Weitere ähnliche Inhalte
Ähnlich wie TLV - MySQL Security overview (20)
Mehr von Mark Swarbrick (16)
Kürzlich hochgeladen (20)
TLV - MySQL Security overview
- 7. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Regulatory Compliance
• Regulations
– PCI – DSS: Payment Card Data
– HIPAA: Privacy of Health Data
– Sarbanes Oxley, GLBA, The USA Patriot Act:
Financial Data, NPI "personally identifiable financial information”
– EU General Data Protection Directive: Protection of Personal Data (GDPR)
• Requirements
– Continuous Monitoring (Users, Schema, Backups, etc)
– Data Protection (Encryption, Privilege Management, etc.)
– Data Retention (Backups, User Activity, etc.)
– Data Auditing (User activity, etc.)
7
- 12. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
EU General Data Protection Regulation (GDPR)
• Data privacy as a fundamental right
Focus is on 3 Areas
• Assessment – Processes, Profiles, Data Sensitivity, Risks
• Prevention – Encryption, Anonymization, Access Controls, Separation of Duties
• Detection – Auditing, Activity monitoring, Alerting, Reporting
Would also suggest there is a 4th
Recovery – Disaster recovery - Backup/Restore, HA
12
- 20. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Prevent - MySQL Enterprise Features and GDPR
• Prevent Attacks (Articles 32, 83, 28, 26, 5, 20, 27, 30, 64)
– MySQL Enterprise Security – Transparent Data Encryption
• Includes Key Management
• Protects Tablespace via Encryption, Keys via Key Manager/Vault integration
– MySQL Enterprise Security – Firewall
• MySQL Firewall Statement/User/IP Whitelists, Rules
– MySQL Enterprise Security – Authentication
• Centralized Authentication Infrastructure
– DBA configurable IP whitelisting, Connection Limits, …
• Via server level and via per Account IP/Hostname Controls, Account resource limits,
– In transit data encryption -
• Full support for TLS 1.2 - X509, Certificate Authorities, Exclude Lists, etc.
20
- 34. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Additional Security Controls
Hashing, Signing, Encryption, Key Ring Functions
– Symmetric Encryption – AES
– Hashing – SHA-2, SHA-1
– Asymmetric Public Key Encryption (RSA)
– Asymmetric Private Key Decryption (RSA)
– Generate Public/Private Key (RSA, DSA, DH)
– Derive Symmetric Keys from Public and Private Key pairs (DH)
– Digitally Sign Data (RSA, DSA)
– Verify Data Signature (RSA, DSA)
– Validation Data Authenticity (RSA, DSA)
– Get, Put Keys with ACLs
Confidential – Oracle Internal 34
- 39. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
39
Enterprise
Security Architecture ¡ ¡ Workbench
• Model
• Data
• Audit Data
• User Management
¡ ¡ Enterprise Monitor
• Identifies Vulnerabilities
• Security hardening policies
• User Monitoring
• Password Monitoring
• Schema Change Monitoring
• Backup Monitoring
¡ Enterprise Encryption
• TDE
• Encryption
• PKI
¡ ¡ Firewall
¡ Key Vault
¡ Enterprise Authentication
• SSO - LDAP, AD, PAM
¡ Network Encryption
¡ Enterprise Audit
• Powerful Rules Engine
¡ Audit Vault
¡ Strong Authentication
¡ Access Controls
¡ Assess
¡ Prevent
¡ Detect
¡ Recover
¡ Enterprise Backup
¡ HA
• Innodb Cluster
¡ Thread Pool