SlideShare a Scribd company logo

Enterprise-class security with PostgreSQL - 1

Download as PPTX, PDF
Ashnikbiz
Ashnikbiz

For businesses that handle personal data everyday, the security aspect of their database is of utmost importance. With an increasing number of hack attacks and frauds, organizations want their open source databases to be fully equipped with the top security features.

Technology
1 of 22
WEBINAR: Enterprise-class security with PostgreSQL
Ajit G. Principal Solution Architect, Ashnik Jayaraj S. Solution Architect, EnterpriseDB Nishchay K. Database Consultant, Ashnik
Webinar Covers • Understanding the criticality of the security aspect in database design and why Postgres is today’s default choice. • What security features does Postgres offer to help organizations achieve the Enterprise level security for their databases? • Demo: Data redaction and EDB* Wrap (How it secure the business data and logic inside the database)
“The average cost of a security breach has increased to $2.71 million per organization across ASEAN, with the time taken to identify and contain an attack rising to 287 days.” -- Channel News Asia, 20th Aug 2020 Business Impact • Financial Lost/ Revenue Lost. • Brand Value / Reputation. • Stock Prices. • Consumer Trust. • Customers Turn Over
Standards and Techniques • ISO, PCI DSS, GDPR, PII (Personal Identifiable Information, HIPAA, PHI) • AI and Machine Learning based technique using XDR • Multi Cloud adoptions • Zero Trust Authentication /Network • Focus on IT Security
RDBMS Security Techniques “AAA” Model • Authentication • Authorization • Accounting  Backup & Recovery  Encryption  Data Masking  Tokenization  Deleting and Ensure
7 Enterprise-class security with PostgreSQL
I will be covering • Security Model • Security Features in PostgreSQL • Security Features in EPAS • Best Practices • Demo
Security Model • Secure access is a two step process:  Authentication: Ensures a user he/she claims to be  Authorization: Ensures an authenticated user has access to only the data for which he/she has been granted the appropriate privileges
Authentication Methods • Password: Store password in scram-sha-256 & md5 • Certificate: It use SSL client certificates to perform authentication. • RADIUS: Use RADIUS server for authentication • LDAP: It use LDAP as the password verification method
Level of Security in PostgreSQL
Security Features in PostgreSQL • Row Level Security – Virtual Private Database • SSL support • Encryption  Password Encryption  Encryption For Specific Columns  Data Partition Encryption  Encrypting Data Across A Network • Data Masking • Audit  pgAudit – Extension
Security Features in EPAS • All Security features of PostgreSQL • Password Policy • Code Protection • SQL Protect • Encryption  DBMS_CRYPTO • Data Masking  Data Redaction • Audit  EDB Audit
Password Profile • Advanced Server allows a database superuser to create named profiles. Each profile defines rules for password management that augment password and md5 authentication. The rules in a profile can:  Count failed login attempts  Lock an account due to excessive failed login attempts  Mark a password for expiration  Define a grace period after a password expiration  Define rules for password complexity  Define rules that limit password re-use
Code Protection • The EDB*Wrap utility protects proprietary source code and programs (functions, stored procedures, triggers, and packages) from unauthorized scrutiny. • The EDB*Wrap program translates a file that contains SPL or PL/pgSQL source code (the plaintext) into a file that contains the same code in a form that is nearly impossible to read. • Once you have the obfuscated form of the code, you can send that code to EPAS and it will store those programs in obfuscated form. • edbwrap does not validate SQL source code - if the plaintext form contains a syntax error, edbwrap will not complain but EPAS will report an error and abort the entire file when you try to execute the obfuscated form.
SQL Protect • Guards against the various types of SQL injections.  Unauthorized Relations  Utility Commands  SQL Tautology  Unbounded DML Statements
Encryption • DBMS_CRYPTO package provides functions and procedures that allow you to encrypt or decrypt RAW, BLOB or CLOB data. • DBMS_CRYPTO functions to generate cryptographically strong random values. • ENCRYPT function or procedure uses a user-specified algorithm, key, and optional initialization vector to encrypt RAW, BLOB or CLOB data. • DECRYPT function or procedure decrypts data using a user-specified cipher algorithm, key and optional initialization vector. • HASH function uses a user-specified algorithm to return the hash value of a RAW or CLOB value.
Data Masking • Data Redaction limits sensitive data exposure by dynamically changing data as it is displayed for certain users. • Data redaction is implemented by defining a function for each field to which redaction is to be applied. The function returns the value that should be displayed to the users subject to the data redaction. • For example, bank account numbers as XXXXXX1235 • Supports DBMS_REDACT package
Auditing • Advanced Server allows database and security administrators, auditors, and operators to track and analyze database activities using the EDB Audit Logging functionality. • EDB Audit Logging generates audit log files, which contains all of the relevant information.  The audit logs can be configured to record information such as:  When a role establishes a connection to an Advanced Server database  What database objects a role creates, modifies, or deletes when connected to Advanced Server  When any failed authentication attempts occur • Audit parameters specified in the configuration files, postgresql.conf or postgresql.auto.conf, control the information included in the audit logs. • EDB Audit files/logs can be generate in CSV or XML format
Best Practices • Avoid to use default values  Change default port  Use non-default name for superuser. Can be specified during initdb  By default, each new database has connect privileges to public schema o Revoke connect on my_db from public; o Grant connect to my_db to my_app_user; • Control who can connect from where • Configure pg_hba.conf effectively • Avoid to use 0.0.0.0/0 • Avoid “trust” authentication • Allow DBAs to use their personal user_id (Ex. DBA Nishchay need to use user “nishchay”) • Application user should not have superuser privileges
Best Practices • Password policy should be implemented • Use connection timeout, logging of connection & disconnection with duration • Use Grant & Revoke appropriately to control the access • Sensitive data should be masked • Apply patch on Time
THANK YOU FOR ATTENDING THE WEBINAR

