SlideShare une entreprise Scribd logo

MySQL Day Paris 2016 - MySQL Enterprise Edition

Olivier DASINI
Olivier DASINI

MySQL Enterprise Edition Achieve the Highest Levels of Security ------------ • MySQL Enterprise TDE – Data-at-Rest Encryption – Key Management / Security • MySQL Enterprise Backup – Securing Backups, AES 256 encryption • MySQL Enterprise Encryption – Public/Private Key Cryptography – Asymmetric Encryption – Digital Signatures, Data Validation • MySQL Enterprise Authentication – External Authentication Modules – Microsoft AD, Linux PAMs • MySQL Enterprise Firewall – Block SQL Injection Attacks – Intrusion Detection • MySQL Enterprise Audit – User Activity Auditing, Regulatory Compliance • MySQL Enterprise Monitor – Changes in Database Configurations, Users Permissions, Database Schema, Passwords

Technologie
1  sur  27
Télécharger pour lire hors ligne
MySQL Enterprise Edition Achieve the Highest Levels of Security Olivier Dasini MySQL Principal Solutions Architect olivier.dasini@oracle.com @freshdaz
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Security 3
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Data Breaches 429 Million identities exposed in 2015. 75% Web sites with vulnerabilities. 15% of all websites had a critical vulnerability. 9 In 2015, a record of nine mega- breaches were reported. One worlds largest 191M. (Mega-breach = more than 10 million records.) Mobile Vulnerabilities on the rise – up 214% Infection by SQL Injection still strong. Malware attacks on databases Oracle Confidential – Internal/Restricted/Highly Restricted 4 Source: Internet Security Threat Report 2016, Symantec
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | DBAs are responsible for Database Security • Ensure only users who should get access, can get access • Limit what users and applications can do • Limit from where users and applications can access data • Watch what is happening, and when it happened • Make sure to back things up securely • Minimize attack surface • Ensure encryption keys are protected and managed
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | DBAs must meet Security and Regulatory Compliance • Regulations – PCI – DSS: Payment Card Data – HIPAA: Privacy of Health Data – Sarbanes Oxley: Accuracy of Financial Data – EU Data Protection Directive: Protection of Personal Data ● General Data Protection Regulation (GDPR) ● https://en.wikipedia.org/wiki/General_Data_Protection_Regulation – Data Protection Act (UK): Protection of Personal Data • Requirements – Continuous Monitoring (Users, Schema, Backups, etc) – Data Protection (Encryption, Privilege Management, etc.) – Data Retention (Backups, User Activity, etc.) – Data Auditing (User activity, etc.) 6
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Edition • MySQL Enterprise TDE – Data-at-Rest Encryption – Key Management / Security • MySQL Enterprise Encryption – Public/Private Key Cryptography – Asymmetric Encryption – Digital Signatures, Data Validation • MySQL Enterprise Firewall – Block SQL Injection Attacks – Intrusion Detection • MySQL Enterprise Audit – User Activity Auditing, Regulatory Compliance 7 • MySQL Enterprise Monitor – Changes in Database Configurations, Users Permissions, Database Schema, Passwords • MySQL Enterprise Backup – Securing Backups, AES 256 encryption • MySQL Enterprise Authentication – External Authentication Modules – Microsoft AD, Linux PAMs https://www.youtube.com/watch?v=ypQh9H9Rf9w
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Transparent Data Encryption • Improves Security – Added Layer– enforces access controls – Simple to use and manage • Meets Security and Regulatory Requirements – Fit for cases where encryption is required • Healthcare, FiServ, Government, etc. • Secures and Manages Keys – Supports Standard KMIP 1.2 protocols – Supports Oracle Key Vault and other Key Stores
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Transparent Data Encryption Goals 9 • Data at Rest Encryption – Tablespaces, Disks, Storage, OS File system • Transparent to applications and users – No application code, schema or data type changes • Transparent to DBAs – Keys are hidden from DBAs, no configuration changes • Requires Key Management – Protection, rotation, storage, recovery
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 10 MySQL Transparent Data Encryption Encrypted Tablespace Files Tablespace Key Malicious OS User / Hacker Accesses Files Directly Information Access Blocked By Encryption Master Key
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Audit • Auditing for Security & Compliance – FIPS, HIPAA, PCI-DSS, SOX, DISA STIG, … • MySQL built-in logging infrastructure: – general log, error log • MySQL Enterprise Audit – Granularity made for auditing – Can be modified live – Contains additional details – Compatible with Oracle Audit Vault. https://dev.mysql.com/doc/refman/5.7/en/audit-log.html Adds regulatory compliance to MySQL applications (HIPAA, Sarbanes-Oxley, PCI, etc.) Adds regulatory compliance to MySQL applications (HIPAA, Sarbanes-Oxley, PCI, etc.)
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Audit Work Flow 12
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Firewall • Real Time Protection – Queries analyzed and matched against White List • Blocks SQL Injection Attacks – Positive Security Model • Block Suspicious Traffic – Out of Policy Transactions detected & blocked • Learns White List – Automated creation of approved list of SQL command patterns on a per user basis • Transparent – No changes to application required 13 MySQL Enterprise Firewall monitoring Protection from SQL Injection Attacks - #1 Web Application Vulnerability - 77% of Web Sites had vulnerabilities https://dev.mysql.com/doc/refman/5.7/en/firewall.html
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Firewall: Operating Modes 14 ALLOW In Whitelist Blocks SQL Attacks Allows “Matching” SQL Table Table Table BLOCK NOT In Whitelist BLOCK and ALERT DETECT (IDS) NOT In Whitelist ALLOW and ALERT Table Table Table ALLOW – Execute SQL - SQL Matches Whitelist BLOCK – Block the request - Not in Whitelist DETECT – Execute SQL & Alert - Not in Whitelist 11 22 33 Table Table Table Allows SQL & Alerts
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Backup • Online, non-locking backup and recovery – Complete MySQL instance backup (data and config) – Partial backup and restore • Direct Cloud storage backups (S3, etc.) • Incremental backups • Point-in-time recovery • Advanced compressed and encryption • Backup to tape (SBT) • Backup validation • Optimistic backups • Cross-Platform (Windows, Linux, Unix)
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Monitor • Start monitoring MySQL in 10 minutes • Real-time MySQL performance and availability monitoring • Visually find & fix problem queries • Disk monitoring for capacity planning • Cloud friendly architecture – No agents required • Role based access controls 16
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Monitor: Backup • Monitor backup usage and health – Across your entire datacenter • Drill into backup job details – Allowing for easy backup recovery • Supports all backup types • Alerting on significant events – Poor backup performance – Backup job failures – Out of date backups
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Monitor: Security • Enforce MySQL Security Best Practices – Identifies vulnerabilities – Assesses current setup against security hardening policies • Monitoring and Alerting – User accounts and passwords – Firewall usage, effectiveness, and red flags – Backups and data loss security – Schema changes and tracking – Configuration changes and tuning advice • Centralized Secure User Management 18
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Encryption • MySQL encryption functions – Symmetric encryption AES256 (All Editions) – Public-key / asymmetric cryptography – RSA • Key management functions – Generate public and private keys – Key exchange methods: DH • Sign and verify data functions – Cryptographic hashing for digital signing, verification, & validation – RSA,DSA 19 http://dev.mysql.com/doc/refman/5.7/en/enterprise-encryption.html
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Encryption Encryption/Decryption within MySQL Sensitive Data Sensitive Data Private / Public Key Pairs - Generate using MySQL Enterprise Encryption Functions - Use externally generated (e.g. OpenSSL) Encryption Public Key Decryption Private Key Encrypted Data
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Encryption App Encrypts/MySQL Decrypts 21 Encryption Public Key Decryption Private Key Encrypted Data Sensitive Data Applications Sensitive Data
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Encryption App Encrypts / MySQL Stores / MySQL Decrypts 22 Encryption Public Key Decryption Private Key Encrypted Data Sensitive Data Sensitive Data ApplicationsApplications
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Authentication • Built in Authentication – user table stores users and encrypted passwords • X.509 – Server authenticates client certificates • MySQL Native, SHA 256 Password plugin – Native uses SHA1 or plugin with SHA-256 hashing and per user salting for user account passwords. • MySQL Enterprise Authentication – Microsoft Active Directory – Linux PAMs (Pluggable Authentication Modules) • Support LDAP and more • Custom Authentication Integrates MySQL with existing security infrastructures and SOPs Integrates MySQL with existing security infrastructures and SOPs
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Authentication • PAM (Pluggable Authentication Modules) – Access external authentication methods – Standard interface (Unix, LDAP, Kerberos, others) – Proxied and non-proxied users • Windows – Access native Windows services – Authenticate users already logged into Windows (Windows Active Directory) • Pluggable Authentication API
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Edition • MySQL Enterprise TDE – Data-at-Rest Encryption – Key Management / Security • MySQL Enterprise Encryption – Public/Private Key Cryptography – Asymmetric Encryption – Digital Signatures, Data Validation • MySQL Enterprise Firewall – Block SQL Injection Attacks – Intrusion Detection • MySQL Enterprise Audit – User Activity Auditing, Regulatory Compliance 25 • MySQL Enterprise Monitor – Changes in Database Configurations, Users Permissions, Database Schema, Passwords • MySQL Enterprise Backup – Securing Backups, AES 256 encryption • MySQL Enterprise Authentication – External Authentication Modules – Microsoft AD, Linux PAMs
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Thank you!
MySQL Day Paris 2016 - MySQL Enterprise Edition

