SlideShare une entreprise Scribd logo

Using MariaDB TX and MaxScale to meet GDPR - #OPEN18

Kangaroot
Kangaroot

The document discusses security best practices for deploying MariaDB in production environments. It notes that the majority of HTTP attacks target PHPMyAdmin and vulnerable WordPress plugins. It recommends securing MariaDB by using firewalls, authentication, data encryption, and auditing. MaxScale can provide additional security features like database filtering, load balancing, and query transformation. The document also covers GDPR compliance requirements and how technologies like MariaDB and MaxScale help meet them.

Technologie
1  sur  51
Télécharger pour lire hors ligne
Securing Production Deployments Maria Luisa Raviol Senior Sales Engineer- MariaDB
“The majority of the HTTP attacks were made to PHPMyadmin, a popular MySQL and MariaDB remote management system. Many web content management systems, not to mention WordPress, rely on these these databases. Vulnerable WordPress plugins were also frequently attacked. Mind you, this was on a system that even in honeypot mode hadn't emitted a single packet towards the outside world.” ZDNet - Jan 23rd 2018
GDPR A Matter of Balance
GDPR • It is the harmonization of: – Processes • Process flows • Prevention and reaction procedures – Technological solutions • Encryption • Preudonymisation • Anonymisation • Data Accessibility • Auditing – Compliance • Keep the pace with the regulation
GDPR – The Requirements • Data is protected • Risk protection and prevention • The harmonisation of processes and technology European companies and/or companies located outside EU that handle the data of EU citizens must guarantee:
GDPR – The Processess • Companies need to have deep knowledge their Data Supply Chain • All the W questions need to have an answer • A top-down approach is usually recommended The 5 Ws… …plus one
GDPR – The Technology GDPR says that: • It is mandatory to “implement appropriate technical and organisational measures, to ensure a level of security appropriate to the risk including inter alia, as appropriate: the pseudonymisation and encryption of personal data ...” The right technology will help businesses meet the requirements of GDPR both now and in the future Reference: GDPR Art 32
GDPR – The Technology Must prevent: • Unauthorised access to the database • Unauthorised access to all the other database related files (log files, configuration files, passwords…) • Data integrity breach • Untrusted access to the database from the Clients The right technology will help businesses meet the requirements of GDPR both now and in the future
GDPR – The Tecnology How to protect the database: • Firewalling • Autentication • Data in motion encryption • Tablespace encryption • Data at rest encryption • Backup encryption • Auditing The right technology will help businesses meet the requirements of GDPR both now and in the future
GDPR – MariaDB Enterprise Security • Detect and prevent attacks – Access management – Denial of service – SQL Injections • Protect data at rest with encryption – Tablespaces, Individual tables, logs • TSL/SSL Encryption – Protects data in motion • Auditing for Security and Compliance • MaxScale database firewall features • MaxScale selective data masking
MariaDB TX - Security MaxScale Client - MaxScale MaxScale - MariaDB Client - MariaDB MariaDB - MariaDB
MariaDB MaxScale Security Features
MariaDB TX – Firewalling and Data Masking MaxScale Client - MaxScale MaxScale - MariaDB Client - MariaDB MariaDB - MariaDB
MariaDB MaxScale Concept DATABASE SERVERS MASTER SLAVES Binlog Cache Insulates client applications from the complexities of backend database cluster Simplify replication from database to other databases CLIENT PROTOCOL SUPPORT AUTHENTICATION PARSING DATABASE MONITORING LOAD BALANCING & ROUTING QUERY TRANSFORMATION & LOGGING Flexible, easy to write plug-ins for Generic Core MULTI-THREADED E-POLL BASED STATELESS SHARES THE THREAD POOL
MaxScale Firewalling – The Details • A filter installed into the request processing chain. • Rules define what constitutes a match: – wildcard, columns, function, regex, no where clause – when to apply – what users are affected – what statements are affected • The filter mode defines what to do with a match: – allow => whitelist – block => blacklist • limit_queries rule sensible only with blacklisting – match if more than N queries are made within a time period MaxScale Filter Router Database Servers
MaxScale Filtering Rules Database Firewall Filter Allow/Block queries that MATCH A SET OF RULES MATCH RULES FOR SPECIFIED USERS MATCH ON • date/time • a WHERE clause • query type • column match • a wildcard or regular expression or function name Protect against SQL injection Prevent unauthorized data access Prevent data damage QUERY FAILED: 1141 ERROR: Required WHERE/HAVING clause is missing rule safe_select deny no_where_clause on_queries select rule safe_cust_select deny regex '.*from.*customers.*' user %app-user@% match all rules safe_cust_select safe_select DATABASE FIREWALL FILTER SELECT * FROM CUSTOMERS; MaxScale Database Servers 1 2 3
MaxScale Filtering: SQL Injections • What is a SQL Injection? • A kind of web application attack, where user- supplied input comes from: URL – www.app.com?id=1 Forms – email=a@app.com Other elements – e.g., cookies, HTTP headers and is manipulated so that a vulnerable application executes SQL commands injected by attacker.
Who Can Be Affected by a SQL Injection? • An Example: • Applications vulnerable to SQL injection: – Incorrect type handling – Incorrectly filtered escape characters – Blind SQL injection – Second order SQL injection SELECT * from customer WHERE id = ? User supplied value for id = 5, injected value is string ‘5 OR 1=1’ SELECT * from customer WHERE id = 5 OR 1=1 This will result in application getting access to entire customer table instead of just the specific customer http://www.unixwiz.net/techtips/sql-injection.html
SQL Injection according to xkcd Exploits of a Mom : https://xkcd.com/327/
MaxScale Security – DDoS Protection DDoS Protection MAXIMUM ROWS FILTER • Return zero rows to client if number of rows in result set exceeds configured max limit • Return zero rows to client if the size of result set exceeds configured max size in KB Max Rows Limit = 500 NumRows Returned > MaxRows Limit QUERY FAILED: 1141 ERROR: No rows returned 51 QUERY 4 MaxRowsLimit FILTER Clients NumRows returned = 100032 Database Servers QUERY
MaxScale Security – DDoS Protection • Persistent connections to backend. – When server connections are logically closed, keep them in pool for reuse. • Client connection limitation. – Specify the maximum number of connections for a particular service. maxscale.cnf[SomeServer] ... maxpersistpoolmax=30 [SomeService] ... max_connections=100 maxscale.cnf Max Client Connections per Service Connection pool of configurable size Variable number of connections Client Client Client Client
