SlideShare ist ein Scribd-Unternehmen logo

20131003 pizzasessie db-security

Als PPT, PDF herunterladen
Jelmer de Reus
Jelmer de Reus
Technologie
1 von 27
Database Security Jelmer de Reus Utrecht, 3 oktober 2013
Overview • • • • • • Inleiding en relevantie Netwerk ecosysteem Logs en Traps Incident & Event Management Operating Systems Implementatie • PostgreSQL • MySQL
Inleiding en relevantie • Voorbeelden Security Audits • Ontwikkelingen in attacks • • • • Automated reconnaissance Blind SQLi Bruteforce Pivoting • Ontwikkelingen in tools • Metasploit Framework • Fasttrack, SQLping • Database engines ontwikkelen mee
Netwerk Ecosysteem Overview •Deployment in het netwerk •Management access •Netwerk services •Logging •Traffic analysis/IPS
Netwerk Ecosysteem Deployment verschillen Services •DB server •DB server + Web server + ? Status •Proof-of-concept •OTA •Productie
Netwerk Ecosysteem Deployment issues •Management VLAN (iDRAC/ILO) •Productie VLAN • Private VLAN • Demilitarized Zone •Firewalling • • • • Minimale toegang Logging op specifieke rules IPS enabled indien mogelijk Rules onderhouden/auditen
Netwerk Ecosysteem Management VLAN
Logs en Traps Local vs remote logging issues Local logging •Log file bescherming •Log file capaciteit/rotation Remote issues •Waar naartoe? •Syslog •SNMPtrap
Logs en Traps Log file bescherming: append-only file flags op FreeBSD chflags •chflags sappnd <path>/file.log •ls -lo <path>/file.log Enforcement tegen root users •Securelevel +1 (in single user mode)
Logs en Traps Log file bescherming: append-only file flags op GNU/Linux file attributes •chattr -a <path>/file.log •lsattr <path>/file.log Enforcement tegen root users •?
Logs en Traps Append-only file flags op GNU/Linux DEMO
Incident & Event Management Security Incident & Event Management: •Inputs • • • • Host-based IDS Network IDS Syslog, snmptrap Netflow •Correlatie (SQLi -> id, prio, metadata -> Event) •Management software
Incident & Event Management Network IDS/IPS •Check Point IPS blade •Fortinet UTM IPS module •Juniper Mykonos Web Gateway •Snort IDS (FOSS) •SourceFire (nu: Cisco)
Incident & Event Management SIEM Software •Tripwire •Check Point SmartEvent •McAfee ESM •AlienVault OSSIM (FOSS)
Incident & Event Management DEMO
Incident & Event Management SIEM links op het web Check Point Smartevent Event Correlation Software Blade http://www.wickhill.com/products/vendors/product/412/Event-Correlation SmartEvent Software Blade http://rus.checkpoint.com/products/softwareblades/smartevent.html supported event sources http://www.checkpoint.com/products/home_promo/popups/eventia_2005.html McAfee DS SIEM / ESM device support http://www.mcafee.com/cn/resources/data-sheets/ds-siem-device-support-matrix.pdf Alienvault OSSIM How to configure network monitoring in VMware ESXi https://alienvault.bloomfire.com/series/3643 Event Log Integration Guides https://alienvault.bloomfire.com/series/3631 AlienVault Data Plugins - By Vendor https://alienvault.bloomfire.com/series/3631/posts/596580
Operating Systems Operating System issues •Hardening •Beheer • Patch Management • Onderhoud •Vendor support •Userland tools
Operating Systems Hardening (zie ook netwerk ecosysteem) •Alleen noodzakelijke services •Geen onnodige open poorten •Log files beschermen •Application/Execution control • GNU/Linux: AppArmor, SELinux • FreeBSD: MAC / Capsicum •Toegang strak trekken / bewaken
Database implementatie • • • • • • Management access Config files Tablespaces Authenticatie Permissies Role based access control
Database Implementatie PostgreSQL gebruikers en databases aanmaken
Database Implementatie PostgreSQL gebruikers en rechten
Database Implementatie PostgreSQL config files
Database Implementatie PostgreSQL logs
Database Implementatie MySQL gebruikers en permissies (1) adminos@publicwww01:~$ mysql -u root –p … mysql> show databases; | information_schema | | concrete5db01 | | mysql | | performance_schema | mysql> use mysql; mysql> select * from user; ... | Host | User | Password | Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv | Reload_priv | Shutdown_priv | Process_priv | File_priv | Grant_priv | References_priv | Index_priv | Alter_priv | Show_db_priv | Super_priv | Create_tmp_table_priv | Lock_tables_priv | Execute_priv | Repl_slave_priv | Repl_client_priv | Create_view_priv | Show_view_priv | Create_routine_priv | Alter_routine_priv | Create_user_priv | Event_priv | Trigger_priv | Create_tablespace_priv | ssl_type | ssl_cipher | x509_issuer | x509_subject | max_questions | max_updates | max_connections | max_user_connections | plugin | authentication_string
Database Implementatie MySQL gebruikers en permissies (2) mysql> select Host,User,Select_priv,Alter_priv,Insert_priv from user; +-------------------------+------------------+-------------+------------+-------------+ | Host | User | Select_priv | Alter_priv | Insert_priv | +-------------------------+------------------+-------------+------------+-------------+ | localhost | root | Y | Y | Y | | publicwww01.localdomain | root | Y | Y | Y | | 127.0.0.1 | root | Y | Y | Y | | ::1 | root | Y | Y | Y | | localhost | concrete5usr | N | N | N | | localhost | debian-sys-maint | Y | Y | Y | | localhost | modxusr | N | N | N | | localhost | modxusr03 | N | N | N | +-------------------------+------------------+-------------+------------+-------------+
Database Implementatie MySQL gebruikers en permissies (3) mysql> show grants; +---------------------------------------------------------------------------------------------------------------------------------------+ | Grants for root@localhost | +---------------------------------------------------------------------------------------------------------------------------------------+ | GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD 'ABCD' WITH GRANT OPTION | | GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION | +---------------------------------------------------------------------------------------------------------------------------------------+
Bedankt voor je tijd! • Vragen?