Recommandé

MySQL Day Paris 2016 - MySQL as a Document Store
MySQL Day Paris 2016 - MySQL as a Document StoreMySQL Day Paris 2016 - MySQL as a Document Store
MySQL Day Paris 2016 - MySQL as a Document Store
Olivier DASINI
 
MySQL Day Paris 2016 - Introducing Oracle MySQL Cloud Service
MySQL Day Paris 2016 - Introducing Oracle MySQL Cloud ServiceMySQL Day Paris 2016 - Introducing Oracle MySQL Cloud Service
MySQL Day Paris 2016 - Introducing Oracle MySQL Cloud Service
Olivier DASINI
 
MySQL Document Store
MySQL Document StoreMySQL Document Store
MySQL Document Store
Mario Beck
 
MySQL Day Paris 2016 - MySQL HA: InnoDB Cluster and NDB Cluster
MySQL Day Paris 2016 - MySQL HA: InnoDB Cluster and NDB ClusterMySQL Day Paris 2016 - MySQL HA: InnoDB Cluster and NDB Cluster
MySQL Day Paris 2016 - MySQL HA: InnoDB Cluster and NDB Cluster
Olivier DASINI
 
MySQL InnoDB Cluster - Meetup Oracle MySQL / AFUP Paris
MySQL InnoDB Cluster - Meetup Oracle MySQL / AFUP ParisMySQL InnoDB Cluster - Meetup Oracle MySQL / AFUP Paris
MySQL InnoDB Cluster - Meetup Oracle MySQL / AFUP Paris
Olivier DASINI
 
MySQL InnoDB Cluster - A complete High Availability solution for MySQL
MySQL InnoDB Cluster - A complete High Availability solution for MySQLMySQL InnoDB Cluster - A complete High Availability solution for MySQL
MySQL InnoDB Cluster - A complete High Availability solution for MySQL
Olivier DASINI
 