Recommended

Enterprise-class security with PostgreSQL - 2
Enterprise-class security with PostgreSQL - 2Enterprise-class security with PostgreSQL - 2
Enterprise-class security with PostgreSQL - 2
Ashnikbiz
 
Expanding with EDB Postgres Advanced Server 9.5
Expanding with EDB Postgres Advanced Server 9.5Expanding with EDB Postgres Advanced Server 9.5
Expanding with EDB Postgres Advanced Server 9.5
EDB
 
EDB Postgres Platform
EDB Postgres PlatformEDB Postgres Platform
EDB Postgres Platform
EDB
 
Be Proactive: A Good DBA Goes Looking for Signs of Trouble | IDERA
Be Proactive: A Good DBA Goes Looking for Signs of Trouble | IDERABe Proactive: A Good DBA Goes Looking for Signs of Trouble | IDERA
Be Proactive: A Good DBA Goes Looking for Signs of Trouble | IDERA
IDERA Software
 
Azure database services for PostgreSQL and MySQL
Azure database services for PostgreSQL and MySQLAzure database services for PostgreSQL and MySQL
Azure database services for PostgreSQL and MySQL
Amit Banerjee
 
Achieving HIPAA Compliance with Postgres Plus Cloud Database
Achieving HIPAA Compliance with Postgres Plus Cloud DatabaseAchieving HIPAA Compliance with Postgres Plus Cloud Database
Achieving HIPAA Compliance with Postgres Plus Cloud Database
EDB
 
Geek Sync | How to Be the DBA When You Don't Have a DBA - Eric Cobb | IDERA
Geek Sync | How to Be the DBA When You Don't Have a DBA - Eric Cobb | IDERAGeek Sync | How to Be the DBA When You Don't Have a DBA - Eric Cobb | IDERA
Geek Sync | How to Be the DBA When You Don't Have a DBA - Eric Cobb | IDERA
IDERA Software
 
Deploy, move and manage Postgres across cloud platforms
Deploy, move and manage Postgres across cloud platformsDeploy, move and manage Postgres across cloud platforms
Deploy, move and manage Postgres across cloud platforms
Ashnikbiz
 

Recommended

Enterprise-class security with PostgreSQL - 2
Enterprise-class security with PostgreSQL - 2Enterprise-class security with PostgreSQL - 2
Enterprise-class security with PostgreSQL - 2
Ashnikbiz
 
Expanding with EDB Postgres Advanced Server 9.5
Expanding with EDB Postgres Advanced Server 9.5Expanding with EDB Postgres Advanced Server 9.5
Expanding with EDB Postgres Advanced Server 9.5
EDB
 
