SlideShare a Scribd company logo

Plmce mysql-101-security-basics

Download as ODP, PDF
David Busby, CISSP
David Busby, CISSP

MySQL-101 track ~20 minute talk on security basics. It's important to look outside of mysql and build a strong foundation before looking to MySQL internals for security.

Software
1 of 20
MySQL 101 Security Basics David Busby 2015-04-16
`whoami` • David Busby –Information Security Architect –Percona since Jan 2013 –Several talks on Security 2
You will be compromised • Let's talk about –Kübler-Ross model –Acceptance –Damage Limitation –Mitigation –Focus on what can be controlled 3
You will be compromised • Let's NOT talk about –$three_letter_agencies –$govt –$espionage –$doomsday_scenario 4
Security from the ground up • Let's talk about –A solid foundation –VM, Baremetal –Side channel attacks –Phishing, Spear Phishing –Social Engineering –Unintentional emissions 5
Because … acronyms! • Let's talk about –A.C.L –P.O.L.P –M.A.C –D.A.C –I.D.S / I.P.S –W.A.F 6
Because … acronyms! • I.D.S 7
Because … acronyms! • I.P.S 8
Plugging the holes • Let's talk about – Attack surface – Reduce avenues of access – Reduce visibility – Remove Bad ACLs ANY ↔ ANY:ANY GRANT ALL – Bad file permissions – 0640 files, 0750 dirs 9
Plugging the holes • Let's continue to talk about –Attack surface –Remove redundant packages –Remove redundant services –Isolate the DB system via network ACL –Don't be the guy in the “target vest” 10
Plugging the holes • Let's talk about –MySQL security features –sha256_password –auth_pam –Proxy groups Requires MySQL >= 5.7.7 Or use of auth plugin 11
Plugging the holes • Let's talk about –Selective grants  NO: “ALL on *.*” NO: “SUPER” NO: “WITH GRANT OPTION” 12
Plugging the holes • Let's talk about –MySQL auth handshake && passwords (default 5.x) –Password storage: sha1(sha1(password)) –Auth: SHA1(password) XOR (salt + sha1(sha1(password))) –Strong passwords are KEY! 13
Plugging the holes 14
Plugging the holes 15
Why password complexity is important • We've “recovered” the passwords MUCH: ACA068D24BC58DB72E9D3C2D8D29D43FB6F674D9 PASS: B415DD9C4FB5EF59FE80C4FEBC1F9C715E6E97C4 SUCH: F469EBEEF4AD5F9DE9A0703EABF87DD88A7AF52D BAD: CB7DFF0540F8C51BF178A1502A286FB8F4A2691E WOW: F49091CCA44CEC66E65D3D97EA2C3F92D7636734 16
Plugging the holes • Let's talk about – REQUIRE SSL – Auth takes place over SSL connection – Overhead – ssl_cipher 17
Plugging the holes • Let's talk about – Training your employees – Train yourself – No “head in the sand” – Be aware of potential threats 18
… more acronyms • Let's talk about – B.Y.O.D – I.o.T – Malicous H.I.D – Abusing / Malicious WiFi 19
Because … Demos 20

Recommended

Security its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutSecurity its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutDavid Busby, CISSP
 
PLMCE - Security and why you need to review yours
PLMCE - Security and why you need to review yoursPLMCE - Security and why you need to review yours
PLMCE - Security and why you need to review yoursDavid Busby, CISSP
 
Cumulonimbus fortification-secure-your-data-in-the-cloud
Cumulonimbus fortification-secure-your-data-in-the-cloudCumulonimbus fortification-secure-your-data-in-the-cloud
Cumulonimbus fortification-secure-your-data-in-the-cloudDavid Busby, CISSP
 
Security its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutSecurity its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutDavid Busby, CISSP
 
Security and why you need to review yours.
Security and why you need to review yours.Security and why you need to review yours.
Security and why you need to review yours.David Busby, CISSP
 
Managing secrets at scale
Managing secrets at scaleManaging secrets at scale
Managing secrets at scaleAlex Schoof
 
Mobile Security Basics
Mobile Security BasicsMobile Security Basics
Mobile Security Basicsanandraje
 
Security Basics
Security BasicsSecurity Basics
Security BasicsRishi Prasath
 

Recommended

Security its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutSecurity its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutDavid Busby, CISSP
 
PLMCE - Security and why you need to review yours
PLMCE - Security and why you need to review yoursPLMCE - Security and why you need to review yours
PLMCE - Security and why you need to review yoursDavid Busby, CISSP
 