Empfohlen

Supercharging MySQL and MariaDB with Plug-ins (SCaLE 12x)
Supercharging MySQL and MariaDB with Plug-ins (SCaLE 12x)Supercharging MySQL and MariaDB with Plug-ins (SCaLE 12x)
Supercharging MySQL and MariaDB with Plug-ins (SCaLE 12x)
Antony T Curtis
 
"Clouds on the Horizon Get Ready for Drizzle" by David Axmark @ eLiberatica 2009
"Clouds on the Horizon Get Ready for Drizzle" by David Axmark @ eLiberatica 2009"Clouds on the Horizon Get Ready for Drizzle" by David Axmark @ eLiberatica 2009
"Clouds on the Horizon Get Ready for Drizzle" by David Axmark @ eLiberatica 2009
eLiberatica
 
Scalable Web Solutions - Use Case: Regulatory Reform In Vietnam On eZ Publish...
Scalable Web Solutions - Use Case: Regulatory Reform In Vietnam On eZ Publish...Scalable Web Solutions - Use Case: Regulatory Reform In Vietnam On eZ Publish...
Scalable Web Solutions - Use Case: Regulatory Reform In Vietnam On eZ Publish...
Ivo Lukač
 
Insight on MongoDB Change Stream - Abhishek.D, Mydbops Team
Insight on MongoDB Change Stream - Abhishek.D, Mydbops TeamInsight on MongoDB Change Stream - Abhishek.D, Mydbops Team
Insight on MongoDB Change Stream - Abhishek.D, Mydbops Team
Mydbops
 
MySQL Query Optimization (Basics)
MySQL Query Optimization (Basics)MySQL Query Optimization (Basics)
MySQL Query Optimization (Basics)
Karthik .P.R
 
MySQL DBA
MySQL DBAMySQL DBA
MySQL DBA
lalit choudhary
 
MySQL :What's New #GIDS16
MySQL :What's New #GIDS16MySQL :What's New #GIDS16
MySQL :What's New #GIDS16
Sanjay Manwani
 
01 upgrade to my sql8
01 upgrade to my sql8 01 upgrade to my sql8
01 upgrade to my sql8
Ted Wennmark
 

Empfohlen

Supercharging MySQL and MariaDB with Plug-ins (SCaLE 12x)
Supercharging MySQL and MariaDB with Plug-ins (SCaLE 12x)Supercharging MySQL and MariaDB with Plug-ins (SCaLE 12x)
Supercharging MySQL and MariaDB with Plug-ins (SCaLE 12x)
Antony T Curtis
 