EDB Postgres Platform
EDB Postgres PlatformEDB Postgres Platform
EDB Postgres Platform
EDB
 
Be Proactive: A Good DBA Goes Looking for Signs of Trouble | IDERA
Be Proactive: A Good DBA Goes Looking for Signs of Trouble | IDERABe Proactive: A Good DBA Goes Looking for Signs of Trouble | IDERA
Be Proactive: A Good DBA Goes Looking for Signs of Trouble | IDERA
IDERA Software
 
Azure database services for PostgreSQL and MySQL
Azure database services for PostgreSQL and MySQLAzure database services for PostgreSQL and MySQL
Azure database services for PostgreSQL and MySQL
Amit Banerjee
 
Achieving HIPAA Compliance with Postgres Plus Cloud Database
Achieving HIPAA Compliance with Postgres Plus Cloud DatabaseAchieving HIPAA Compliance with Postgres Plus Cloud Database
Achieving HIPAA Compliance with Postgres Plus Cloud Database
EDB
 
Geek Sync | How to Be the DBA When You Don't Have a DBA - Eric Cobb | IDERA
Geek Sync | How to Be the DBA When You Don't Have a DBA - Eric Cobb | IDERAGeek Sync | How to Be the DBA When You Don't Have a DBA - Eric Cobb | IDERA
Geek Sync | How to Be the DBA When You Don't Have a DBA - Eric Cobb | IDERA
IDERA Software
 
Deploy, move and manage Postgres across cloud platforms
Deploy, move and manage Postgres across cloud platformsDeploy, move and manage Postgres across cloud platforms
Deploy, move and manage Postgres across cloud platforms
Ashnikbiz
 
Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018
Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018 Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018
Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018
Antonios Chatzipavlis
 
Advanced SQL Server Performance Tuning | IDERA
Advanced SQL Server Performance Tuning | IDERAAdvanced SQL Server Performance Tuning | IDERA
Advanced SQL Server Performance Tuning | IDERA
IDERA Software
 
Azure SQL Database
Azure SQL DatabaseAzure SQL Database
Azure SQL Database
rockplace
 
Data Platform Overview
Data Platform OverviewData Platform Overview
Data Platform Overview
Hamid J. Fard
 
Cloud Native PostgreSQL - APJ
Cloud Native PostgreSQL - APJCloud Native PostgreSQL - APJ
Cloud Native PostgreSQL - APJ
EDB
 
5 Postgres DBA Tips
5 Postgres DBA Tips5 Postgres DBA Tips
5 Postgres DBA Tips
EDB
 
Azure Cloud Dev Camp - Introduction
Azure Cloud Dev Camp - IntroductionAzure Cloud Dev Camp - Introduction
Azure Cloud Dev Camp - Introduction
giventocode
 
5 Ways to Make Your Postgres GDPR-Ready
5 Ways to Make Your Postgres GDPR-Ready5 Ways to Make Your Postgres GDPR-Ready
5 Ways to Make Your Postgres GDPR-Ready
EDB
 
Geek Sync | SQL Security Principals and Permissions 101
Geek Sync | SQL Security Principals and Permissions 101Geek Sync | SQL Security Principals and Permissions 101
Geek Sync | SQL Security Principals and Permissions 101
IDERA Software
 
SQL Server 2019 Data Virtualization
SQL Server 2019 Data VirtualizationSQL Server 2019 Data Virtualization
SQL Server 2019 Data Virtualization
Matthew W. Bowers
 
Azure - Data Platform
Azure - Data PlatformAzure - Data Platform
Azure - Data Platform
giventocode
 
Webinar: Managing Postgres at Scale
Webinar: Managing Postgres at ScaleWebinar: Managing Postgres at Scale
Webinar: Managing Postgres at Scale
EDB
 
Azure data platform overview
Azure data platform overviewAzure data platform overview
Azure data platform overview
Alessandro Melchiori
 
Transform Your DBMS to Drive Application Innovation
Transform Your DBMS to Drive Application InnovationTransform Your DBMS to Drive Application Innovation
Transform Your DBMS to Drive Application Innovation
EDB
 