MaxScale Security – DDoS Protection • Cap the amount that can be returned. – By rows or by size or both – Data will be returned to MaxScale, but MaxScale will not necessarily forward to client. • Limit rate of queries using the firewall. MaxRows Filter Max Rows Limit = 500 NumRows returned = 1000 Query failed: 1141 Error: No rows returned Client Client Client Client firewall.txtrule prevent_overload deny limit_queries 15 5 10 [LimitSize] type=filter module=maxrows max_resultset_rows=500 maxscale.cnf If more than 15 queries are received in 5 seconds, block all queries for 10 seconds.
Security: Data Redaction SELECT Name, creditcardNum, balance FROM customerTbl WHERE id=1001 Name creditcardNum balance --------------------------------------- John Smith xxxxxxxxxx 1201.07 Database Servers Client Data Redaction via Data Masking Masking based on column name • DATABASE NAME, TABLE NAME CLASSIFIER MAY BE PROVIDED – commerceDb.customerTbl.creditcardNum – customerTbl.creditcardNum – credicardNum • COLUMN CAN BE – Fully or partially masked – Obfuscated HIPPA, PCI and GDPR needs
MariaDB TX Data in Motion Encryption
MariaDB TX – Data in Motion Encryption MaxScale Client - MaxScale MaxScale - MariaDB Client - MariaDB MariaDB - MariaDB
Client-MaxScale-MariaDB Encryption Secured Connection SSL between Clients and MaxScale SSL between MaxScale and MariaDB server Secured user access LDAP/GSSAPI for secured single sign-on across OS platforms(windows, linux), applications and databases Client Client Client Client SSL SSL SSL SSL SSL
Client-MariaDB and MariaDB-MariaDB Encryption Secured user access LDAP/GSSAPI for secured single sign-on across OS platforms(windows, linux), applications and databases Client Client SSL SSL Database Servers SSL Secured Connection SSL between Clients and MariaDB SSL between MariaDB Master and Slaves
MariaDB TX Data at Rest Encryption
MariaDB TX – Data at Rest Encryption MaxScale Client - MaxScale MaxScale - MariaDB Client - MariaDB MariaDB - MariaDB
Data-at-rest Encryption • Encrypting: – Tables or tablespaces – Aria Tables – InnoDB Log files – Binary/relay Logs – Temporary files • Independent of encryption capabilities of applications • Based on encryption keys, key ids, key rotation and key versioning • Low performance overhead • Transparent to applications
Key Management Services • Encryption plugin API offers choice – Plugin to implement the data encryption – Manage encryption Keys • MariaDB Server options – Simple Key Management included – Amazon AWS KMS Plugin included – Eperi KMS for on premise key management – optional
MariaDB TX Authentication Plugins
MariaDB TX – Authentication Plugins MaxScale Client - MaxScale MaxScale - MariaDB Client - MariaDB MariaDB - MariaDB
MariaDB comes with two password validation plugins • simple_password_check plugin – Can enforce a minimum password length – guarantee that a password contains at least a specified number of upper and lowercase letters, digits, and punctuation characters • cracklib_password_check plugin – A widely used library – Stop users from choosing easy to guess passwords. It includes checks for not allowing passwords based on the username or a dictionary word etc. Password Validation
• PAM-Authentication Plugin – allows using /etc/shadow and any PAM based Authentication like LDAP • Kerberos-Authentication – as a standardized network authentication protocol is provided GSSAPI based on UNIX and SSPI based on Windows External Authentication Single Sign On is getting mandatory in most Enterprises.
MariaDB PAM Authentication GSS-API on Linux • Red Hat Directory Server • OpenLDAP SSPI on Windows • Active DirectoryKDC Client MariaDB 2 3 4 1 Ticket request Service ticket Here is my service ticket, authenticate me Client / server session
MariaDB Role Based Access Control Database Tables MariaDB 10 Role: DBA Permissions: • Update Schema • View Statistics • Create Database
MariaDB TX Auditing
MariaDB TX – Auditing MaxScale Client - MaxScale MaxScale - MariaDB Client - MariaDB MariaDB - MariaDB
MariaDB Audit Plugin • Logs server activity – Who connected to the server – Source of connection – Queries executed – Tables touched • File based or syslog based logging • Monyog Audit log file filtering Auditing for Security and Compliance Connection Disconnect Connect Failed Connect Timestamp Host User SessionQuery DML + TCL DDL DCL Object Tables Database
MariaDB TX Per User Limit
MariaDB TX – Per User Limit MaxScale Client - MaxScale MaxScale - MariaDB Client - MariaDB MariaDB - MariaDB
New User Management Functions • MAX_*_PER_HOUR – Create_User can limit the number of queries, updates or connections per hour. • MAX_USER_ CONNECTIONS – limits the number of simultaneous connections • MAX_STATEMENT_TIME – any query (excluding stored procedures) taking longer than the value of max_statement_time (specified in seconds) to execute will be aborted. This can be set globally, by session, as well as per user and per query • SHOW CREATE USER – is useful way to see the command required to create a user for auditing or the creation of similar accounts.
New User Management Functions • Examples: – CREATE USER foo2@test IDENTIFIED BY 'password'; CREATE USER 'foo4'@'test' REQUIRE ISSUER 'foo_issuer' SUBJECT 'foo_subject' CIPHER 'text' CREATE USER foo WITH MAX_QUERIES_PER_HOUR 10 MAX_UPDATES_PER_HOUR 20 MAX_CONNECTIONS_PER_HOUR 30 MAX_USER_CONNECTIONS 40;
Security threats best practices
Threats Viruses Hacker attacks Software spoofing Defense • Do not allow TCP connections to MariaDB from the Internet at large. • Configure MariaDB to listen on a network interface that is only accessible from the host where your application runs. • Design your physical network to connect the app to MariaDB or MaxScale • Use bind-address to bind to a specific network interface • Use your OS’s firewall • Keep your OS patched The Internet
Threats Denial of Service Attacks created by overloading application SQL query injection attacks Defense • Do not run your application on your MariaDB Server. • Do not install unnecessary packages on your MariaDB Server. • An overloaded application can use so much memory that MariaDB could slow or even be killed by the OS. This is an effective DDoS attack vector. • A compromised application or service can have many serious side effects – Discovery of MariaDB credentials – Direct access to data – Privilege escalation Applications
Threats Disgruntled employees Mistakes and human error Defense • Limit users who have: – SSH access to your MariaDB server. – Sudo privileges on your MariaDB server. • Set the secure_file_priv option to ensure that users with the FILE privilege cannot write or read MariaDB data or important system files. • Do not run MariaDB process (mysqld) as root • Avoid wide hostname wildcards (“%”), use specific host names / IP addresses Excessive Trust
Threats Defense • Do not use the MariaDB “root” user for application access. • Grant only the privileges required by your application. • Minimize the privileges granted to the MariaDB user accounts used by your applications – Don’t grant CREATE or DROP privileges. – Don’t grant the FILE privilege. – Don’t grant the SUPER privilege. – Don’t grant access to the mysql database Excessive Trust Disgruntled employees Mistakes and human error
MariaDB Security Gets Stronger All the Time MariaDB User Community Quickly identifies new threats Creates solutions Reports vulnerabilities Contributes features
Thank You