"Clouds on the Horizon Get Ready for Drizzle" by David Axmark @ eLiberatica 2009
"Clouds on the Horizon Get Ready for Drizzle" by David Axmark @ eLiberatica 2009"Clouds on the Horizon Get Ready for Drizzle" by David Axmark @ eLiberatica 2009
"Clouds on the Horizon Get Ready for Drizzle" by David Axmark @ eLiberatica 2009
eLiberatica
 
Scalable Web Solutions - Use Case: Regulatory Reform In Vietnam On eZ Publish...
Scalable Web Solutions - Use Case: Regulatory Reform In Vietnam On eZ Publish...Scalable Web Solutions - Use Case: Regulatory Reform In Vietnam On eZ Publish...
Scalable Web Solutions - Use Case: Regulatory Reform In Vietnam On eZ Publish...
Ivo Lukač
 
Insight on MongoDB Change Stream - Abhishek.D, Mydbops Team
Insight on MongoDB Change Stream - Abhishek.D, Mydbops TeamInsight on MongoDB Change Stream - Abhishek.D, Mydbops Team
Insight on MongoDB Change Stream - Abhishek.D, Mydbops Team
Mydbops
 
MySQL Query Optimization (Basics)
MySQL Query Optimization (Basics)MySQL Query Optimization (Basics)
MySQL Query Optimization (Basics)
Karthik .P.R
 
MySQL DBA
MySQL DBAMySQL DBA
MySQL DBA
lalit choudhary
 
MySQL :What's New #GIDS16
MySQL :What's New #GIDS16MySQL :What's New #GIDS16
MySQL :What's New #GIDS16
Sanjay Manwani
 
01 upgrade to my sql8
01 upgrade to my sql8 01 upgrade to my sql8
01 upgrade to my sql8
Ted Wennmark
 
Mysql Introduction
Mysql IntroductionMysql Introduction
Mysql Introduction
hemant meena
 
Using MySQL in Automated Testing
Using MySQL in Automated TestingUsing MySQL in Automated Testing
Using MySQL in Automated Testing
Morgan Tocker
 
MySQL DBA OCP 1Z0-883
MySQL DBA OCP 1Z0-883MySQL DBA OCP 1Z0-883
MySQL DBA OCP 1Z0-883
Kwaye Kant
 
MongoDB 3.0 and WiredTiger (Event: An Evening with MongoDB Dallas 3/10/15)
MongoDB 3.0 and WiredTiger (Event: An Evening with MongoDB Dallas 3/10/15)MongoDB 3.0 and WiredTiger (Event: An Evening with MongoDB Dallas 3/10/15)
MongoDB 3.0 and WiredTiger (Event: An Evening with MongoDB Dallas 3/10/15)
MongoDB
 
Ten Reasons Why You Should Prefer PostgreSQL to MySQL
Ten Reasons Why You Should Prefer PostgreSQL to MySQLTen Reasons Why You Should Prefer PostgreSQL to MySQL
Ten Reasons Why You Should Prefer PostgreSQL to MySQL
anandology
 
13 deploying cloud applications
13 deploying cloud applications13 deploying cloud applications
13 deploying cloud applications
darwinodb
 
Windows azure sql_database_security_isug012013
Windows azure sql_database_security_isug012013Windows azure sql_database_security_isug012013
Windows azure sql_database_security_isug012013
sqlserver.co.il
 
PASS VC: SQL Server Performance Monitoring and Baselining
PASS VC: SQL Server Performance Monitoring and BaseliningPASS VC: SQL Server Performance Monitoring and Baselining
PASS VC: SQL Server Performance Monitoring and Baselining
PARIKSHIT SAVJANI
 
Introduction Mysql
Introduction Mysql Introduction Mysql
Introduction Mysql
Gerben Menschaert
 
JCache (JSR107) - QCon London 2015 & JBCNConf Barcelona 2015
JCache (JSR107) - QCon London 2015 & JBCNConf Barcelona 2015JCache (JSR107) - QCon London 2015 & JBCNConf Barcelona 2015
JCache (JSR107) - QCon London 2015 & JBCNConf Barcelona 2015
David Brimley
 