SQL Database on Azure
SQL Database on AzureSQL Database on Azure
SQL Database on Azure
Thurupathan Vijayakumar
 
Introduction to Windows Azure Data Services
Introduction to Windows Azure Data ServicesIntroduction to Windows Azure Data Services
Introduction to Windows Azure Data Services
Robert Greiner
 
Microsoft Azure Offerings and New Services
Microsoft Azure Offerings and New Services Microsoft Azure Offerings and New Services
Microsoft Azure Offerings and New Services
Mohamed Tawfik
 
SQL Server 2019 Big Data Cluster
SQL Server 2019 Big Data ClusterSQL Server 2019 Big Data Cluster
SQL Server 2019 Big Data Cluster
Maximiliano Accotto
 
Keynote: The Postgres Ecosystem
Keynote: The Postgres EcosystemKeynote: The Postgres Ecosystem
Keynote: The Postgres Ecosystem
EDB
 
DBaaS with EDB Postgres on AWS
DBaaS with EDB Postgres on AWSDBaaS with EDB Postgres on AWS
DBaaS with EDB Postgres on AWS
EDB
 
AUSPC 2013 - Understanding the Five Layers of SharePoint Security
AUSPC 2013 - Understanding the Five Layers of SharePoint SecurityAUSPC 2013 - Understanding the Five Layers of SharePoint Security
AUSPC 2013 - Understanding the Five Layers of SharePoint Security
Michael Noel
 
A to z for sql azure databases
A to z for sql azure databasesA to z for sql azure databases
A to z for sql azure databases
Antonios Chatzipavlis
 

More Related Content

What's hot

Data Platform Overview
Data Platform OverviewData Platform Overview
Data Platform Overview
Hamid J. Fard
 
5 Ways to Make Your Postgres GDPR-Ready
5 Ways to Make Your Postgres GDPR-Ready5 Ways to Make Your Postgres GDPR-Ready
5 Ways to Make Your Postgres GDPR-Ready
EDB
 
Geek Sync | SQL Security Principals and Permissions 101
Geek Sync | SQL Security Principals and Permissions 101Geek Sync | SQL Security Principals and Permissions 101
Geek Sync | SQL Security Principals and Permissions 101
IDERA Software
 
Transform Your DBMS to Drive Application Innovation
Transform Your DBMS to Drive Application InnovationTransform Your DBMS to Drive Application Innovation
Transform Your DBMS to Drive Application Innovation
EDB
 
DBaaS with EDB Postgres on AWS
DBaaS with EDB Postgres on AWSDBaaS with EDB Postgres on AWS
DBaaS with EDB Postgres on AWS
EDB
 

What's hot (20)

Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018
Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018 Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018
Azure SQL Database for the SQL Server DBA - Azure Bootcamp Athens 2018
 
Advanced SQL Server Performance Tuning | IDERA
Advanced SQL Server Performance Tuning | IDERAAdvanced SQL Server Performance Tuning | IDERA
Advanced SQL Server Performance Tuning | IDERA
 
Azure SQL Database
Azure SQL DatabaseAzure SQL Database
Azure SQL Database
 
Data Platform Overview
Data Platform OverviewData Platform Overview
Data Platform Overview
 
Cloud Native PostgreSQL - APJ
Cloud Native PostgreSQL - APJCloud Native PostgreSQL - APJ
Cloud Native PostgreSQL - APJ
 
5 Postgres DBA Tips
5 Postgres DBA Tips5 Postgres DBA Tips
5 Postgres DBA Tips
 
Azure Cloud Dev Camp - Introduction
Azure Cloud Dev Camp - IntroductionAzure Cloud Dev Camp - Introduction
Azure Cloud Dev Camp - Introduction
 
5 Ways to Make Your Postgres GDPR-Ready
5 Ways to Make Your Postgres GDPR-Ready5 Ways to Make Your Postgres GDPR-Ready
5 Ways to Make Your Postgres GDPR-Ready
 
Geek Sync | SQL Security Principals and Permissions 101
Geek Sync | SQL Security Principals and Permissions 101Geek Sync | SQL Security Principals and Permissions 101
Geek Sync | SQL Security Principals and Permissions 101
 