Cumulonimbus fortification-secure-your-data-in-the-cloud
Cumulonimbus fortification-secure-your-data-in-the-cloudCumulonimbus fortification-secure-your-data-in-the-cloud
Cumulonimbus fortification-secure-your-data-in-the-cloudDavid Busby, CISSP
 
Security its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutSecurity its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutDavid Busby, CISSP
 
Security and why you need to review yours.
Security and why you need to review yours.Security and why you need to review yours.
Security and why you need to review yours.David Busby, CISSP
 
Managing secrets at scale
Managing secrets at scaleManaging secrets at scale
Managing secrets at scaleAlex Schoof
 
Mobile Security Basics
Mobile Security BasicsMobile Security Basics
Mobile Security Basicsanandraje
 
Security Basics
Security BasicsSecurity Basics
Security BasicsRishi Prasath
 
Computer security basics
Computer security basicsComputer security basics
Computer security basicsSrinu Potnuru
 
Network security chapter 6 and 7 internet architecture
Network security chapter 6 and 7 internet architectureNetwork security chapter 6 and 7 internet architecture
Network security chapter 6 and 7 internet architectureMuhammad ismail Shah
 
Security Basics - Internet Safety
Security Basics - Internet SafetySecurity Basics - Internet Safety
Security Basics - Internet SafetyAxxes IT Consultancy
 
Network basics
Network basicsNetwork basics
Network basicsJunaid AJ
 
Network security & cryptography
Network security & cryptographyNetwork security & cryptography
Network security & cryptographyRahulprasad Yadav
 
Network Basics & Internet
Network Basics & InternetNetwork Basics & Internet
Network Basics & InternetVNSGU
 
Internet architecture
Internet architectureInternet architecture
Internet architectureNaman Rastogi
 
Cryptography
CryptographyCryptography
CryptographyDarshini Parikh
 
Cryptography
CryptographyCryptography
CryptographySidharth Mohapatra
 
What exactly is the "Internet of Things"?
What exactly is the "Internet of Things"?What exactly is the "Internet of Things"?
What exactly is the "Internet of Things"?Dr. Mazlan Abbas
 
Basic concepts of computer Networking
Basic concepts of computer NetworkingBasic concepts of computer Networking
Basic concepts of computer NetworkingHj Habib
 
IoT architecture
IoT architectureIoT architecture
IoT architectureSumit Sharma
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
Introduction to computer network
Introduction to computer networkIntroduction to computer network
Introduction to computer networkAshita Agrawal
 
Internet of Things and its applications
Internet of Things and its applicationsInternet of Things and its applications
Internet of Things and its applicationsPasquale Puzio
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park masabamasaba
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...masabamasaba
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdfPearlKirahMaeRagusta1
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 

More Related Content

Viewers also liked

Computer security basics
Computer security basicsComputer security basics
Computer security basicsSrinu Potnuru
 
Network security chapter 6 and 7 internet architecture
Network security chapter 6 and 7 internet architectureNetwork security chapter 6 and 7 internet architecture
Network security chapter 6 and 7 internet architectureMuhammad ismail Shah
 
Network basics
Network basicsNetwork basics
Network basicsJunaid AJ
 
Network security & cryptography
Network security & cryptographyNetwork security & cryptography
Network security & cryptographyRahulprasad Yadav
 
Network Basics & Internet
Network Basics & InternetNetwork Basics & Internet
Network Basics & InternetVNSGU
 
Internet architecture
Internet architectureInternet architecture
Internet architectureNaman Rastogi
 
What exactly is the "Internet of Things"?
What exactly is the "Internet of Things"?What exactly is the "Internet of Things"?
What exactly is the "Internet of Things"?Dr. Mazlan Abbas
 
Basic concepts of computer Networking
Basic concepts of computer NetworkingBasic concepts of computer Networking
Basic concepts of computer NetworkingHj Habib
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
Introduction to computer network
Introduction to computer networkIntroduction to computer network
Introduction to computer networkAshita Agrawal
 
Internet of Things and its applications
Internet of Things and its applicationsInternet of Things and its applications
Internet of Things and its applicationsPasquale Puzio
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 

Viewers also liked (16)

Computer security basics
Computer security basicsComputer security basics
Computer security basics
 
Network security chapter 6 and 7 internet architecture
Network security chapter 6 and 7 internet architectureNetwork security chapter 6 and 7 internet architecture
Network security chapter 6 and 7 internet architecture
 
Security Basics - Internet Safety
Security Basics - Internet SafetySecurity Basics - Internet Safety
Security Basics - Internet Safety
 
Network basics
Network basicsNetwork basics
Network basics
 
Network security & cryptography
Network security & cryptographyNetwork security & cryptography
Network security & cryptography
 
Network Basics & Internet
Network Basics & InternetNetwork Basics & Internet
Network Basics & Internet
 
Internet architecture
Internet architectureInternet architecture
Internet architecture
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
What exactly is the "Internet of Things"?
What exactly is the "Internet of Things"?What exactly is the "Internet of Things"?
What exactly is the "Internet of Things"?
 