High Availability with MySQL
High Availability with MySQLHigh Availability with MySQL
High Availability with MySQL
Thava Alagu
 
Cluster your application using CDI and JCache - Jonathan Gallimore
Cluster your application using CDI and JCache - Jonathan GallimoreCluster your application using CDI and JCache - Jonathan Gallimore
Cluster your application using CDI and JCache - Jonathan Gallimore
JAXLondon_Conference
 
MySQL Shell for Database Engineers
MySQL Shell for Database EngineersMySQL Shell for Database Engineers
MySQL Shell for Database Engineers
Mydbops
 
Sq lite presentation
Sq lite presentationSq lite presentation
Sq lite presentation
Prof. Erwin Globio
 
JCache Using JCache
JCache Using JCacheJCache Using JCache
JCache Using JCache
日本Javaユーザーグループ
 
What is new in MariaDB 10.6?
What is new in MariaDB 10.6?What is new in MariaDB 10.6?
What is new in MariaDB 10.6?
Mydbops
 
Slides
SlidesSlides
Slides
webhostingguy
 
Tech Ed North America 2014 - Java on Azure
Tech Ed North America 2014 - Java on AzureTech Ed North America 2014 - Java on Azure
Tech Ed North America 2014 - Java on Azure
Brian Benz
 
Mongo db world 2014 nyc mongodb on azure - tips tricks and examples
Mongo db world 2014 nyc mongodb on azure - tips tricks and examplesMongo db world 2014 nyc mongodb on azure - tips tricks and examples
Mongo db world 2014 nyc mongodb on azure - tips tricks and examples
Brian Benz
 
MySQL HA Percona cluster @ MySQL meetup Mumbai
MySQL HA Percona cluster @ MySQL meetup MumbaiMySQL HA Percona cluster @ MySQL meetup Mumbai
MySQL HA Percona cluster @ MySQL meetup Mumbai
Remote MySQL DBA
 
Application Security
Application SecurityApplication Security
Application Security
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Database application developer and end users
Database application developer and end usersDatabase application developer and end users
Database application developer and end users
Abdul Rehman
 

Weitere ähnliche Inhalte

Was ist angesagt?

Using MySQL in Automated Testing
Using MySQL in Automated TestingUsing MySQL in Automated Testing
Using MySQL in Automated Testing
Morgan Tocker
 
Windows azure sql_database_security_isug012013
Windows azure sql_database_security_isug012013Windows azure sql_database_security_isug012013
Windows azure sql_database_security_isug012013
sqlserver.co.il
 
High Availability with MySQL
High Availability with MySQLHigh Availability with MySQL
High Availability with MySQL
Thava Alagu
 

Was ist angesagt? (20)

Mysql Introduction
Mysql IntroductionMysql Introduction
Mysql Introduction
 
Using MySQL in Automated Testing
Using MySQL in Automated TestingUsing MySQL in Automated Testing
Using MySQL in Automated Testing
 
MySQL DBA OCP 1Z0-883
MySQL DBA OCP 1Z0-883MySQL DBA OCP 1Z0-883
MySQL DBA OCP 1Z0-883
 
MongoDB 3.0 and WiredTiger (Event: An Evening with MongoDB Dallas 3/10/15)
MongoDB 3.0 and WiredTiger (Event: An Evening with MongoDB Dallas 3/10/15)MongoDB 3.0 and WiredTiger (Event: An Evening with MongoDB Dallas 3/10/15)
MongoDB 3.0 and WiredTiger (Event: An Evening with MongoDB Dallas 3/10/15)
 
Ten Reasons Why You Should Prefer PostgreSQL to MySQL
Ten Reasons Why You Should Prefer PostgreSQL to MySQLTen Reasons Why You Should Prefer PostgreSQL to MySQL
Ten Reasons Why You Should Prefer PostgreSQL to MySQL
 
13 deploying cloud applications
13 deploying cloud applications13 deploying cloud applications
13 deploying cloud applications
 
Windows azure sql_database_security_isug012013
Windows azure sql_database_security_isug012013Windows azure sql_database_security_isug012013
Windows azure sql_database_security_isug012013
 
PASS VC: SQL Server Performance Monitoring and Baselining
PASS VC: SQL Server Performance Monitoring and BaseliningPASS VC: SQL Server Performance Monitoring and Baselining
PASS VC: SQL Server Performance Monitoring and Baselining
 