SQL Server 2019 Data Virtualization
SQL Server 2019 Data VirtualizationSQL Server 2019 Data Virtualization
SQL Server 2019 Data Virtualization
 
Azure - Data Platform
Azure - Data PlatformAzure - Data Platform
Azure - Data Platform
 
Webinar: Managing Postgres at Scale
Webinar: Managing Postgres at ScaleWebinar: Managing Postgres at Scale
Webinar: Managing Postgres at Scale
 
Azure data platform overview
Azure data platform overviewAzure data platform overview
Azure data platform overview
 
Transform Your DBMS to Drive Application Innovation
Transform Your DBMS to Drive Application InnovationTransform Your DBMS to Drive Application Innovation
Transform Your DBMS to Drive Application Innovation
 
SQL Database on Azure
SQL Database on AzureSQL Database on Azure
SQL Database on Azure
 
Introduction to Windows Azure Data Services
Introduction to Windows Azure Data ServicesIntroduction to Windows Azure Data Services
Introduction to Windows Azure Data Services
 
Microsoft Azure Offerings and New Services
Microsoft Azure Offerings and New Services Microsoft Azure Offerings and New Services
Microsoft Azure Offerings and New Services
 
SQL Server 2019 Big Data Cluster
SQL Server 2019 Big Data ClusterSQL Server 2019 Big Data Cluster
SQL Server 2019 Big Data Cluster
 
Keynote: The Postgres Ecosystem
Keynote: The Postgres EcosystemKeynote: The Postgres Ecosystem
Keynote: The Postgres Ecosystem
 
DBaaS with EDB Postgres on AWS
DBaaS with EDB Postgres on AWSDBaaS with EDB Postgres on AWS
DBaaS with EDB Postgres on AWS
 

Similar to Enterprise-class security with PostgreSQL - 1

AUSPC 2013 - Understanding the Five Layers of SharePoint Security
AUSPC 2013 - Understanding the Five Layers of SharePoint SecurityAUSPC 2013 - Understanding the Five Layers of SharePoint Security
AUSPC 2013 - Understanding the Five Layers of SharePoint Security
Michael Noel
 
Isaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditingIsaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditing
Antonios Chatzipavlis
 
Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise
MongoDB
 
EDB Database Servers and Tools
EDB Database Servers and Tools EDB Database Servers and Tools
EDB Database Servers and Tools
Ashnikbiz
 
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Andrejs Prokopjevs
 
SPTechCon SFO 2012 - Understanding the Five Layers of SharePoint Security
SPTechCon SFO 2012 - Understanding the Five Layers of SharePoint SecuritySPTechCon SFO 2012 - Understanding the Five Layers of SharePoint Security
SPTechCon SFO 2012 - Understanding the Five Layers of SharePoint Security
Michael Noel
 
Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...
Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...
Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...
Michael Noel
 

Similar to Enterprise-class security with PostgreSQL - 1 (20)

AUSPC 2013 - Understanding the Five Layers of SharePoint Security
AUSPC 2013 - Understanding the Five Layers of SharePoint SecurityAUSPC 2013 - Understanding the Five Layers of SharePoint Security
AUSPC 2013 - Understanding the Five Layers of SharePoint Security
 
A to z for sql azure databases
A to z for sql azure databasesA to z for sql azure databases
A to z for sql azure databases
 
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQLKangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
 
Azure SQL Database
Azure SQL Database Azure SQL Database
Azure SQL Database
 
Isaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditingIsaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditing
 
Presentation database security enhancements with oracle
Presentation database security enhancements with oraclePresentation database security enhancements with oracle
Presentation database security enhancements with oracle
 
Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise
 
Best Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQLBest Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQL
 
Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best Practices
 
EDB Database Servers and Tools
EDB Database Servers and Tools EDB Database Servers and Tools
EDB Database Servers and Tools
 
Presentation database security audit vault & database firewall
Presentation database security audit vault & database firewallPresentation database security audit vault & database firewall
Presentation database security audit vault & database firewall
 
Best Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQLBest Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQL
 
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
 
KoprowskiT_SQLSat419_WADBforBeginners
KoprowskiT_SQLSat419_WADBforBeginnersKoprowskiT_SQLSat419_WADBforBeginners
KoprowskiT_SQLSat419_WADBforBeginners
 
SPTechCon SFO 2012 - Understanding the Five Layers of SharePoint Security
SPTechCon SFO 2012 - Understanding the Five Layers of SharePoint SecuritySPTechCon SFO 2012 - Understanding the Five Layers of SharePoint Security
SPTechCon SFO 2012 - Understanding the Five Layers of SharePoint Security
 
SharePoint Security in an Insecure World - AUSPC 2012
SharePoint Security in an Insecure World - AUSPC 2012SharePoint Security in an Insecure World - AUSPC 2012
SharePoint Security in an Insecure World - AUSPC 2012
 
Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...
Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...
Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...
 