Recommandé

Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesMariaDB plc
 
Big Data Analytics with MariaDB ColumnStore
Big Data Analytics with MariaDB ColumnStoreBig Data Analytics with MariaDB ColumnStore
Big Data Analytics with MariaDB ColumnStoreMariaDB plc
 
BigData Security - A Point of View
BigData Security - A Point of ViewBigData Security - A Point of View
BigData Security - A Point of ViewKaran Alang
 
How to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScaleHow to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScaleMariaDB plc
 
Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesMariaDB plc
 
Database Security Threats — MariaDB Security Best Practices
Database Security Threats — MariaDB Security Best PracticesDatabase Security Threats — MariaDB Security Best Practices
Database Security Threats — MariaDB Security Best PracticesMariaDB plc
 
Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesMariaDB plc
 
AWS Summit Nordics - Security Keynote
AWS Summit Nordics - Security KeynoteAWS Summit Nordics - Security Keynote
AWS Summit Nordics - Security KeynoteAmazon Web Services
 

Recommandé

Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesMariaDB plc
 
Big Data Analytics with MariaDB ColumnStore
Big Data Analytics with MariaDB ColumnStoreBig Data Analytics with MariaDB ColumnStore
Big Data Analytics with MariaDB ColumnStoreMariaDB plc
 
BigData Security - A Point of View
BigData Security - A Point of ViewBigData Security - A Point of View
BigData Security - A Point of ViewKaran Alang
 
How to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScaleHow to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScaleMariaDB plc
 
Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesMariaDB plc
 
Database Security Threats — MariaDB Security Best Practices
Database Security Threats — MariaDB Security Best PracticesDatabase Security Threats — MariaDB Security Best Practices
Database Security Threats — MariaDB Security Best PracticesMariaDB plc
 
Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesMariaDB plc
 
AWS Summit Nordics - Security Keynote
AWS Summit Nordics - Security KeynoteAWS Summit Nordics - Security Keynote
AWS Summit Nordics - Security KeynoteAmazon Web Services
 
AWS Summit Benelux 2013 - AWS Cloud Security Keynote
AWS Summit Benelux 2013 - AWS Cloud Security KeynoteAWS Summit Benelux 2013 - AWS Cloud Security Keynote
AWS Summit Benelux 2013 - AWS Cloud Security KeynoteAmazon Web Services
 
When Open Source Meets the Enterprise
When Open Source Meets the EnterpriseWhen Open Source Meets the Enterprise
When Open Source Meets the EnterpriseMariaDB plc
 
How to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScaleHow to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScaleMariaDB plc
 
Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...
Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...
Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...DataStax
 
ProtectWise Revolutionizes Enterprise Network Security in the Cloud with Data...
ProtectWise Revolutionizes Enterprise Network Security in the Cloud with Data...ProtectWise Revolutionizes Enterprise Network Security in the Cloud with Data...
ProtectWise Revolutionizes Enterprise Network Security in the Cloud with Data...DataStax Academy
 
Comprehensive Security for the Enterprise II: Guarding the Perimeter and Cont...
Comprehensive Security for the Enterprise II: Guarding the Perimeter and Cont...Comprehensive Security for the Enterprise II: Guarding the Perimeter and Cont...
Comprehensive Security for the Enterprise II: Guarding the Perimeter and Cont...Cloudera, Inc.
 
Basic security and Barracuda VRS
Basic security and Barracuda VRSBasic security and Barracuda VRS
Basic security and Barracuda VRSAravindan A
 
Barracuda_Spam_Firewall_profile-
Barracuda_Spam_Firewall_profile-Barracuda_Spam_Firewall_profile-
Barracuda_Spam_Firewall_profile-Iqra Hameed
 
Office 365 Best Practices That You Are Not Thinking About
Office 365 Best Practices That You Are Not Thinking AboutOffice 365 Best Practices That You Are Not Thinking About
Office 365 Best Practices That You Are Not Thinking AboutQuest
 
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...RightScale
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt Devyani Vaidya
 
Securing data and preventing data breaches
Securing data and preventing data breachesSecuring data and preventing data breaches
Securing data and preventing data breachesMariaDB plc
 
Slashing Your Cloud Risk: 3 Must-Do's
Slashing Your Cloud Risk: 3 Must-Do'sSlashing Your Cloud Risk: 3 Must-Do's
Slashing Your Cloud Risk: 3 Must-Do'sSecurity Innovation
 
AWS Summit Auckland - Running your Enterprise Windows Workload on AWS
AWS Summit Auckland - Running your Enterprise Windows Workload on AWSAWS Summit Auckland - Running your Enterprise Windows Workload on AWS
AWS Summit Auckland - Running your Enterprise Windows Workload on AWSAmazon Web Services
 
8 cloud design patterns you ought to know - Update Conference 2018
8 cloud design patterns you ought to know - Update Conference 20188 cloud design patterns you ought to know - Update Conference 2018
8 cloud design patterns you ought to know - Update Conference 2018Taswar Bhatti
 
Hadoop Security, Cloudera - Todd Lipcon and Aaron Myers - Hadoop World 2010
Hadoop Security, Cloudera - Todd Lipcon and Aaron Myers - Hadoop World 2010Hadoop Security, Cloudera - Todd Lipcon and Aaron Myers - Hadoop World 2010
Hadoop Security, Cloudera - Todd Lipcon and Aaron Myers - Hadoop World 2010Cloudera, Inc.
 
Hadoop Security Features That make your risk officer happy
Hadoop Security Features That make your risk officer happyHadoop Security Features That make your risk officer happy
Hadoop Security Features That make your risk officer happyDataWorks Summit
 
Azure SQL DB V12 at your service by Pieter Vanhove
Azure SQL DB V12 at your service by Pieter VanhoveAzure SQL DB V12 at your service by Pieter Vanhove
Azure SQL DB V12 at your service by Pieter VanhoveITProceed
 
Open Source Security Tools for Big Data
Open Source Security Tools for Big DataOpen Source Security Tools for Big Data
Open Source Security Tools for Big DataRommel Garcia
 
Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesMariaDB plc
 
Securing data and preventing data breaches
Securing data and preventing data breachesSecuring data and preventing data breaches
Securing data and preventing data breachesMariaDB plc
 
Securing data and preventing data breaches
Securing data and preventing data breachesSecuring data and preventing data breaches
Securing data and preventing data breachesMariaDB plc
 

Contenu connexe

Tendances

AWS Summit Benelux 2013 - AWS Cloud Security Keynote
AWS Summit Benelux 2013 - AWS Cloud Security KeynoteAWS Summit Benelux 2013 - AWS Cloud Security Keynote
AWS Summit Benelux 2013 - AWS Cloud Security KeynoteAmazon Web Services
 
When Open Source Meets the Enterprise
When Open Source Meets the EnterpriseWhen Open Source Meets the Enterprise
When Open Source Meets the EnterpriseMariaDB plc
 
How to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScaleHow to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScaleMariaDB plc
 
Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...
Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...
Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...DataStax
 
ProtectWise Revolutionizes Enterprise Network Security in the Cloud with Data...
ProtectWise Revolutionizes Enterprise Network Security in the Cloud with Data...ProtectWise Revolutionizes Enterprise Network Security in the Cloud with Data...
ProtectWise Revolutionizes Enterprise Network Security in the Cloud with Data...DataStax Academy
 
Comprehensive Security for the Enterprise II: Guarding the Perimeter and Cont...
Comprehensive Security for the Enterprise II: Guarding the Perimeter and Cont...Comprehensive Security for the Enterprise II: Guarding the Perimeter and Cont...
Comprehensive Security for the Enterprise II: Guarding the Perimeter and Cont...Cloudera, Inc.
 