Introduction Mysql
Introduction Mysql Introduction Mysql
Introduction Mysql
 
JCache (JSR107) - QCon London 2015 & JBCNConf Barcelona 2015
JCache (JSR107) - QCon London 2015 & JBCNConf Barcelona 2015JCache (JSR107) - QCon London 2015 & JBCNConf Barcelona 2015
JCache (JSR107) - QCon London 2015 & JBCNConf Barcelona 2015
 
High Availability with MySQL
High Availability with MySQLHigh Availability with MySQL
High Availability with MySQL
 
Cluster your application using CDI and JCache - Jonathan Gallimore
Cluster your application using CDI and JCache - Jonathan GallimoreCluster your application using CDI and JCache - Jonathan Gallimore
Cluster your application using CDI and JCache - Jonathan Gallimore
 
MySQL Shell for Database Engineers
MySQL Shell for Database EngineersMySQL Shell for Database Engineers
MySQL Shell for Database Engineers
 
Sq lite presentation
Sq lite presentationSq lite presentation
Sq lite presentation
 
JCache Using JCache
JCache Using JCacheJCache Using JCache
JCache Using JCache
 
What is new in MariaDB 10.6?
What is new in MariaDB 10.6?What is new in MariaDB 10.6?
What is new in MariaDB 10.6?
 
Slides
SlidesSlides
Slides
 
Tech Ed North America 2014 - Java on Azure
Tech Ed North America 2014 - Java on AzureTech Ed North America 2014 - Java on Azure
Tech Ed North America 2014 - Java on Azure
 
Mongo db world 2014 nyc mongodb on azure - tips tricks and examples
Mongo db world 2014 nyc mongodb on azure - tips tricks and examplesMongo db world 2014 nyc mongodb on azure - tips tricks and examples
Mongo db world 2014 nyc mongodb on azure - tips tricks and examples
 
MySQL HA Percona cluster @ MySQL meetup Mumbai
MySQL HA Percona cluster @ MySQL meetup MumbaiMySQL HA Percona cluster @ MySQL meetup Mumbai
MySQL HA Percona cluster @ MySQL meetup Mumbai
 

Andere mochten auch

Web based database application design using vb.net and sql server
Web based database application design using vb.net and sql serverWeb based database application design using vb.net and sql server
Web based database application design using vb.net and sql server
Ammara Arooj
 

Andere mochten auch (7)

Application Security
Application SecurityApplication Security
Application Security
 
Database application developer and end users
Database application developer and end usersDatabase application developer and end users
Database application developer and end users
 
Database Systems Security
Database Systems SecurityDatabase Systems Security
Database Systems Security
 
Database Security
Database SecurityDatabase Security
Database Security
 
Web based database application design using vb.net and sql server
Web based database application design using vb.net and sql serverWeb based database application design using vb.net and sql server
Web based database application design using vb.net and sql server
 
Database security
Database securityDatabase security
Database security
 
Database Security
Database SecurityDatabase Security
Database Security
 

Ähnlich wie 20131003 pizzasessie db-security

MariaDB Galera Cluster
MariaDB Galera ClusterMariaDB Galera Cluster
MariaDB Galera Cluster
Abdul Manaf
 
Architectures, Frameworks and Infrastructure
Architectures, Frameworks and InfrastructureArchitectures, Frameworks and Infrastructure
Architectures, Frameworks and Infrastructure
harendra_pathak
 
My sql introduction for Bestcom
My sql introduction for BestcomMy sql introduction for Bestcom
My sql introduction for Bestcom
Ivan Tu
 
My S Q L Introduction for 1 day training
My S Q L Introduction for 1 day trainingMy S Q L Introduction for 1 day training
My S Q L Introduction for 1 day training
Ivan Tu
 
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
SpanishPASSVC
 

Ähnlich wie 20131003 pizzasessie db-security (20)

MySQL sys schema deep dive
MySQL sys schema deep diveMySQL sys schema deep dive
MySQL sys schema deep dive
 
The MySQL SYS Schema
The MySQL SYS SchemaThe MySQL SYS Schema
The MySQL SYS Schema
 
Maria DB Galera Cluster for High Availability
Maria DB Galera Cluster for High AvailabilityMaria DB Galera Cluster for High Availability
Maria DB Galera Cluster for High Availability
 
