SlideShare a Scribd company logo

Plmce mysql-101-security-basics

Download as ODP, PDF
David Busby, CISSP
David Busby, CISSP

MySQL-101 track ~20 minute talk on security basics. It's important to look outside of mysql and build a strong foundation before looking to MySQL internals for security.

Software
1 of 20
MySQL 101 Security Basics David Busby 2015-04-16
`whoami` • David Busby –Information Security Architect –Percona since Jan 2013 –Several talks on Security 2
You will be compromised • Let's talk about –Kübler-Ross model –Acceptance –Damage Limitation –Mitigation –Focus on what can be controlled 3
You will be compromised • Let's NOT talk about –$three_letter_agencies –$govt –$espionage –$doomsday_scenario 4
Security from the ground up • Let's talk about –A solid foundation –VM, Baremetal –Side channel attacks –Phishing, Spear Phishing –Social Engineering –Unintentional emissions 5
Because … acronyms! • Let's talk about –A.C.L –P.O.L.P –M.A.C –D.A.C –I.D.S / I.P.S –W.A.F 6
Because … acronyms! • I.D.S 7
Because … acronyms! • I.P.S 8
Plugging the holes • Let's talk about – Attack surface – Reduce avenues of access – Reduce visibility – Remove Bad ACLs ANY ↔ ANY:ANY GRANT ALL – Bad file permissions – 0640 files, 0750 dirs 9
Plugging the holes • Let's continue to talk about –Attack surface –Remove redundant packages –Remove redundant services –Isolate the DB system via network ACL –Don't be the guy in the “target vest” 10
Plugging the holes • Let's talk about –MySQL security features –sha256_password –auth_pam –Proxy groups Requires MySQL >= 5.7.7 Or use of auth plugin 11
Plugging the holes • Let's talk about –Selective grants  NO: “ALL on *.*” NO: “SUPER” NO: “WITH GRANT OPTION” 12
Plugging the holes • Let's talk about –MySQL auth handshake && passwords (default 5.x) –Password storage: sha1(sha1(password)) –Auth: SHA1(password) XOR (salt + sha1(sha1(password))) –Strong passwords are KEY! 13
Plugging the holes 14
Plugging the holes 15
Why password complexity is important • We've “recovered” the passwords MUCH: ACA068D24BC58DB72E9D3C2D8D29D43FB6F674D9 PASS: B415DD9C4FB5EF59FE80C4FEBC1F9C715E6E97C4 SUCH: F469EBEEF4AD5F9DE9A0703EABF87DD88A7AF52D BAD: CB7DFF0540F8C51BF178A1502A286FB8F4A2691E WOW: F49091CCA44CEC66E65D3D97EA2C3F92D7636734 16
Plugging the holes • Let's talk about – REQUIRE SSL – Auth takes place over SSL connection – Overhead – ssl_cipher 17
Plugging the holes • Let's talk about – Training your employees – Train yourself – No “head in the sand” – Be aware of potential threats 18
… more acronyms • Let's talk about – B.Y.O.D – I.o.T – Malicous H.I.D – Abusing / Malicious WiFi 19
Because … Demos 20

Recommended

Security its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutSecurity its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutDavid Busby, CISSP
 
PLMCE - Security and why you need to review yours
PLMCE - Security and why you need to review yoursPLMCE - Security and why you need to review yours
PLMCE - Security and why you need to review yoursDavid Busby, CISSP
 
Cumulonimbus fortification-secure-your-data-in-the-cloud
Cumulonimbus fortification-secure-your-data-in-the-cloudCumulonimbus fortification-secure-your-data-in-the-cloud
Cumulonimbus fortification-secure-your-data-in-the-cloudDavid Busby, CISSP
 
Security its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutSecurity its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutDavid Busby, CISSP
 
Security and why you need to review yours.
Security and why you need to review yours.Security and why you need to review yours.
Security and why you need to review yours.David Busby, CISSP
 
Managing secrets at scale
Managing secrets at scaleManaging secrets at scale
Managing secrets at scaleAlex Schoof
 
Mobile Security Basics
Mobile Security BasicsMobile Security Basics
Mobile Security Basicsanandraje
 