Basic security and Barracuda VRS
Basic security and Barracuda VRSBasic security and Barracuda VRS
Basic security and Barracuda VRSAravindan A
 
Barracuda_Spam_Firewall_profile-
Barracuda_Spam_Firewall_profile-Barracuda_Spam_Firewall_profile-
Barracuda_Spam_Firewall_profile-Iqra Hameed
 
Office 365 Best Practices That You Are Not Thinking About
Office 365 Best Practices That You Are Not Thinking AboutOffice 365 Best Practices That You Are Not Thinking About
Office 365 Best Practices That You Are Not Thinking AboutQuest
 
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...RightScale
 
Securing data and preventing data breaches
Securing data and preventing data breachesSecuring data and preventing data breaches
Securing data and preventing data breachesMariaDB plc
 
Slashing Your Cloud Risk: 3 Must-Do's
Slashing Your Cloud Risk: 3 Must-Do'sSlashing Your Cloud Risk: 3 Must-Do's
Slashing Your Cloud Risk: 3 Must-Do'sSecurity Innovation
 
AWS Summit Auckland - Running your Enterprise Windows Workload on AWS
AWS Summit Auckland - Running your Enterprise Windows Workload on AWSAWS Summit Auckland - Running your Enterprise Windows Workload on AWS
AWS Summit Auckland - Running your Enterprise Windows Workload on AWSAmazon Web Services
 
8 cloud design patterns you ought to know - Update Conference 2018
8 cloud design patterns you ought to know - Update Conference 20188 cloud design patterns you ought to know - Update Conference 2018
8 cloud design patterns you ought to know - Update Conference 2018Taswar Bhatti
 
Hadoop Security, Cloudera - Todd Lipcon and Aaron Myers - Hadoop World 2010
Hadoop Security, Cloudera - Todd Lipcon and Aaron Myers - Hadoop World 2010Hadoop Security, Cloudera - Todd Lipcon and Aaron Myers - Hadoop World 2010
Hadoop Security, Cloudera - Todd Lipcon and Aaron Myers - Hadoop World 2010Cloudera, Inc.
 
Hadoop Security Features That make your risk officer happy
Hadoop Security Features That make your risk officer happyHadoop Security Features That make your risk officer happy
Hadoop Security Features That make your risk officer happyDataWorks Summit
 
Azure SQL DB V12 at your service by Pieter Vanhove
Azure SQL DB V12 at your service by Pieter VanhoveAzure SQL DB V12 at your service by Pieter Vanhove
Azure SQL DB V12 at your service by Pieter VanhoveITProceed
 
Open Source Security Tools for Big Data
Open Source Security Tools for Big DataOpen Source Security Tools for Big Data
Open Source Security Tools for Big DataRommel Garcia
 

Tendances (19)

AWS Summit Benelux 2013 - AWS Cloud Security Keynote
AWS Summit Benelux 2013 - AWS Cloud Security KeynoteAWS Summit Benelux 2013 - AWS Cloud Security Keynote
AWS Summit Benelux 2013 - AWS Cloud Security Keynote
 
When Open Source Meets the Enterprise
When Open Source Meets the EnterpriseWhen Open Source Meets the Enterprise
When Open Source Meets the Enterprise
 
How to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScaleHow to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScale
 
Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...
Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...
Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...
 
ProtectWise Revolutionizes Enterprise Network Security in the Cloud with Data...
ProtectWise Revolutionizes Enterprise Network Security in the Cloud with Data...ProtectWise Revolutionizes Enterprise Network Security in the Cloud with Data...
ProtectWise Revolutionizes Enterprise Network Security in the Cloud with Data...
 
Comprehensive Security for the Enterprise II: Guarding the Perimeter and Cont...
Comprehensive Security for the Enterprise II: Guarding the Perimeter and Cont...Comprehensive Security for the Enterprise II: Guarding the Perimeter and Cont...
Comprehensive Security for the Enterprise II: Guarding the Perimeter and Cont...
 
Basic security and Barracuda VRS
Basic security and Barracuda VRSBasic security and Barracuda VRS
Basic security and Barracuda VRS
 
Barracuda_Spam_Firewall_profile-
Barracuda_Spam_Firewall_profile-Barracuda_Spam_Firewall_profile-
Barracuda_Spam_Firewall_profile-
 
Office 365 Best Practices That You Are Not Thinking About
Office 365 Best Practices That You Are Not Thinking AboutOffice 365 Best Practices That You Are Not Thinking About
Office 365 Best Practices That You Are Not Thinking About
 
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt
 
Securing data and preventing data breaches
Securing data and preventing data breachesSecuring data and preventing data breaches
Securing data and preventing data breaches
 
Slashing Your Cloud Risk: 3 Must-Do's
Slashing Your Cloud Risk: 3 Must-Do'sSlashing Your Cloud Risk: 3 Must-Do's
Slashing Your Cloud Risk: 3 Must-Do's
 
AWS Summit Auckland - Running your Enterprise Windows Workload on AWS
AWS Summit Auckland - Running your Enterprise Windows Workload on AWSAWS Summit Auckland - Running your Enterprise Windows Workload on AWS
AWS Summit Auckland - Running your Enterprise Windows Workload on AWS
 
8 cloud design patterns you ought to know - Update Conference 2018
8 cloud design patterns you ought to know - Update Conference 20188 cloud design patterns you ought to know - Update Conference 2018
8 cloud design patterns you ought to know - Update Conference 2018
 
Hadoop Security, Cloudera - Todd Lipcon and Aaron Myers - Hadoop World 2010
Hadoop Security, Cloudera - Todd Lipcon and Aaron Myers - Hadoop World 2010Hadoop Security, Cloudera - Todd Lipcon and Aaron Myers - Hadoop World 2010
Hadoop Security, Cloudera - Todd Lipcon and Aaron Myers - Hadoop World 2010
 
Hadoop Security Features That make your risk officer happy
Hadoop Security Features That make your risk officer happyHadoop Security Features That make your risk officer happy
Hadoop Security Features That make your risk officer happy
 