MariaDB Galera Cluster
MariaDB Galera ClusterMariaDB Galera Cluster
MariaDB Galera Cluster
 
Composing your Private Cloud
Composing your Private CloudComposing your Private Cloud
Composing your Private Cloud
 
Rails Security
Rails SecurityRails Security
Rails Security
 
Mysql
MysqlMysql
Mysql
 
Mysql nowwhat
Mysql nowwhatMysql nowwhat
Mysql nowwhat
 
Basic MySQL Troubleshooting for Oracle DBAs
Basic MySQL Troubleshooting for Oracle DBAsBasic MySQL Troubleshooting for Oracle DBAs
Basic MySQL Troubleshooting for Oracle DBAs
 
Architectures, Frameworks and Infrastructure
Architectures, Frameworks and InfrastructureArchitectures, Frameworks and Infrastructure
Architectures, Frameworks and Infrastructure
 
My sql introduction for Bestcom
My sql introduction for BestcomMy sql introduction for Bestcom
My sql introduction for Bestcom
 
My S Q L Introduction for 1 day training
My S Q L Introduction for 1 day trainingMy S Q L Introduction for 1 day training
My S Q L Introduction for 1 day training
 
Disaster Recovery Site Implementation with MySQL
Disaster Recovery Site Implementation with MySQLDisaster Recovery Site Implementation with MySQL
Disaster Recovery Site Implementation with MySQL
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and Response
 
SQL Server 2014 Backup to Azure - SQL Saturday CR 2015
SQL Server 2014 Backup to Azure - SQL Saturday CR 2015SQL Server 2014 Backup to Azure - SQL Saturday CR 2015
SQL Server 2014 Backup to Azure - SQL Saturday CR 2015
 
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
 
AzureSQL Managed Instance (SQLKonferenz 2018)
AzureSQL Managed Instance (SQLKonferenz 2018)AzureSQL Managed Instance (SQLKonferenz 2018)
AzureSQL Managed Instance (SQLKonferenz 2018)
 
MySQL Performance Tuning at COSCUP 2014
MySQL Performance Tuning at COSCUP 2014MySQL Performance Tuning at COSCUP 2014
MySQL Performance Tuning at COSCUP 2014
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
 
SCOM Tips and Tricks
SCOM Tips and TricksSCOM Tips and Tricks
SCOM Tips and Tricks
 

Kürzlich hochgeladen

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 

Kürzlich hochgeladen (20)