MySQL Day Paris 2016 - State Of The Dolphin
MySQL Day Paris 2016 - State Of The DolphinMySQL Day Paris 2016 - State Of The Dolphin
MySQL Day Paris 2016 - State Of The Dolphin
Olivier DASINI
 
MySQL for Software-as-a-Service (SaaS)
MySQL for Software-as-a-Service (SaaS)MySQL for Software-as-a-Service (SaaS)
MySQL for Software-as-a-Service (SaaS)
Mario Beck
 

Recommandé

MySQL Day Paris 2016 - MySQL as a Document Store
MySQL Day Paris 2016 - MySQL as a Document StoreMySQL Day Paris 2016 - MySQL as a Document Store
MySQL Day Paris 2016 - MySQL as a Document Store
Olivier DASINI
 
MySQL Day Paris 2016 - Introducing Oracle MySQL Cloud Service
MySQL Day Paris 2016 - Introducing Oracle MySQL Cloud ServiceMySQL Day Paris 2016 - Introducing Oracle MySQL Cloud Service
MySQL Day Paris 2016 - Introducing Oracle MySQL Cloud Service
Olivier DASINI
 
MySQL Document Store
MySQL Document StoreMySQL Document Store
MySQL Document Store
Mario Beck
 
MySQL Day Paris 2016 - MySQL HA: InnoDB Cluster and NDB Cluster
MySQL Day Paris 2016 - MySQL HA: InnoDB Cluster and NDB ClusterMySQL Day Paris 2016 - MySQL HA: InnoDB Cluster and NDB Cluster
MySQL Day Paris 2016 - MySQL HA: InnoDB Cluster and NDB Cluster
Olivier DASINI
 
MySQL InnoDB Cluster - Meetup Oracle MySQL / AFUP Paris
MySQL InnoDB Cluster - Meetup Oracle MySQL / AFUP ParisMySQL InnoDB Cluster - Meetup Oracle MySQL / AFUP Paris
MySQL InnoDB Cluster - Meetup Oracle MySQL / AFUP Paris
Olivier DASINI
 
MySQL InnoDB Cluster - A complete High Availability solution for MySQL
MySQL InnoDB Cluster - A complete High Availability solution for MySQLMySQL InnoDB Cluster - A complete High Availability solution for MySQL
MySQL InnoDB Cluster - A complete High Availability solution for MySQL
Olivier DASINI
 
MySQL Day Paris 2016 - State Of The Dolphin
MySQL Day Paris 2016 - State Of The DolphinMySQL Day Paris 2016 - State Of The Dolphin
MySQL Day Paris 2016 - State Of The Dolphin
Olivier DASINI
 
MySQL for Software-as-a-Service (SaaS)
MySQL for Software-as-a-Service (SaaS)MySQL for Software-as-a-Service (SaaS)
MySQL for Software-as-a-Service (SaaS)
Mario Beck
 
MySQL Cloud Service Deep Dive
MySQL Cloud Service Deep DiveMySQL Cloud Service Deep Dive
MySQL Cloud Service Deep Dive
Morgan Tocker
 
MySQL 5.7 InnoDB Cluster (Jan 2018)
MySQL 5.7 InnoDB Cluster (Jan 2018)MySQL 5.7 InnoDB Cluster (Jan 2018)
MySQL 5.7 InnoDB Cluster (Jan 2018)
Olivier DASINI
 
MySQL Document Store - A Document Store with all the benefts of a Transactona...
MySQL Document Store - A Document Store with all the benefts of a Transactona...MySQL Document Store - A Document Store with all the benefts of a Transactona...
MySQL Document Store - A Document Store with all the benefts of a Transactona...
Olivier DASINI
 
MySQL High Availability -- InnoDB Clusters
MySQL High Availability -- InnoDB ClustersMySQL High Availability -- InnoDB Clusters
MySQL High Availability -- InnoDB Clusters
Matt Lord
 
MySQL InnoDB Cluster and NDB Cluster
MySQL InnoDB Cluster and NDB ClusterMySQL InnoDB Cluster and NDB Cluster
MySQL InnoDB Cluster and NDB Cluster
Mario Beck
 
Case Study: MySQL migration from latin1 to UTF-8
Case Study: MySQL migration from latin1 to UTF-8Case Study: MySQL migration from latin1 to UTF-8
Case Study: MySQL migration from latin1 to UTF-8
Olivier DASINI
 
InnoDb Vs NDB Cluster
InnoDb Vs NDB ClusterInnoDb Vs NDB Cluster
InnoDb Vs NDB Cluster
Mark Swarbrick
 
MySQL @ the University Of Nottingham
MySQL @ the University Of NottinghamMySQL @ the University Of Nottingham
MySQL @ the University Of Nottingham
Mark Swarbrick
 
MySQL 8.0 - What's New ?
MySQL 8.0 - What's New ?MySQL 8.0 - What's New ?
MySQL 8.0 - What's New ?
Olivier DASINI
 
NoSQL and MySQL: News about JSON
NoSQL and MySQL: News about JSONNoSQL and MySQL: News about JSON
NoSQL and MySQL: News about JSON
Mario Beck
 
Unlocking Big Data Insights with MySQL
Unlocking Big Data Insights with MySQLUnlocking Big Data Insights with MySQL
Unlocking Big Data Insights with MySQL
Matt Lord
 
MySQL Community and Commercial Edition
MySQL Community and Commercial EditionMySQL Community and Commercial Edition
MySQL Community and Commercial Edition
Mario Beck
 
MySQL Day Paris 2018 - MySQL InnoDB Cluster; A complete High Availability sol...
MySQL Day Paris 2018 - MySQL InnoDB Cluster; A complete High Availability sol...MySQL Day Paris 2018 - MySQL InnoDB Cluster; A complete High Availability sol...
MySQL Day Paris 2018 - MySQL InnoDB Cluster; A complete High Availability sol...
Olivier DASINI
 