Best Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQLBest Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQL
 
AWS Summit Auckland - Introducing Well-Architected for Developers
AWS Summit Auckland - Introducing Well-Architected for DevelopersAWS Summit Auckland - Introducing Well-Architected for Developers
AWS Summit Auckland - Introducing Well-Architected for Developers
 
What's new in SQL Server 2016
What's new in SQL Server 2016What's new in SQL Server 2016
What's new in SQL Server 2016
 

More from Ashnikbiz

Deploy, move and manage Postgres across cloud platforms
Deploy, move and manage Postgres across cloud platformsDeploy, move and manage Postgres across cloud platforms
Deploy, move and manage Postgres across cloud platforms
Ashnikbiz
 
Securing Your CI Pipeline with HashiCorp Vault - P2
Securing Your CI Pipeline with HashiCorp Vault - P2Securing Your CI Pipeline with HashiCorp Vault - P2
Securing Your CI Pipeline with HashiCorp Vault - P2
Ashnikbiz
 
Build robust streaming data pipelines with MongoDB and Kafka P2
Build robust streaming data pipelines with MongoDB and Kafka P2Build robust streaming data pipelines with MongoDB and Kafka P2
Build robust streaming data pipelines with MongoDB and Kafka P2
Ashnikbiz
 

More from Ashnikbiz (20)

CloudOps_tool.pptx
CloudOps_tool.pptxCloudOps_tool.pptx
CloudOps_tool.pptx
 
Webinar_CloudOps final.pptx
Webinar_CloudOps final.pptxWebinar_CloudOps final.pptx
Webinar_CloudOps final.pptx
 
Autoscaling in Kubernetes (K8s)
Autoscaling in Kubernetes (K8s)Autoscaling in Kubernetes (K8s)
Autoscaling in Kubernetes (K8s)
 
Why and how to use Kubernetes for scaling of your multi-tier (n-tier) appli...
Why and how to use Kubernetes for scaling of your multi-tier (n-tier) appli...Why and how to use Kubernetes for scaling of your multi-tier (n-tier) appli...
Why and how to use Kubernetes for scaling of your multi-tier (n-tier) appli...
 
Zero trust in a multi tenant environment
Zero trust in a multi tenant environment Zero trust in a multi tenant environment
Zero trust in a multi tenant environment
 
Deploy and automate ‘Secrets Management’ for a multi-cloud environment
Deploy and automate ‘Secrets Management’ for a multi-cloud environmentDeploy and automate ‘Secrets Management’ for a multi-cloud environment
Deploy and automate ‘Secrets Management’ for a multi-cloud environment
 
Deploy, move and manage Postgres across cloud platforms
Deploy, move and manage Postgres across cloud platformsDeploy, move and manage Postgres across cloud platforms
Deploy, move and manage Postgres across cloud platforms
 
The Best Approach For Multi-cloud Infrastructure Provisioning-2
The Best Approach For Multi-cloud Infrastructure Provisioning-2The Best Approach For Multi-cloud Infrastructure Provisioning-2
The Best Approach For Multi-cloud Infrastructure Provisioning-2
 
The Best Approach For Multi-cloud Infrastructure Provisioning
The Best Approach For Multi-cloud Infrastructure Provisioning The Best Approach For Multi-cloud Infrastructure Provisioning
The Best Approach For Multi-cloud Infrastructure Provisioning
 
Which PostgreSQL is right for your multi cloud strategy? P2
Which PostgreSQL is right for your multi cloud strategy? P2Which PostgreSQL is right for your multi cloud strategy? P2
Which PostgreSQL is right for your multi cloud strategy? P2
 