Azure SQL DB V12 at your service by Pieter Vanhove
Azure SQL DB V12 at your service by Pieter VanhoveAzure SQL DB V12 at your service by Pieter Vanhove
Azure SQL DB V12 at your service by Pieter Vanhove
 
Open Source Security Tools for Big Data
Open Source Security Tools for Big DataOpen Source Security Tools for Big Data
Open Source Security Tools for Big Data
 

Similaire à Using MariaDB TX and MaxScale to meet GDPR - #OPEN18

Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesMariaDB plc
 
Securing data and preventing data breaches
Securing data and preventing data breachesSecuring data and preventing data breaches
Securing data and preventing data breachesMariaDB plc
 
Securing data and preventing data breaches
Securing data and preventing data breachesSecuring data and preventing data breaches
Securing data and preventing data breachesMariaDB plc
 
MongoDB Days UK: Securing Your Deployment with MongoDB Enterprise
MongoDB Days UK: Securing Your Deployment with MongoDB EnterpriseMongoDB Days UK: Securing Your Deployment with MongoDB Enterprise
MongoDB Days UK: Securing Your Deployment with MongoDB EnterpriseMongoDB
 
Securing Your Deployment with MongoDB Enterprise
Securing Your Deployment with MongoDB EnterpriseSecuring Your Deployment with MongoDB Enterprise
Securing Your Deployment with MongoDB EnterpriseMongoDB
 
Webinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDBWebinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDBMongoDB
 
Deep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceDeep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceAmazon Web Services
 
MariaDB MaxScale
MariaDB MaxScaleMariaDB MaxScale
MariaDB MaxScaleMariaDB plc
 
Deep Dive on Amazon Relational Database Service (November 2016)
Deep Dive on Amazon Relational Database Service (November 2016)Deep Dive on Amazon Relational Database Service (November 2016)
Deep Dive on Amazon Relational Database Service (November 2016)Julien SIMON
 
Row Level Security in databases advanced edition
Row Level Security in databases advanced editionRow Level Security in databases advanced edition
Row Level Security in databases advanced editionAlexander Tokarev
 
Information Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric VanderburgInformation Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric VanderburgEric Vanderburg
 
MongoDB World 2018: Enterprise Security in the Cloud
MongoDB World 2018: Enterprise Security in the CloudMongoDB World 2018: Enterprise Security in the Cloud
MongoDB World 2018: Enterprise Security in the CloudMongoDB
 
MongoDB World 2018: Enterprise Cloud Security
MongoDB World 2018: Enterprise Cloud SecurityMongoDB World 2018: Enterprise Cloud Security
MongoDB World 2018: Enterprise Cloud SecurityMongoDB
 
Webinar: Compliance and Data Protection in the Big Data Age: MongoDB Security...
Webinar: Compliance and Data Protection in the Big Data Age: MongoDB Security...Webinar: Compliance and Data Protection in the Big Data Age: MongoDB Security...
Webinar: Compliance and Data Protection in the Big Data Age: MongoDB Security...MongoDB
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB DeploymentMongoDB
 
Deep Dive RDS & Aurora - Pop-up Loft TLV 2017
Deep Dive RDS & Aurora - Pop-up Loft TLV 2017Deep Dive RDS & Aurora - Pop-up Loft TLV 2017
Deep Dive RDS & Aurora - Pop-up Loft TLV 2017Amazon Web Services
 
Deep Dive: Amazon Relational Database Service (March 2017)
Deep Dive: Amazon Relational Database Service (March 2017)Deep Dive: Amazon Relational Database Service (March 2017)
Deep Dive: Amazon Relational Database Service (March 2017)Julien SIMON
 
Introduction to Amazon Relational Database Service
Introduction to Amazon Relational Database ServiceIntroduction to Amazon Relational Database Service
Introduction to Amazon Relational Database ServiceAmazon Web Services
 
Introduction to Amazon Relational Database Service
Introduction to Amazon Relational Database ServiceIntroduction to Amazon Relational Database Service
Introduction to Amazon Relational Database ServiceAmazon Web Services
 
State of the Union: Database & Analytics
State of the Union: Database & AnalyticsState of the Union: Database & Analytics
State of the Union: Database & AnalyticsAmazon Web Services
 

Similaire à Using MariaDB TX and MaxScale to meet GDPR - #OPEN18 (20)

Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best Practices
 
Securing data and preventing data breaches
Securing data and preventing data breachesSecuring data and preventing data breaches
Securing data and preventing data breaches
 
Securing data and preventing data breaches
Securing data and preventing data breachesSecuring data and preventing data breaches
Securing data and preventing data breaches
 
MongoDB Days UK: Securing Your Deployment with MongoDB Enterprise
MongoDB Days UK: Securing Your Deployment with MongoDB EnterpriseMongoDB Days UK: Securing Your Deployment with MongoDB Enterprise
MongoDB Days UK: Securing Your Deployment with MongoDB Enterprise
 
Securing Your Deployment with MongoDB Enterprise
Securing Your Deployment with MongoDB EnterpriseSecuring Your Deployment with MongoDB Enterprise
Securing Your Deployment with MongoDB Enterprise
 
Webinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDBWebinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDB
 
Deep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceDeep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database Service
 
MariaDB MaxScale
MariaDB MaxScaleMariaDB MaxScale
MariaDB MaxScale
 
Deep Dive on Amazon Relational Database Service (November 2016)
Deep Dive on Amazon Relational Database Service (November 2016)Deep Dive on Amazon Relational Database Service (November 2016)
Deep Dive on Amazon Relational Database Service (November 2016)
 
Row Level Security in databases advanced edition
Row Level Security in databases advanced editionRow Level Security in databases advanced edition
Row Level Security in databases advanced edition
 
Information Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric VanderburgInformation Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric Vanderburg
 
MongoDB World 2018: Enterprise Security in the Cloud
MongoDB World 2018: Enterprise Security in the CloudMongoDB World 2018: Enterprise Security in the Cloud
MongoDB World 2018: Enterprise Security in the Cloud
 
MongoDB World 2018: Enterprise Cloud Security
MongoDB World 2018: Enterprise Cloud SecurityMongoDB World 2018: Enterprise Cloud Security
MongoDB World 2018: Enterprise Cloud Security
 
Webinar: Compliance and Data Protection in the Big Data Age: MongoDB Security...
Webinar: Compliance and Data Protection in the Big Data Age: MongoDB Security...Webinar: Compliance and Data Protection in the Big Data Age: MongoDB Security...
Webinar: Compliance and Data Protection in the Big Data Age: MongoDB Security...
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB Deployment
 
Deep Dive RDS & Aurora - Pop-up Loft TLV 2017
Deep Dive RDS & Aurora - Pop-up Loft TLV 2017Deep Dive RDS & Aurora - Pop-up Loft TLV 2017
Deep Dive RDS & Aurora - Pop-up Loft TLV 2017
 