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 

20131003 pizzasessie db-security

  • 1. Database Security Jelmer de Reus Utrecht, 3 oktober 2013
  • 2. Overview • • • • • • Inleiding en relevantie Netwerk ecosysteem Logs en Traps Incident & Event Management Operating Systems Implementatie • PostgreSQL • MySQL
  • 3. Inleiding en relevantie • Voorbeelden Security Audits • Ontwikkelingen in attacks • • • • Automated reconnaissance Blind SQLi Bruteforce Pivoting • Ontwikkelingen in tools • Metasploit Framework • Fasttrack, SQLping • Database engines ontwikkelen mee
  • 4. Netwerk Ecosysteem Overview •Deployment in het netwerk •Management access •Netwerk services •Logging •Traffic analysis/IPS
  • 5. Netwerk Ecosysteem Deployment verschillen Services •DB server •DB server + Web server + ? Status •Proof-of-concept •OTA •Productie
  • 6. Netwerk Ecosysteem Deployment issues •Management VLAN (iDRAC/ILO) •Productie VLAN • Private VLAN • Demilitarized Zone •Firewalling • • • • Minimale toegang Logging op specifieke rules IPS enabled indien mogelijk Rules onderhouden/auditen
  • 8. Logs en Traps Local vs remote logging issues Local logging •Log file bescherming •Log file capaciteit/rotation Remote issues •Waar naartoe? •Syslog •SNMPtrap
  • 9. Logs en Traps Log file bescherming: append-only file flags op FreeBSD chflags •chflags sappnd <path>/file.log •ls -lo <path>/file.log Enforcement tegen root users •Securelevel +1 (in single user mode)
  • 10. Logs en Traps Log file bescherming: append-only file flags op GNU/Linux file attributes •chattr -a <path>/file.log •lsattr <path>/file.log Enforcement tegen root users •?
  • 11. Logs en Traps Append-only file flags op GNU/Linux DEMO
  • 12. Incident & Event Management Security Incident & Event Management: •Inputs • • • • Host-based IDS Network IDS Syslog, snmptrap Netflow •Correlatie (SQLi -> id, prio, metadata -> Event) •Management software
  • 13. Incident & Event Management Network IDS/IPS •Check Point IPS blade •Fortinet UTM IPS module •Juniper Mykonos Web Gateway •Snort IDS (FOSS) •SourceFire (nu: Cisco)
  • 14. Incident & Event Management SIEM Software •Tripwire •Check Point SmartEvent •McAfee ESM •AlienVault OSSIM (FOSS)
  • 15. Incident & Event Management DEMO
  • 16. Incident & Event Management SIEM links op het web Check Point Smartevent Event Correlation Software Blade http://www.wickhill.com/products/vendors/product/412/Event-Correlation SmartEvent Software Blade http://rus.checkpoint.com/products/softwareblades/smartevent.html supported event sources http://www.checkpoint.com/products/home_promo/popups/eventia_2005.html McAfee DS SIEM / ESM device support http://www.mcafee.com/cn/resources/data-sheets/ds-siem-device-support-matrix.pdf Alienvault OSSIM How to configure network monitoring in VMware ESXi https://alienvault.bloomfire.com/series/3643 Event Log Integration Guides https://alienvault.bloomfire.com/series/3631 AlienVault Data Plugins - By Vendor https://alienvault.bloomfire.com/series/3631/posts/596580
  • 17. Operating Systems Operating System issues •Hardening •Beheer • Patch Management • Onderhoud •Vendor support •Userland tools
  • 18. Operating Systems Hardening (zie ook netwerk ecosysteem) •Alleen noodzakelijke services •Geen onnodige open poorten •Log files beschermen •Application/Execution control • GNU/Linux: AppArmor, SELinux • FreeBSD: MAC / Capsicum •Toegang strak trekken / bewaken
  • 19. Database implementatie • • • • • • Management access Config files Tablespaces Authenticatie Permissies Role based access control
  • 24. Database Implementatie MySQL gebruikers en permissies (1) adminos@publicwww01:~$ mysql -u root –p … mysql> show databases; | information_schema | | concrete5db01 | | mysql | | performance_schema | mysql> use mysql; mysql> select * from user; ... | Host | User | Password | Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv | Reload_priv | Shutdown_priv | Process_priv | File_priv | Grant_priv | References_priv | Index_priv | Alter_priv | Show_db_priv | Super_priv | Create_tmp_table_priv | Lock_tables_priv | Execute_priv | Repl_slave_priv | Repl_client_priv | Create_view_priv | Show_view_priv | Create_routine_priv | Alter_routine_priv | Create_user_priv | Event_priv | Trigger_priv | Create_tablespace_priv | ssl_type | ssl_cipher | x509_issuer | x509_subject | max_questions | max_updates | max_connections | max_user_connections | plugin | authentication_string
  • 25. Database Implementatie MySQL gebruikers en permissies (2) mysql> select Host,User,Select_priv,Alter_priv,Insert_priv from user; +-------------------------+------------------+-------------+------------+-------------+ | Host | User | Select_priv | Alter_priv | Insert_priv | +-------------------------+------------------+-------------+------------+-------------+ | localhost | root | Y | Y | Y | | publicwww01.localdomain | root | Y | Y | Y | | 127.0.0.1 | root | Y | Y | Y | | ::1 | root | Y | Y | Y | | localhost | concrete5usr | N | N | N | | localhost | debian-sys-maint | Y | Y | Y | | localhost | modxusr | N | N | N | | localhost | modxusr03 | N | N | N | +-------------------------+------------------+-------------+------------+-------------+
  • 26. Database Implementatie MySQL gebruikers en permissies (3) mysql> show grants; +---------------------------------------------------------------------------------------------------------------------------------------+ | Grants for root@localhost | +---------------------------------------------------------------------------------------------------------------------------------------+ | GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD 'ABCD' WITH GRANT OPTION | | GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION | +---------------------------------------------------------------------------------------------------------------------------------------+
  • 27. Bedankt voor je tijd! • Vragen?

Hinweis der Redaktion

  1. {}