MySQL for Oracle DBAs
MySQL for Oracle DBAsMySQL for Oracle DBAs
MySQL for Oracle DBAs
Mario Beck
 
MySQL 5.7: What's New, Nov. 2015
MySQL 5.7: What's New, Nov. 2015MySQL 5.7: What's New, Nov. 2015
MySQL 5.7: What's New, Nov. 2015
Mario Beck
 
MySQL Security
MySQL SecurityMySQL Security
MySQL Security
Mario Beck
 
MySQL Day Paris 2018 - MySQL JSON Document Store
MySQL Day Paris 2018 - MySQL JSON Document StoreMySQL Day Paris 2018 - MySQL JSON Document Store
MySQL Day Paris 2018 - MySQL JSON Document Store
Olivier DASINI
 
Introduction to MySQL
Introduction to MySQLIntroduction to MySQL
Introduction to MySQL
Ted Wennmark
 
MySQL Cloud Service
MySQL Cloud ServiceMySQL Cloud Service
MySQL Cloud Service
Mario Beck
 
MySQL NoSQL Document Store
MySQL NoSQL Document StoreMySQL NoSQL Document Store
MySQL NoSQL Document Store
Mark Swarbrick
 
MySQL 5.7 & JSON - Nouvelles opportunités pour les dévelopeurs
MySQL 5.7 & JSON - Nouvelles opportunités pour les dévelopeursMySQL 5.7 & JSON - Nouvelles opportunités pour les dévelopeurs
MySQL 5.7 & JSON - Nouvelles opportunités pour les dévelopeurs
Frederic Descamps
 
Haute disponibilité my sql avec group réplication
Haute disponibilité my sql avec group réplicationHaute disponibilité my sql avec group réplication
Haute disponibilité my sql avec group réplication
Frederic Descamps
 

Contenu connexe

Tendances

Unlocking Big Data Insights with MySQL
Unlocking Big Data Insights with MySQLUnlocking Big Data Insights with MySQL
Unlocking Big Data Insights with MySQL
Matt Lord
 
MySQL Day Paris 2018 - MySQL JSON Document Store
MySQL Day Paris 2018 - MySQL JSON Document StoreMySQL Day Paris 2018 - MySQL JSON Document Store
MySQL Day Paris 2018 - MySQL JSON Document Store
Olivier DASINI
 

Tendances (20)

MySQL Cloud Service Deep Dive
MySQL Cloud Service Deep DiveMySQL Cloud Service Deep Dive
MySQL Cloud Service Deep Dive
 
MySQL 5.7 InnoDB Cluster (Jan 2018)
MySQL 5.7 InnoDB Cluster (Jan 2018)MySQL 5.7 InnoDB Cluster (Jan 2018)
MySQL 5.7 InnoDB Cluster (Jan 2018)
 
MySQL Document Store - A Document Store with all the benefts of a Transactona...
MySQL Document Store - A Document Store with all the benefts of a Transactona...MySQL Document Store - A Document Store with all the benefts of a Transactona...
MySQL Document Store - A Document Store with all the benefts of a Transactona...
 
MySQL High Availability -- InnoDB Clusters
MySQL High Availability -- InnoDB ClustersMySQL High Availability -- InnoDB Clusters
MySQL High Availability -- InnoDB Clusters
 
MySQL InnoDB Cluster and NDB Cluster
MySQL InnoDB Cluster and NDB ClusterMySQL InnoDB Cluster and NDB Cluster
MySQL InnoDB Cluster and NDB Cluster
 
Case Study: MySQL migration from latin1 to UTF-8
Case Study: MySQL migration from latin1 to UTF-8Case Study: MySQL migration from latin1 to UTF-8
Case Study: MySQL migration from latin1 to UTF-8
 
InnoDb Vs NDB Cluster
InnoDb Vs NDB ClusterInnoDb Vs NDB Cluster
InnoDb Vs NDB Cluster
 
MySQL @ the University Of Nottingham
MySQL @ the University Of NottinghamMySQL @ the University Of Nottingham
MySQL @ the University Of Nottingham
 
MySQL 8.0 - What's New ?
MySQL 8.0 - What's New ?MySQL 8.0 - What's New ?
MySQL 8.0 - What's New ?
 
NoSQL and MySQL: News about JSON
NoSQL and MySQL: News about JSONNoSQL and MySQL: News about JSON
NoSQL and MySQL: News about JSON
 
Unlocking Big Data Insights with MySQL
Unlocking Big Data Insights with MySQLUnlocking Big Data Insights with MySQL
Unlocking Big Data Insights with MySQL
 
MySQL Community and Commercial Edition
MySQL Community and Commercial EditionMySQL Community and Commercial Edition
MySQL Community and Commercial Edition
 
MySQL Day Paris 2018 - MySQL InnoDB Cluster; A complete High Availability sol...
MySQL Day Paris 2018 - MySQL InnoDB Cluster; A complete High Availability sol...MySQL Day Paris 2018 - MySQL InnoDB Cluster; A complete High Availability sol...
MySQL Day Paris 2018 - MySQL InnoDB Cluster; A complete High Availability sol...
 