Deep Dive: Amazon Relational Database Service (March 2017)
Deep Dive: Amazon Relational Database Service (March 2017)Deep Dive: Amazon Relational Database Service (March 2017)
Deep Dive: Amazon Relational Database Service (March 2017)
 
Introduction to Amazon Relational Database Service
Introduction to Amazon Relational Database ServiceIntroduction to Amazon Relational Database Service
Introduction to Amazon Relational Database Service
 
Introduction to Amazon Relational Database Service
Introduction to Amazon Relational Database ServiceIntroduction to Amazon Relational Database Service
Introduction to Amazon Relational Database Service
 
State of the Union: Database & Analytics
State of the Union: Database & AnalyticsState of the Union: Database & Analytics
State of the Union: Database & Analytics
 

Plus de Kangaroot

So you think you know SUSE?
So you think you know SUSE?So you think you know SUSE?
So you think you know SUSE?Kangaroot
 
Live demo: Protect your Data
Live demo: Protect your DataLive demo: Protect your Data
Live demo: Protect your DataKangaroot
 
RootStack - Devfactory
RootStack - DevfactoryRootStack - Devfactory
RootStack - DevfactoryKangaroot
 
Welcome at OPEN'22
Welcome at OPEN'22Welcome at OPEN'22
Welcome at OPEN'22Kangaroot
 
EDB Postgres in Public Sector
EDB Postgres in Public SectorEDB Postgres in Public Sector
EDB Postgres in Public SectorKangaroot
 
Deploying NGINX in Cloud Native Kubernetes
Deploying NGINX in Cloud Native KubernetesDeploying NGINX in Cloud Native Kubernetes
Deploying NGINX in Cloud Native KubernetesKangaroot
 
Cloud demystified, what remains after the fog has lifted.
Cloud demystified, what remains after the fog has lifted. Cloud demystified, what remains after the fog has lifted.
Cloud demystified, what remains after the fog has lifted. Kangaroot
 
Zimbra at Kangaroot / OPEN{virtual}
Zimbra at Kangaroot / OPEN{virtual}Zimbra at Kangaroot / OPEN{virtual}
Zimbra at Kangaroot / OPEN{virtual}Kangaroot
 
NGINX Controller: faster deployments, fewer headaches
NGINX Controller: faster deployments, fewer headachesNGINX Controller: faster deployments, fewer headaches
NGINX Controller: faster deployments, fewer headachesKangaroot
 
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQLKangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQLKangaroot
 
Do you want to start with OpenShift but don’t have the manpower, knowledge, e...
Do you want to start with OpenShift but don’t have the manpower, knowledge, e...Do you want to start with OpenShift but don’t have the manpower, knowledge, e...
Do you want to start with OpenShift but don’t have the manpower, knowledge, e...Kangaroot
 
Red Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShiftRed Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShiftKangaroot
 
There is no such thing as “Vanilla Kubernetes”
There is no such thing as “Vanilla Kubernetes”There is no such thing as “Vanilla Kubernetes”
There is no such thing as “Vanilla Kubernetes”Kangaroot
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Kangaroot
 
Hashicorp Vault - OPEN Public Sector
Hashicorp Vault - OPEN Public SectorHashicorp Vault - OPEN Public Sector
Hashicorp Vault - OPEN Public SectorKangaroot
 
Kangaroot - Bechtle kadercontracten
Kangaroot - Bechtle kadercontractenKangaroot - Bechtle kadercontracten
Kangaroot - Bechtle kadercontractenKangaroot
 
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8Kangaroot
 
Kangaroot open shift best practices - straight from the battlefield
Kangaroot open shift best practices - straight from the battlefieldKangaroot open shift best practices - straight from the battlefield
Kangaroot open shift best practices - straight from the battlefieldKangaroot
 
Kubecontrol - managed Kubernetes by Kangaroot
Kubecontrol - managed Kubernetes by KangarootKubecontrol - managed Kubernetes by Kangaroot
Kubecontrol - managed Kubernetes by KangarootKangaroot
 
OpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platformOpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platformKangaroot
 

Plus de Kangaroot (20)

So you think you know SUSE?
So you think you know SUSE?So you think you know SUSE?
So you think you know SUSE?
 
Live demo: Protect your Data
Live demo: Protect your DataLive demo: Protect your Data
Live demo: Protect your Data
 
RootStack - Devfactory
RootStack - DevfactoryRootStack - Devfactory
RootStack - Devfactory
 
Welcome at OPEN'22
Welcome at OPEN'22Welcome at OPEN'22
Welcome at OPEN'22
 
EDB Postgres in Public Sector
EDB Postgres in Public SectorEDB Postgres in Public Sector
EDB Postgres in Public Sector
 
Deploying NGINX in Cloud Native Kubernetes
Deploying NGINX in Cloud Native KubernetesDeploying NGINX in Cloud Native Kubernetes
Deploying NGINX in Cloud Native Kubernetes
 
Cloud demystified, what remains after the fog has lifted.
Cloud demystified, what remains after the fog has lifted. Cloud demystified, what remains after the fog has lifted.
Cloud demystified, what remains after the fog has lifted.
 
Zimbra at Kangaroot / OPEN{virtual}
Zimbra at Kangaroot / OPEN{virtual}Zimbra at Kangaroot / OPEN{virtual}
Zimbra at Kangaroot / OPEN{virtual}
 
NGINX Controller: faster deployments, fewer headaches
NGINX Controller: faster deployments, fewer headachesNGINX Controller: faster deployments, fewer headaches
NGINX Controller: faster deployments, fewer headaches
 
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQLKangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
 
Do you want to start with OpenShift but don’t have the manpower, knowledge, e...
Do you want to start with OpenShift but don’t have the manpower, knowledge, e...Do you want to start with OpenShift but don’t have the manpower, knowledge, e...
Do you want to start with OpenShift but don’t have the manpower, knowledge, e...
 