Which PostgreSQL is right for your multi cloud strategy? P1
Which PostgreSQL is right for your multi cloud strategy? P1Which PostgreSQL is right for your multi cloud strategy? P1
Which PostgreSQL is right for your multi cloud strategy? P1
 
Reduce the complexities of managing Kubernetes clusters anywhere 2
Reduce the complexities of managing Kubernetes clusters anywhere 2Reduce the complexities of managing Kubernetes clusters anywhere 2
Reduce the complexities of managing Kubernetes clusters anywhere 2
 
Reduce the complexities of managing Kubernetes clusters anywhere
Reduce the complexities of managing Kubernetes clusters anywhereReduce the complexities of managing Kubernetes clusters anywhere
Reduce the complexities of managing Kubernetes clusters anywhere
 
Enhance your multi-cloud application performance using Redis Enterprise P2
Enhance your multi-cloud application performance using Redis Enterprise P2Enhance your multi-cloud application performance using Redis Enterprise P2
Enhance your multi-cloud application performance using Redis Enterprise P2
 
Enhance your multi-cloud application performance using Redis Enterprise P1
Enhance your multi-cloud application performance using Redis Enterprise P1Enhance your multi-cloud application performance using Redis Enterprise P1
Enhance your multi-cloud application performance using Redis Enterprise P1
 
Gain multi-cloud versatility with software load balancing designed for cloud-...
Gain multi-cloud versatility with software load balancing designed for cloud-...Gain multi-cloud versatility with software load balancing designed for cloud-...
Gain multi-cloud versatility with software load balancing designed for cloud-...
 
Gain multi-cloud versatility with software load balancing designed for cloud-...
Gain multi-cloud versatility with software load balancing designed for cloud-...Gain multi-cloud versatility with software load balancing designed for cloud-...
Gain multi-cloud versatility with software load balancing designed for cloud-...
 
Securing Your CI Pipeline with HashiCorp Vault - P2
Securing Your CI Pipeline with HashiCorp Vault - P2Securing Your CI Pipeline with HashiCorp Vault - P2
Securing Your CI Pipeline with HashiCorp Vault - P2
 
Build robust streaming data pipelines with MongoDB and Kafka P2
Build robust streaming data pipelines with MongoDB and Kafka P2Build robust streaming data pipelines with MongoDB and Kafka P2
Build robust streaming data pipelines with MongoDB and Kafka P2
 
Build robust streaming data pipelines with MongoDB and Kafka
Build robust streaming data pipelines with MongoDB and KafkaBuild robust streaming data pipelines with MongoDB and Kafka
Build robust streaming data pipelines with MongoDB and Kafka
 