MySQL for Oracle DBAs
MySQL for Oracle DBAsMySQL for Oracle DBAs
MySQL for Oracle DBAs
 
MySQL 5.7: What's New, Nov. 2015
MySQL 5.7: What's New, Nov. 2015MySQL 5.7: What's New, Nov. 2015
MySQL 5.7: What's New, Nov. 2015
 
MySQL Security
MySQL SecurityMySQL Security
MySQL Security
 
MySQL Day Paris 2018 - MySQL JSON Document Store
MySQL Day Paris 2018 - MySQL JSON Document StoreMySQL Day Paris 2018 - MySQL JSON Document Store
MySQL Day Paris 2018 - MySQL JSON Document Store
 
Introduction to MySQL
Introduction to MySQLIntroduction to MySQL
Introduction to MySQL
 
MySQL Cloud Service
MySQL Cloud ServiceMySQL Cloud Service
MySQL Cloud Service
 
MySQL NoSQL Document Store
MySQL NoSQL Document StoreMySQL NoSQL Document Store
MySQL NoSQL Document Store
 

En vedette

2016 oSC MySQL Firewall
2016 oSC MySQL Firewall2016 oSC MySQL Firewall
2016 oSC MySQL Firewall
Georgi Kodinov
 
Protecting confidential files using SE-Linux
Protecting confidential files using SE-LinuxProtecting confidential files using SE-Linux
Protecting confidential files using SE-Linux
Giuseppe Paterno'
 

En vedette (20)

MySQL 5.7 & JSON - Nouvelles opportunités pour les dévelopeurs
MySQL 5.7 & JSON - Nouvelles opportunités pour les dévelopeursMySQL 5.7 & JSON - Nouvelles opportunités pour les dévelopeurs
MySQL 5.7 & JSON - Nouvelles opportunités pour les dévelopeurs
 
Haute disponibilité my sql avec group réplication
Haute disponibilité my sql avec group réplicationHaute disponibilité my sql avec group réplication
Haute disponibilité my sql avec group réplication
 
Étude de cas : migration MySQL Latin 1 vers UTF-8
Étude de cas : migration MySQL Latin 1 vers UTF-8Étude de cas : migration MySQL Latin 1 vers UTF-8
Étude de cas : migration MySQL Latin 1 vers UTF-8
 
Optimisation de MySQL
Optimisation de MySQLOptimisation de MySQL
Optimisation de MySQL
 
MHA : MySQL haute dispo, chez Viadeo par Olivier Dasini
MHA : MySQL haute dispo, chez Viadeo par Olivier DasiniMHA : MySQL haute dispo, chez Viadeo par Olivier Dasini
MHA : MySQL haute dispo, chez Viadeo par Olivier Dasini
 
Architectures haute disponibilité avec MySQL
Architectures haute disponibilité avec MySQLArchitectures haute disponibilité avec MySQL
Architectures haute disponibilité avec MySQL
 
Les nouveautés de MySQL 5.1
Les nouveautés de MySQL 5.1Les nouveautés de MySQL 5.1
Les nouveautés de MySQL 5.1
 
2016 MySQL State of the Dolphin
2016 MySQL State of the Dolphin2016 MySQL State of the Dolphin
2016 MySQL State of the Dolphin
 
MySQL Enterprise Edition Overview
MySQL Enterprise Edition OverviewMySQL Enterprise Edition Overview
MySQL Enterprise Edition Overview
 
Mysql security 5.7
Mysql security 5.7 Mysql security 5.7
Mysql security 5.7
 
MariaDB - Fast, Easy & Strong - Get Started Tutorial
MariaDB - Fast, Easy & Strong - Get Started TutorialMariaDB - Fast, Easy & Strong - Get Started Tutorial
MariaDB - Fast, Easy & Strong - Get Started Tutorial
 
BGOUG15: JSON support in MySQL 5.7
BGOUG15: JSON support in MySQL 5.7BGOUG15: JSON support in MySQL 5.7
BGOUG15: JSON support in MySQL 5.7
 
Moins on code, mieux on se porte !
Moins on code, mieux on se porte !Moins on code, mieux on se porte !
Moins on code, mieux on se porte !
 
2016 oSC MySQL Firewall
2016 oSC MySQL Firewall2016 oSC MySQL Firewall
2016 oSC MySQL Firewall
 
devops Days Belgium Ghent 2016
devops Days Belgium Ghent 2016devops Days Belgium Ghent 2016
devops Days Belgium Ghent 2016
 
Upgrade to MySQL 5.6 without downtime
Upgrade to MySQL 5.6 without downtimeUpgrade to MySQL 5.6 without downtime
Upgrade to MySQL 5.6 without downtime
 
Audit
AuditAudit
Audit
 
SHOWDOWN: Threat Stack vs. Red Hat AuditD
SHOWDOWN: Threat Stack vs. Red Hat AuditDSHOWDOWN: Threat Stack vs. Red Hat AuditD
SHOWDOWN: Threat Stack vs. Red Hat AuditD
 
Protecting confidential files using SE-Linux
Protecting confidential files using SE-LinuxProtecting confidential files using SE-Linux
Protecting confidential files using SE-Linux
 
Open Audit
Open AuditOpen Audit
Open Audit
 

Similaire à MySQL Day Paris 2016 - MySQL Enterprise Edition

MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirementsMySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
Olivier DASINI
 
Oracle MySQL Tutorial -- MySQL NoSQL Cloud Buenos Aires Nov, 13 2014
Oracle MySQL Tutorial -- MySQL NoSQL Cloud Buenos Aires Nov, 13 2014Oracle MySQL Tutorial -- MySQL NoSQL Cloud Buenos Aires Nov, 13 2014
Oracle MySQL Tutorial -- MySQL NoSQL Cloud Buenos Aires Nov, 13 2014
Manuel Contreras
 
MySQL 20 años: pasado, presente y futuro; conoce las nuevas características d...
MySQL 20 años: pasado, presente y futuro; conoce las nuevas características d...MySQL 20 años: pasado, presente y futuro; conoce las nuevas características d...
MySQL 20 años: pasado, presente y futuro; conoce las nuevas características d...
GeneXus
 
MySQL Enterprise Monitor
MySQL Enterprise MonitorMySQL Enterprise Monitor
MySQL Enterprise Monitor
Mario Beck
 
