Harden your MySQL Server Instance Consider turning off TCP/IP if your setup allows it Use and enforce SSL if you need TCP/IP – Even self-signed will do. Part of PKI is better Use SSL certificate requirements for users – GRANT … TO …. REQUIRE [CIPHER | ISSUER | SUBJECT] … Be careful with your directories – tmpdir, datadir, secure-file-priv, plugin-dir Additional steps
22.
Copyright © 2014,
Oracle and/or its affiliates. All rights reserved.22 Harden your MySQL Server Instance Monitor and keep the logs – Consider using an auditing plugin – put extra protection on sensitive tables: custom logging triggers etc Consider using external authentication – PAM, LDAP, windows domain Harden your password policy – MySQL has a plugin for that ! Use login paths for your scripts Even more steps
23.
Copyright © 2014,
Oracle and/or its affiliates. All rights reserved.23 Harden your MySQL Server Instance Parameter Recommended Value secure_file_priv Designated directory symbolic_links Boolean NO default-storage-engine InnoDB general-log Boolean ON log-raw Default : OFF skip-networking ON, if you can afford it. ssl options Set to valid values Useful parameters to set
24.
Copyright © 2014,
Oracle and/or its affiliates. All rights reserved.24 Harden your MySQL Server Instance Parameter Recommended Value plugin-dir Designated read-only directory chroot Designated directory, if you can afford it core-file OFF des-key-file File with DES keys read_only ON for slaves ! sha256_password RSA key RSA public private keys if can’t use SSL tmpdir Designated directory out of secure-file-priv Useful parameters to set
25.
Copyright © 2014,
Oracle and/or its affiliates. All rights reserved.25 New Security Features in MySQL 5.7 DMRs
26.
Copyright © 2014,
Oracle and/or its affiliates. All rights reserved.26 Security Features in 5.7 DMRs Audit log plugin works with Audit Vault Login paths and mysql_config_editor --syslog option to mysql Mark mysql_old_password (pre- 4.1 password format) as deprecated 5.7.1: 23 April 2013
27.
Copyright © 2014,
Oracle and/or its affiliates. All rights reserved.27 Security Features in 5.7 DMRs Require explicit authentication plugin for all user accounts Rewrite mysql_secure_installation to C and harden it – Enables password strength validation – Generates random password for root and marks it as expired – Restricts the root user so it can login only from localhost Deprecate ENCODE()/DECODE() --error-log-verbosity control Client side protocol tracing plugins in libmysql 5.7.2: 21 Sep 2013
28.
Copyright © 2014,
Oracle and/or its affiliates. All rights reserved.28 Security Features in 5.7 DMRs Redefine the meaning of the –ssl option – --ssl on the client enforces SSL now – Other –ssl options enable ssl, but not enforce it Proper connection state reset : mysql_reset_connection() 5.7.3: 3 Dec 2013
29.
Copyright © 2014,
Oracle and/or its affiliates. All rights reserved.29 Security Features in 5.7 DMRs RPM packages secure by default – The effect of mysql_secure_installation by default – Separate packages for non-essential tools and utilities Automatic timed password expiration – Per site and per user AES_ENCRYPT()/AES_DECRYPT() now support block modes and larger key sizes Strong crypto random SQL function added: RANDOM_BYTES() 5.7.4: 31 Mar 2014
30.
Copyright © 2014,
Oracle and/or its affiliates. All rights reserved.30 Questions ? Suggestions ?
31.
Copyright © 2014,
Oracle and/or its affiliates. All rights reserved.31
Télécharger maintenant