Red Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShiftRed Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShift
 
There is no such thing as “Vanilla Kubernetes”
There is no such thing as “Vanilla Kubernetes”There is no such thing as “Vanilla Kubernetes”
There is no such thing as “Vanilla Kubernetes”
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
 
Hashicorp Vault - OPEN Public Sector
Hashicorp Vault - OPEN Public SectorHashicorp Vault - OPEN Public Sector
Hashicorp Vault - OPEN Public Sector
 
Kangaroot - Bechtle kadercontracten
Kangaroot - Bechtle kadercontractenKangaroot - Bechtle kadercontracten
Kangaroot - Bechtle kadercontracten
 
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8
 
Kangaroot open shift best practices - straight from the battlefield
Kangaroot open shift best practices - straight from the battlefieldKangaroot open shift best practices - straight from the battlefield
Kangaroot open shift best practices - straight from the battlefield
 
Kubecontrol - managed Kubernetes by Kangaroot
Kubecontrol - managed Kubernetes by KangarootKubecontrol - managed Kubernetes by Kangaroot
Kubecontrol - managed Kubernetes by Kangaroot
 
OpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platformOpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platform
 

Dernier

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 

Dernier (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

Using MariaDB TX and MaxScale to meet GDPR - #OPEN18

  • 1. Securing Production Deployments Maria Luisa Raviol Senior Sales Engineer- MariaDB
  • 2. “The majority of the HTTP attacks were made to PHPMyadmin, a popular MySQL and MariaDB remote management system. Many web content management systems, not to mention WordPress, rely on these these databases. Vulnerable WordPress plugins were also frequently attacked. Mind you, this was on a system that even in honeypot mode hadn't emitted a single packet towards the outside world.” ZDNet - Jan 23rd 2018
  • 4. GDPR • It is the harmonization of: – Processes • Process flows • Prevention and reaction procedures – Technological solutions • Encryption • Preudonymisation • Anonymisation • Data Accessibility • Auditing – Compliance • Keep the pace with the regulation
  • 5. GDPR – The Requirements • Data is protected • Risk protection and prevention • The harmonisation of processes and technology European companies and/or companies located outside EU that handle the data of EU citizens must guarantee:
  • 6. GDPR – The Processess • Companies need to have deep knowledge their Data Supply Chain • All the W questions need to have an answer • A top-down approach is usually recommended The 5 Ws… …plus one
  • 7. GDPR – The Technology GDPR says that: • It is mandatory to “implement appropriate technical and organisational measures, to ensure a level of security appropriate to the risk including inter alia, as appropriate: the pseudonymisation and encryption of personal data ...” The right technology will help businesses meet the requirements of GDPR both now and in the future Reference: GDPR Art 32
  • 8. GDPR – The Technology Must prevent: • Unauthorised access to the database • Unauthorised access to all the other database related files (log files, configuration files, passwords…) • Data integrity breach • Untrusted access to the database from the Clients The right technology will help businesses meet the requirements of GDPR both now and in the future
  • 9. GDPR – The Tecnology How to protect the database: • Firewalling • Autentication • Data in motion encryption • Tablespace encryption • Data at rest encryption • Backup encryption • Auditing The right technology will help businesses meet the requirements of GDPR both now and in the future
  • 10. GDPR – MariaDB Enterprise Security • Detect and prevent attacks – Access management – Denial of service – SQL Injections • Protect data at rest with encryption – Tablespaces, Individual tables, logs • TSL/SSL Encryption – Protects data in motion • Auditing for Security and Compliance • MaxScale database firewall features • MaxScale selective data masking
  • 11. MariaDB TX - Security MaxScale Client - MaxScale MaxScale - MariaDB Client - MariaDB MariaDB - MariaDB
  • 13. MariaDB TX – Firewalling and Data Masking MaxScale Client - MaxScale MaxScale - MariaDB Client - MariaDB MariaDB - MariaDB
  • 14. MariaDB MaxScale Concept DATABASE SERVERS MASTER SLAVES Binlog Cache Insulates client applications from the complexities of backend database cluster Simplify replication from database to other databases CLIENT PROTOCOL SUPPORT AUTHENTICATION PARSING DATABASE MONITORING LOAD BALANCING & ROUTING QUERY TRANSFORMATION & LOGGING Flexible, easy to write plug-ins for Generic Core MULTI-THREADED E-POLL BASED STATELESS SHARES THE THREAD POOL
  • 15. MaxScale Firewalling – The Details • A filter installed into the request processing chain. • Rules define what constitutes a match: – wildcard, columns, function, regex, no where clause – when to apply – what users are affected – what statements are affected • The filter mode defines what to do with a match: – allow => whitelist – block => blacklist • limit_queries rule sensible only with blacklisting – match if more than N queries are made within a time period MaxScale Filter Router Database Servers
  • 16. MaxScale Filtering Rules Database Firewall Filter Allow/Block queries that MATCH A SET OF RULES MATCH RULES FOR SPECIFIED USERS MATCH ON • date/time • a WHERE clause • query type • column match • a wildcard or regular expression or function name Protect against SQL injection Prevent unauthorized data access Prevent data damage QUERY FAILED: 1141 ERROR: Required WHERE/HAVING clause is missing rule safe_select deny no_where_clause on_queries select rule safe_cust_select deny regex '.*from.*customers.*' user %app-user@% match all rules safe_cust_select safe_select DATABASE FIREWALL FILTER SELECT * FROM CUSTOMERS; MaxScale Database Servers 1 2 3
  • 17. MaxScale Filtering: SQL Injections • What is a SQL Injection? • A kind of web application attack, where user- supplied input comes from: URL – www.app.com?id=1 Forms – email=a@app.com Other elements – e.g., cookies, HTTP headers and is manipulated so that a vulnerable application executes SQL commands injected by attacker.
  • 18. Who Can Be Affected by a SQL Injection? • An Example: • Applications vulnerable to SQL injection: – Incorrect type handling – Incorrectly filtered escape characters – Blind SQL injection – Second order SQL injection SELECT * from customer WHERE id = ? User supplied value for id = 5, injected value is string ‘5 OR 1=1’ SELECT * from customer WHERE id = 5 OR 1=1 This will result in application getting access to entire customer table instead of just the specific customer http://www.unixwiz.net/techtips/sql-injection.html
  • 19. SQL Injection according to xkcd Exploits of a Mom : https://xkcd.com/327/
  • 20. MaxScale Security – DDoS Protection DDoS Protection MAXIMUM ROWS FILTER • Return zero rows to client if number of rows in result set exceeds configured max limit • Return zero rows to client if the size of result set exceeds configured max size in KB Max Rows Limit = 500 NumRows Returned > MaxRows Limit QUERY FAILED: 1141 ERROR: No rows returned 51 QUERY 4 MaxRowsLimit FILTER Clients NumRows returned = 100032 Database Servers QUERY
  • 21. MaxScale Security – DDoS Protection • Persistent connections to backend. – When server connections are logically closed, keep them in pool for reuse. • Client connection limitation. – Specify the maximum number of connections for a particular service. maxscale.cnf[SomeServer] ... maxpersistpoolmax=30 [SomeService] ... max_connections=100 maxscale.cnf Max Client Connections per Service Connection pool of configurable size Variable number of connections Client Client Client Client