How Partners Can Tap into a New Revenue Stream w/MySQL EE
How Partners Can Tap into a New Revenue Stream w/MySQL EEHow Partners Can Tap into a New Revenue Stream w/MySQL EE
How Partners Can Tap into a New Revenue Stream w/MySQL EE
Nick Mader
 

Similaire à MySQL Day Paris 2016 - MySQL Enterprise Edition (20)

Modern Data Security with MySQL
Modern Data Security with MySQLModern Data Security with MySQL
Modern Data Security with MySQL
 
MySQL Enterprise Edition - Complete Guide (2019)
MySQL Enterprise Edition - Complete Guide (2019)MySQL Enterprise Edition - Complete Guide (2019)
MySQL Enterprise Edition - Complete Guide (2019)
 
DevTalks.ro 2019 What's New in MySQL 8.0 Security
DevTalks.ro 2019 What's New in MySQL 8.0 SecurityDevTalks.ro 2019 What's New in MySQL 8.0 Security
DevTalks.ro 2019 What's New in MySQL 8.0 Security
 
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirementsMySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
 
MySQL Tech Tour 2015 - 5.7 Security
MySQL Tech Tour 2015 - 5.7 SecurityMySQL Tech Tour 2015 - 5.7 Security
MySQL Tech Tour 2015 - 5.7 Security
 
MySQL Security
MySQL SecurityMySQL Security
MySQL Security
 
Percona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 SecurityPercona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 Security
 
Oracle MySQL Tutorial -- MySQL NoSQL Cloud Buenos Aires Nov, 13 2014
Oracle MySQL Tutorial -- MySQL NoSQL Cloud Buenos Aires Nov, 13 2014Oracle MySQL Tutorial -- MySQL NoSQL Cloud Buenos Aires Nov, 13 2014
Oracle MySQL Tutorial -- MySQL NoSQL Cloud Buenos Aires Nov, 13 2014
 
MySQL Web Reference Architecture
MySQL Web Reference Architecture MySQL Web Reference Architecture
MySQL Web Reference Architecture
 
Pl17: MySQL 8.0: security
Pl17: MySQL 8.0: securityPl17: MySQL 8.0: security
Pl17: MySQL 8.0: security
 
Enabling digital transformation with MySQL
Enabling digital transformation with MySQLEnabling digital transformation with MySQL
Enabling digital transformation with MySQL
 
MySQL Database Service - 100% Developed, Managed and Supported by the MySQL Team
MySQL Database Service - 100% Developed, Managed and Supported by the MySQL TeamMySQL Database Service - 100% Developed, Managed and Supported by the MySQL Team
MySQL Database Service - 100% Developed, Managed and Supported by the MySQL Team
 
MySQL 20 años: pasado, presente y futuro; conoce las nuevas características d...
MySQL 20 años: pasado, presente y futuro; conoce las nuevas características d...MySQL 20 años: pasado, presente y futuro; conoce las nuevas características d...
MySQL 20 años: pasado, presente y futuro; conoce las nuevas características d...
 
MySQL Enterprise Monitor
MySQL Enterprise MonitorMySQL Enterprise Monitor
MySQL Enterprise Monitor
 
The Changing Role of a DBA in an Autonomous World
The Changing Role of a DBA in an Autonomous WorldThe Changing Role of a DBA in an Autonomous World
The Changing Role of a DBA in an Autonomous World
 
MySQL enterprise edition
MySQL enterprise edition MySQL enterprise edition
MySQL enterprise edition
 
MySQL Enterprise Edition Portfolio
MySQL Enterprise Edition PortfolioMySQL Enterprise Edition Portfolio
MySQL Enterprise Edition Portfolio
 
BGOUG17: Cloudy with a chance of MySQL
BGOUG17: Cloudy with a chance of MySQLBGOUG17: Cloudy with a chance of MySQL
BGOUG17: Cloudy with a chance of MySQL
 
How Partners Can Tap into a New Revenue Stream w/MySQL EE
How Partners Can Tap into a New Revenue Stream w/MySQL EEHow Partners Can Tap into a New Revenue Stream w/MySQL EE
How Partners Can Tap into a New Revenue Stream w/MySQL EE
 
MySQL Manchester TT - MySQL Enterprise Edition
MySQL Manchester TT - MySQL Enterprise EditionMySQL Manchester TT - MySQL Enterprise Edition
MySQL Manchester TT - MySQL Enterprise Edition
 

Plus de Olivier DASINI

MySQL 8.0.22 - New Features Summary
MySQL 8.0.22 - New Features SummaryMySQL 8.0.22 - New Features Summary
MySQL 8.0.22 - New Features Summary
Olivier DASINI
 
MySQL Day Paris 2018 - What’s New in MySQL 8.0 ?
MySQL Day Paris 2018 - What’s New in MySQL 8.0 ?MySQL Day Paris 2018 - What’s New in MySQL 8.0 ?
MySQL Day Paris 2018 - What’s New in MySQL 8.0 ?
Olivier DASINI
 

Plus de Olivier DASINI (16)

MySQL High Availability Solutions - Avoid loss of service by reducing the r...
MySQL High Availability Solutions - Avoid loss of service by reducing the r...MySQL High Availability Solutions - Avoid loss of service by reducing the r...
MySQL High Availability Solutions - Avoid loss of service by reducing the r...
 