Basic concepts of computer Networking
Basic concepts of computer NetworkingBasic concepts of computer Networking
Basic concepts of computer Networking
 
IoT architecture
IoT architectureIoT architecture
IoT architecture
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
Introduction to computer network
Introduction to computer networkIntroduction to computer network
Introduction to computer network
 
Internet of Things and its applications
Internet of Things and its applicationsInternet of Things and its applications
Internet of Things and its applications
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 

Recently uploaded

%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park masabamasaba
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...masabamasaba
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdfPearlKirahMaeRagusta1
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentHarnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentVictorSzoltysek
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...masabamasaba
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrandmasabamasaba
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is insideshinachiaurasa2
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Hararemasabamasaba
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfkalichargn70th171
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...SelfMade bd
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 

Recently uploaded (20)

%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentHarnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 

Plmce mysql-101-security-basics

  • 2. `whoami` • David Busby –Information Security Architect –Percona since Jan 2013 –Several talks on Security 2
  • 3. You will be compromised • Let's talk about –Kübler-Ross model –Acceptance –Damage Limitation –Mitigation –Focus on what can be controlled 3
  • 4. You will be compromised • Let's NOT talk about –$three_letter_agencies –$govt –$espionage –$doomsday_scenario 4
  • 5. Security from the ground up • Let's talk about –A solid foundation –VM, Baremetal –Side channel attacks –Phishing, Spear Phishing –Social Engineering –Unintentional emissions 5
  • 6. Because … acronyms! • Let's talk about –A.C.L –P.O.L.P –M.A.C –D.A.C –I.D.S / I.P.S –W.A.F 6
  • 9. Plugging the holes • Let's talk about – Attack surface – Reduce avenues of access – Reduce visibility – Remove Bad ACLs ANY ↔ ANY:ANY GRANT ALL – Bad file permissions – 0640 files, 0750 dirs 9
  • 10. Plugging the holes • Let's continue to talk about –Attack surface –Remove redundant packages –Remove redundant services –Isolate the DB system via network ACL –Don't be the guy in the “target vest” 10
  • 11. Plugging the holes • Let's talk about –MySQL security features –sha256_password –auth_pam –Proxy groups Requires MySQL >= 5.7.7 Or use of auth plugin 11
  • 12. Plugging the holes • Let's talk about –Selective grants  NO: “ALL on *.*” NO: “SUPER” NO: “WITH GRANT OPTION” 12
  • 13. Plugging the holes • Let's talk about –MySQL auth handshake && passwords (default 5.x) –Password storage: sha1(sha1(password)) –Auth: SHA1(password) XOR (salt + sha1(sha1(password))) –Strong passwords are KEY! 13
  • 16. Why password complexity is important • We've “recovered” the passwords MUCH: ACA068D24BC58DB72E9D3C2D8D29D43FB6F674D9 PASS: B415DD9C4FB5EF59FE80C4FEBC1F9C715E6E97C4 SUCH: F469EBEEF4AD5F9DE9A0703EABF87DD88A7AF52D BAD: CB7DFF0540F8C51BF178A1502A286FB8F4A2691E WOW: F49091CCA44CEC66E65D3D97EA2C3F92D7636734 16
  • 17. Plugging the holes • Let's talk about – REQUIRE SSL – Auth takes place over SSL connection – Overhead – ssl_cipher 17
  • 18. Plugging the holes • Let's talk about – Training your employees – Train yourself – No “head in the sand” – Be aware of potential threats 18
  • 19. … more acronyms • Let's talk about – B.Y.O.D – I.o.T – Malicous H.I.D – Abusing / Malicious WiFi 19

Editor's Notes

  1. Kübler-Ross model for grief. - Denial - Anger - Bargaining - Depression - Acceptance
  2. Kübler-Ross model for grief. - Denial - Anger - Bargaining - Depression - Acceptance