Recently uploaded

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 

Recently uploaded (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

Enterprise-class security with PostgreSQL - 1

  • 2. Ajit G. Principal Solution Architect, Ashnik Jayaraj S. Solution Architect, EnterpriseDB Nishchay K. Database Consultant, Ashnik
  • 3. Webinar Covers • Understanding the criticality of the security aspect in database design and why Postgres is today’s default choice. • What security features does Postgres offer to help organizations achieve the Enterprise level security for their databases? • Demo: Data redaction and EDB* Wrap (How it secure the business data and logic inside the database)
  • 4. “The average cost of a security breach has increased to $2.71 million per organization across ASEAN, with the time taken to identify and contain an attack rising to 287 days.” -- Channel News Asia, 20th Aug 2020 Business Impact • Financial Lost/ Revenue Lost. • Brand Value / Reputation. • Stock Prices. • Consumer Trust. • Customers Turn Over
  • 5. Standards and Techniques • ISO, PCI DSS, GDPR, PII (Personal Identifiable Information, HIPAA, PHI) • AI and Machine Learning based technique using XDR • Multi Cloud adoptions • Zero Trust Authentication /Network • Focus on IT Security
  • 6. RDBMS Security Techniques “AAA” Model • Authentication • Authorization • Accounting  Backup & Recovery  Encryption  Data Masking  Tokenization  Deleting and Ensure
  • 8. I will be covering • Security Model • Security Features in PostgreSQL • Security Features in EPAS • Best Practices • Demo
  • 9. Security Model • Secure access is a two step process:  Authentication: Ensures a user he/she claims to be  Authorization: Ensures an authenticated user has access to only the data for which he/she has been granted the appropriate privileges
  • 10. Authentication Methods • Password: Store password in scram-sha-256 & md5 • Certificate: It use SSL client certificates to perform authentication. • RADIUS: Use RADIUS server for authentication • LDAP: It use LDAP as the password verification method
  • 11. Level of Security in PostgreSQL
  • 12. Security Features in PostgreSQL • Row Level Security – Virtual Private Database • SSL support • Encryption  Password Encryption  Encryption For Specific Columns  Data Partition Encryption  Encrypting Data Across A Network • Data Masking • Audit  pgAudit – Extension
  • 13. Security Features in EPAS • All Security features of PostgreSQL • Password Policy • Code Protection • SQL Protect • Encryption  DBMS_CRYPTO • Data Masking  Data Redaction • Audit  EDB Audit
  • 14. Password Profile • Advanced Server allows a database superuser to create named profiles. Each profile defines rules for password management that augment password and md5 authentication. The rules in a profile can:  Count failed login attempts  Lock an account due to excessive failed login attempts  Mark a password for expiration  Define a grace period after a password expiration  Define rules for password complexity  Define rules that limit password re-use
  • 15. Code Protection • The EDB*Wrap utility protects proprietary source code and programs (functions, stored procedures, triggers, and packages) from unauthorized scrutiny. • The EDB*Wrap program translates a file that contains SPL or PL/pgSQL source code (the plaintext) into a file that contains the same code in a form that is nearly impossible to read. • Once you have the obfuscated form of the code, you can send that code to EPAS and it will store those programs in obfuscated form. • edbwrap does not validate SQL source code - if the plaintext form contains a syntax error, edbwrap will not complain but EPAS will report an error and abort the entire file when you try to execute the obfuscated form.
  • 16. SQL Protect • Guards against the various types of SQL injections.  Unauthorized Relations  Utility Commands  SQL Tautology  Unbounded DML Statements
  • 17. Encryption • DBMS_CRYPTO package provides functions and procedures that allow you to encrypt or decrypt RAW, BLOB or CLOB data. • DBMS_CRYPTO functions to generate cryptographically strong random values. • ENCRYPT function or procedure uses a user-specified algorithm, key, and optional initialization vector to encrypt RAW, BLOB or CLOB data. • DECRYPT function or procedure decrypts data using a user-specified cipher algorithm, key and optional initialization vector. • HASH function uses a user-specified algorithm to return the hash value of a RAW or CLOB value.
  • 18. Data Masking • Data Redaction limits sensitive data exposure by dynamically changing data as it is displayed for certain users. • Data redaction is implemented by defining a function for each field to which redaction is to be applied. The function returns the value that should be displayed to the users subject to the data redaction. • For example, bank account numbers as XXXXXX1235 • Supports DBMS_REDACT package
  • 19. Auditing • Advanced Server allows database and security administrators, auditors, and operators to track and analyze database activities using the EDB Audit Logging functionality. • EDB Audit Logging generates audit log files, which contains all of the relevant information.  The audit logs can be configured to record information such as:  When a role establishes a connection to an Advanced Server database  What database objects a role creates, modifies, or deletes when connected to Advanced Server  When any failed authentication attempts occur • Audit parameters specified in the configuration files, postgresql.conf or postgresql.auto.conf, control the information included in the audit logs. • EDB Audit files/logs can be generate in CSV or XML format
  • 20. Best Practices • Avoid to use default values  Change default port  Use non-default name for superuser. Can be specified during initdb  By default, each new database has connect privileges to public schema o Revoke connect on my_db from public; o Grant connect to my_db to my_app_user; • Control who can connect from where • Configure pg_hba.conf effectively • Avoid to use 0.0.0.0/0 • Avoid “trust” authentication • Allow DBAs to use their personal user_id (Ex. DBA Nishchay need to use user “nishchay”) • Application user should not have superuser privileges
  • 21. Best Practices • Password policy should be implemented • Use connection timeout, logging of connection & disconnection with duration • Use Grant & Revoke appropriately to control the access • Sensitive data should be masked • Apply patch on Time
  • 22. THANK YOU FOR ATTENDING THE WEBINAR