MySQL Document Store for Modern Applications
MySQL Document Store for Modern ApplicationsMySQL Document Store for Modern Applications
MySQL Document Store for Modern Applications
 
MySQL Performance Best Practices
MySQL Performance Best PracticesMySQL Performance Best Practices
MySQL Performance Best Practices
 
MySQL 8.0.22 - New Features Summary
MySQL 8.0.22 - New Features SummaryMySQL 8.0.22 - New Features Summary
MySQL 8.0.22 - New Features Summary
 
Upgrade from MySQL 5.7 to MySQL 8.0
Upgrade from MySQL 5.7 to MySQL 8.0Upgrade from MySQL 5.7 to MySQL 8.0
Upgrade from MySQL 5.7 to MySQL 8.0
 
MySQL 8.0.21 - New Features Summary
MySQL 8.0.21 - New Features SummaryMySQL 8.0.21 - New Features Summary
MySQL 8.0.21 - New Features Summary
 
MySQL 8.0.19 - New Features Summary
MySQL 8.0.19 - New Features SummaryMySQL 8.0.19 - New Features Summary
MySQL 8.0.19 - New Features Summary
 
MySQL 8.0.18 - New Features Summary
MySQL 8.0.18 - New Features SummaryMySQL 8.0.18 - New Features Summary
MySQL 8.0.18 - New Features Summary
 
MySQL 8.0.17 - New Features Summary
MySQL 8.0.17 - New Features SummaryMySQL 8.0.17 - New Features Summary
MySQL 8.0.17 - New Features Summary
 
MySQL 8.0.16 New Features Summary
MySQL 8.0.16 New Features SummaryMySQL 8.0.16 New Features Summary
MySQL 8.0.16 New Features Summary
 
MySQL Day Paris 2018 - Introduction & The State of the Dolphin
MySQL Day Paris 2018 - Introduction & The State of the DolphinMySQL Day Paris 2018 - Introduction & The State of the Dolphin
MySQL Day Paris 2018 - Introduction & The State of the Dolphin
 
MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0
MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0
MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0
 
MySQL Day Paris 2018 - What’s New in MySQL 8.0 ?
MySQL Day Paris 2018 - What’s New in MySQL 8.0 ?MySQL Day Paris 2018 - What’s New in MySQL 8.0 ?
MySQL Day Paris 2018 - What’s New in MySQL 8.0 ?
 
MySQL 8.0, what's new ? - Forum PHP 2018
MySQL 8.0, what's new ? - Forum PHP 2018MySQL 8.0, what's new ? - Forum PHP 2018
MySQL 8.0, what's new ? - Forum PHP 2018
 
MySQL JSON Document Store - A Document Store with all the benefits of a Trans...
MySQL JSON Document Store - A Document Store with all the benefits of a Trans...MySQL JSON Document Store - A Document Store with all the benefits of a Trans...
MySQL JSON Document Store - A Document Store with all the benefits of a Trans...
 
What's New in MySQL 5.7
What's New in MySQL 5.7What's New in MySQL 5.7
What's New in MySQL 5.7
 