  • 22. MaxScale Security – DDoS Protection • Cap the amount that can be returned. – By rows or by size or both – Data will be returned to MaxScale, but MaxScale will not necessarily forward to client. • Limit rate of queries using the firewall. MaxRows Filter Max Rows Limit = 500 NumRows returned = 1000 Query failed: 1141 Error: No rows returned Client Client Client Client firewall.txtrule prevent_overload deny limit_queries 15 5 10 [LimitSize] type=filter module=maxrows max_resultset_rows=500 maxscale.cnf If more than 15 queries are received in 5 seconds, block all queries for 10 seconds.
  • 23. Security: Data Redaction SELECT Name, creditcardNum, balance FROM customerTbl WHERE id=1001 Name creditcardNum balance --------------------------------------- John Smith xxxxxxxxxx 1201.07 Database Servers Client Data Redaction via Data Masking Masking based on column name • DATABASE NAME, TABLE NAME CLASSIFIER MAY BE PROVIDED – commerceDb.customerTbl.creditcardNum – customerTbl.creditcardNum – credicardNum • COLUMN CAN BE – Fully or partially masked – Obfuscated HIPPA, PCI and GDPR needs
  • 24. MariaDB TX Data in Motion Encryption
  • 25. MariaDB TX – Data in Motion Encryption MaxScale Client - MaxScale MaxScale - MariaDB Client - MariaDB MariaDB - MariaDB
  • 26. Client-MaxScale-MariaDB Encryption Secured Connection SSL between Clients and MaxScale SSL between MaxScale and MariaDB server Secured user access LDAP/GSSAPI for secured single sign-on across OS platforms(windows, linux), applications and databases Client Client Client Client SSL SSL SSL SSL SSL
  • 27. Client-MariaDB and MariaDB-MariaDB Encryption Secured user access LDAP/GSSAPI for secured single sign-on across OS platforms(windows, linux), applications and databases Client Client SSL SSL Database Servers SSL Secured Connection SSL between Clients and MariaDB SSL between MariaDB Master and Slaves
  • 28. MariaDB TX Data at Rest Encryption
  • 29. MariaDB TX – Data at Rest Encryption MaxScale Client - MaxScale MaxScale - MariaDB Client - MariaDB MariaDB - MariaDB
  • 30. Data-at-rest Encryption • Encrypting: – Tables or tablespaces – Aria Tables – InnoDB Log files – Binary/relay Logs – Temporary files • Independent of encryption capabilities of applications • Based on encryption keys, key ids, key rotation and key versioning • Low performance overhead • Transparent to applications
  • 31. Key Management Services • Encryption plugin API offers choice – Plugin to implement the data encryption – Manage encryption Keys • MariaDB Server options – Simple Key Management included – Amazon AWS KMS Plugin included – Eperi KMS for on premise key management – optional
  • 33. MariaDB TX – Authentication Plugins MaxScale Client - MaxScale MaxScale - MariaDB Client - MariaDB MariaDB - MariaDB
  • 34. MariaDB comes with two password validation plugins • simple_password_check plugin – Can enforce a minimum password length – guarantee that a password contains at least a specified number of upper and lowercase letters, digits, and punctuation characters • cracklib_password_check plugin – A widely used library – Stop users from choosing easy to guess passwords. It includes checks for not allowing passwords based on the username or a dictionary word etc. Password Validation
  • 35. • PAM-Authentication Plugin – allows using /etc/shadow and any PAM based Authentication like LDAP • Kerberos-Authentication – as a standardized network authentication protocol is provided GSSAPI based on UNIX and SSPI based on Windows External Authentication Single Sign On is getting mandatory in most Enterprises.
  • 36. MariaDB PAM Authentication GSS-API on Linux • Red Hat Directory Server • OpenLDAP SSPI on Windows • Active DirectoryKDC Client MariaDB 2 3 4 1 Ticket request Service ticket Here is my service ticket, authenticate me Client / server session
  • 37. MariaDB Role Based Access Control Database Tables MariaDB 10 Role: DBA Permissions: • Update Schema • View Statistics • Create Database
  • 39. MariaDB TX – Auditing MaxScale Client - MaxScale MaxScale - MariaDB Client - MariaDB MariaDB - MariaDB
  • 40. MariaDB Audit Plugin • Logs server activity – Who connected to the server – Source of connection – Queries executed – Tables touched • File based or syslog based logging • Monyog Audit log file filtering Auditing for Security and Compliance Connection Disconnect Connect Failed Connect Timestamp Host User SessionQuery DML + TCL DDL DCL Object Tables Database
  • 42. MariaDB TX – Per User Limit MaxScale Client - MaxScale MaxScale - MariaDB Client - MariaDB MariaDB - MariaDB
  • 43. New User Management Functions • MAX_*_PER_HOUR – Create_User can limit the number of queries, updates or connections per hour. • MAX_USER_ CONNECTIONS – limits the number of simultaneous connections • MAX_STATEMENT_TIME – any query (excluding stored procedures) taking longer than the value of max_statement_time (specified in seconds) to execute will be aborted. This can be set globally, by session, as well as per user and per query • SHOW CREATE USER – is useful way to see the command required to create a user for auditing or the creation of similar accounts.
  • 44. New User Management Functions • Examples: – CREATE USER foo2@test IDENTIFIED BY 'password'; CREATE USER 'foo4'@'test' REQUIRE ISSUER 'foo_issuer' SUBJECT 'foo_subject' CIPHER 'text' CREATE USER foo WITH MAX_QUERIES_PER_HOUR 10 MAX_UPDATES_PER_HOUR 20 MAX_CONNECTIONS_PER_HOUR 30 MAX_USER_CONNECTIONS 40;
  • 46. Threats Viruses Hacker attacks Software spoofing Defense • Do not allow TCP connections to MariaDB from the Internet at large. • Configure MariaDB to listen on a network interface that is only accessible from the host where your application runs. • Design your physical network to connect the app to MariaDB or MaxScale • Use bind-address to bind to a specific network interface • Use your OS’s firewall • Keep your OS patched The Internet
  • 47. Threats Denial of Service Attacks created by overloading application SQL query injection attacks Defense • Do not run your application on your MariaDB Server. • Do not install unnecessary packages on your MariaDB Server. • An overloaded application can use so much memory that MariaDB could slow or even be killed by the OS. This is an effective DDoS attack vector. • A compromised application or service can have many serious side effects – Discovery of MariaDB credentials – Direct access to data – Privilege escalation Applications
  • 48. Threats Disgruntled employees Mistakes and human error Defense • Limit users who have: – SSH access to your MariaDB server. – Sudo privileges on your MariaDB server. • Set the secure_file_priv option to ensure that users with the FILE privilege cannot write or read MariaDB data or important system files. • Do not run MariaDB process (mysqld) as root • Avoid wide hostname wildcards (“%”), use specific host names / IP addresses Excessive Trust
  • 49. Threats Defense • Do not use the MariaDB “root” user for application access. • Grant only the privileges required by your application. • Minimize the privileges granted to the MariaDB user accounts used by your applications – Don’t grant CREATE or DROP privileges. – Don’t grant the FILE privilege. – Don’t grant the SUPER privilege. – Don’t grant access to the mysql database Excessive Trust Disgruntled employees Mistakes and human error
  • 50. MariaDB Security Gets Stronger All the Time MariaDB User Community Quickly identifies new threats Creates solutions Reports vulnerabilities Contributes features