Dernier

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 

Dernier (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

MySQL Day Paris 2016 - MySQL Enterprise Edition

  • 1. MySQL Enterprise Edition Achieve the Highest Levels of Security Olivier Dasini MySQL Principal Solutions Architect olivier.dasini@oracle.com @freshdaz
  • 2. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
  • 3. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Security 3
  • 4. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Data Breaches 429 Million identities exposed in 2015. 75% Web sites with vulnerabilities. 15% of all websites had a critical vulnerability. 9 In 2015, a record of nine mega- breaches were reported. One worlds largest 191M. (Mega-breach = more than 10 million records.) Mobile Vulnerabilities on the rise – up 214% Infection by SQL Injection still strong. Malware attacks on databases Oracle Confidential – Internal/Restricted/Highly Restricted 4 Source: Internet Security Threat Report 2016, Symantec
  • 5. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | DBAs are responsible for Database Security • Ensure only users who should get access, can get access • Limit what users and applications can do • Limit from where users and applications can access data • Watch what is happening, and when it happened • Make sure to back things up securely • Minimize attack surface • Ensure encryption keys are protected and managed
  • 6. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | DBAs must meet Security and Regulatory Compliance • Regulations – PCI – DSS: Payment Card Data – HIPAA: Privacy of Health Data – Sarbanes Oxley: Accuracy of Financial Data – EU Data Protection Directive: Protection of Personal Data ● General Data Protection Regulation (GDPR) ● https://en.wikipedia.org/wiki/General_Data_Protection_Regulation – Data Protection Act (UK): Protection of Personal Data • Requirements – Continuous Monitoring (Users, Schema, Backups, etc) – Data Protection (Encryption, Privilege Management, etc.) – Data Retention (Backups, User Activity, etc.) – Data Auditing (User activity, etc.) 6
  • 7. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Edition • MySQL Enterprise TDE – Data-at-Rest Encryption – Key Management / Security • MySQL Enterprise Encryption – Public/Private Key Cryptography – Asymmetric Encryption – Digital Signatures, Data Validation • MySQL Enterprise Firewall – Block SQL Injection Attacks – Intrusion Detection • MySQL Enterprise Audit – User Activity Auditing, Regulatory Compliance 7 • MySQL Enterprise Monitor – Changes in Database Configurations, Users Permissions, Database Schema, Passwords • MySQL Enterprise Backup – Securing Backups, AES 256 encryption • MySQL Enterprise Authentication – External Authentication Modules – Microsoft AD, Linux PAMs https://www.youtube.com/watch?v=ypQh9H9Rf9w
  • 8. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Transparent Data Encryption • Improves Security – Added Layer– enforces access controls – Simple to use and manage • Meets Security and Regulatory Requirements – Fit for cases where encryption is required • Healthcare, FiServ, Government, etc. • Secures and Manages Keys – Supports Standard KMIP 1.2 protocols – Supports Oracle Key Vault and other Key Stores
  • 9. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Transparent Data Encryption Goals 9 • Data at Rest Encryption – Tablespaces, Disks, Storage, OS File system • Transparent to applications and users – No application code, schema or data type changes • Transparent to DBAs – Keys are hidden from DBAs, no configuration changes • Requires Key Management – Protection, rotation, storage, recovery
  • 10. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 10 MySQL Transparent Data Encryption Encrypted Tablespace Files Tablespace Key Malicious OS User / Hacker Accesses Files Directly Information Access Blocked By Encryption Master Key
  • 11. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Audit • Auditing for Security & Compliance – FIPS, HIPAA, PCI-DSS, SOX, DISA STIG, … • MySQL built-in logging infrastructure: – general log, error log • MySQL Enterprise Audit – Granularity made for auditing – Can be modified live – Contains additional details – Compatible with Oracle Audit Vault. https://dev.mysql.com/doc/refman/5.7/en/audit-log.html Adds regulatory compliance to MySQL applications (HIPAA, Sarbanes-Oxley, PCI, etc.) Adds regulatory compliance to MySQL applications (HIPAA, Sarbanes-Oxley, PCI, etc.)
  • 12. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Audit Work Flow 12
  • 13. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Firewall • Real Time Protection – Queries analyzed and matched against White List • Blocks SQL Injection Attacks – Positive Security Model • Block Suspicious Traffic – Out of Policy Transactions detected & blocked • Learns White List – Automated creation of approved list of SQL command patterns on a per user basis • Transparent – No changes to application required 13 MySQL Enterprise Firewall monitoring Protection from SQL Injection Attacks - #1 Web Application Vulnerability - 77% of Web Sites had vulnerabilities https://dev.mysql.com/doc/refman/5.7/en/firewall.html
  • 14. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Firewall: Operating Modes 14 ALLOW In Whitelist Blocks SQL Attacks Allows “Matching” SQL Table Table Table BLOCK NOT In Whitelist BLOCK and ALERT DETECT (IDS) NOT In Whitelist ALLOW and ALERT Table Table Table ALLOW – Execute SQL - SQL Matches Whitelist BLOCK – Block the request - Not in Whitelist DETECT – Execute SQL & Alert - Not in Whitelist 11 22 33 Table Table Table Allows SQL & Alerts
  • 15. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Backup • Online, non-locking backup and recovery – Complete MySQL instance backup (data and config) – Partial backup and restore • Direct Cloud storage backups (S3, etc.) • Incremental backups • Point-in-time recovery • Advanced compressed and encryption • Backup to tape (SBT) • Backup validation • Optimistic backups • Cross-Platform (Windows, Linux, Unix)
  • 16. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Monitor • Start monitoring MySQL in 10 minutes • Real-time MySQL performance and availability monitoring • Visually find & fix problem queries • Disk monitoring for capacity planning • Cloud friendly architecture – No agents required • Role based access controls 16
  • 17. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Monitor: Backup • Monitor backup usage and health – Across your entire datacenter • Drill into backup job details – Allowing for easy backup recovery • Supports all backup types • Alerting on significant events – Poor backup performance – Backup job failures – Out of date backups
  • 18. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Monitor: Security • Enforce MySQL Security Best Practices – Identifies vulnerabilities – Assesses current setup against security hardening policies • Monitoring and Alerting – User accounts and passwords – Firewall usage, effectiveness, and red flags – Backups and data loss security – Schema changes and tracking – Configuration changes and tuning advice • Centralized Secure User Management 18
  • 19. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Encryption • MySQL encryption functions – Symmetric encryption AES256 (All Editions) – Public-key / asymmetric cryptography – RSA • Key management functions – Generate public and private keys – Key exchange methods: DH • Sign and verify data functions – Cryptographic hashing for digital signing, verification, & validation – RSA,DSA 19 http://dev.mysql.com/doc/refman/5.7/en/enterprise-encryption.html
  • 20. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Encryption Encryption/Decryption within MySQL Sensitive Data Sensitive Data Private / Public Key Pairs - Generate using MySQL Enterprise Encryption Functions - Use externally generated (e.g. OpenSSL) Encryption Public Key Decryption Private Key Encrypted Data
  • 21. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Encryption App Encrypts/MySQL Decrypts 21 Encryption Public Key Decryption Private Key Encrypted Data Sensitive Data Applications Sensitive Data
  • 22. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Encryption App Encrypts / MySQL Stores / MySQL Decrypts 22 Encryption Public Key Decryption Private Key Encrypted Data Sensitive Data Sensitive Data ApplicationsApplications
  • 23. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Authentication • Built in Authentication – user table stores users and encrypted passwords • X.509 – Server authenticates client certificates • MySQL Native, SHA 256 Password plugin – Native uses SHA1 or plugin with SHA-256 hashing and per user salting for user account passwords. • MySQL Enterprise Authentication – Microsoft Active Directory – Linux PAMs (Pluggable Authentication Modules) • Support LDAP and more • Custom Authentication Integrates MySQL with existing security infrastructures and SOPs Integrates MySQL with existing security infrastructures and SOPs
  • 24. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Authentication • PAM (Pluggable Authentication Modules) – Access external authentication methods – Standard interface (Unix, LDAP, Kerberos, others) – Proxied and non-proxied users • Windows – Access native Windows services – Authenticate users already logged into Windows (Windows Active Directory) • Pluggable Authentication API
  • 25. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Enterprise Edition • MySQL Enterprise TDE – Data-at-Rest Encryption – Key Management / Security • MySQL Enterprise Encryption – Public/Private Key Cryptography – Asymmetric Encryption – Digital Signatures, Data Validation • MySQL Enterprise Firewall – Block SQL Injection Attacks – Intrusion Detection • MySQL Enterprise Audit – User Activity Auditing, Regulatory Compliance 25 • MySQL Enterprise Monitor – Changes in Database Configurations, Users Permissions, Database Schema, Passwords • MySQL Enterprise Backup – Securing Backups, AES 256 encryption • MySQL Enterprise Authentication – External Authentication Modules – Microsoft AD, Linux PAMs
  • 26. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Thank you!