Security Basics
Security BasicsSecurity Basics
Security BasicsRishi Prasath
 

Recommended

Security its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutSecurity its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutDavid Busby, CISSP
 
PLMCE - Security and why you need to review yours
PLMCE - Security and why you need to review yoursPLMCE - Security and why you need to review yours
PLMCE - Security and why you need to review yoursDavid Busby, CISSP
 
Cumulonimbus fortification-secure-your-data-in-the-cloud
Cumulonimbus fortification-secure-your-data-in-the-cloudCumulonimbus fortification-secure-your-data-in-the-cloud
Cumulonimbus fortification-secure-your-data-in-the-cloudDavid Busby, CISSP
 
Security its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutSecurity its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutDavid Busby, CISSP
 
Security and why you need to review yours.
Security and why you need to review yours.Security and why you need to review yours.
Security and why you need to review yours.David Busby, CISSP
 
Managing secrets at scale
Managing secrets at scaleManaging secrets at scale
Managing secrets at scaleAlex Schoof
 
Mobile Security Basics
Mobile Security BasicsMobile Security Basics
Mobile Security Basicsanandraje
 
Security Basics
Security BasicsSecurity Basics
Security BasicsRishi Prasath
 
Computer security basics
Computer security basicsComputer security basics
Computer security basicsSrinu Potnuru
 
Network security chapter 6 and 7 internet architecture
Network security chapter 6 and 7 internet architectureNetwork security chapter 6 and 7 internet architecture
Network security chapter 6 and 7 internet architectureMuhammad ismail Shah
 
Security Basics - Internet Safety
Security Basics - Internet SafetySecurity Basics - Internet Safety
Security Basics - Internet SafetyAxxes IT Consultancy
 
Network basics
Network basicsNetwork basics
Network basicsJunaid AJ
 
Network security & cryptography
Network security & cryptographyNetwork security & cryptography
Network security & cryptographyRahulprasad Yadav
 
Network Basics & Internet
Network Basics & InternetNetwork Basics & Internet
Network Basics & InternetVNSGU
 
Internet architecture
Internet architectureInternet architecture
Internet architectureNaman Rastogi
 
Cryptography
CryptographyCryptography
CryptographyDarshini Parikh
 
Cryptography
CryptographyCryptography
CryptographySidharth Mohapatra
 
What exactly is the "Internet of Things"?
What exactly is the "Internet of Things"?What exactly is the "Internet of Things"?
What exactly is the "Internet of Things"?Dr. Mazlan Abbas
 
Basic concepts of computer Networking
Basic concepts of computer NetworkingBasic concepts of computer Networking
Basic concepts of computer NetworkingHj Habib
 
IoT architecture
IoT architectureIoT architecture
IoT architectureSumit Sharma
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
Introduction to computer network
Introduction to computer networkIntroduction to computer network
Introduction to computer networkAshita Agrawal
 
Internet of Things and its applications
Internet of Things and its applicationsInternet of Things and its applications
Internet of Things and its applicationsPasquale Puzio
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park masabamasaba
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastPapp Krisztián
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentHarnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentVictorSzoltysek
 

More Related Content

Viewers also liked

Computer security basics
Computer security basicsComputer security basics
Computer security basicsSrinu Potnuru
 
Network security chapter 6 and 7 internet architecture
Network security chapter 6 and 7 internet architectureNetwork security chapter 6 and 7 internet architecture
Network security chapter 6 and 7 internet architectureMuhammad ismail Shah
 
Network basics
Network basicsNetwork basics
Network basicsJunaid AJ
 
Network security & cryptography
Network security & cryptographyNetwork security & cryptography
Network security & cryptographyRahulprasad Yadav
 
Network Basics & Internet
Network Basics & InternetNetwork Basics & Internet
Network Basics & InternetVNSGU
 
Internet architecture
Internet architectureInternet architecture
Internet architectureNaman Rastogi
 
What exactly is the "Internet of Things"?
What exactly is the "Internet of Things"?What exactly is the "Internet of Things"?
What exactly is the "Internet of Things"?Dr. Mazlan Abbas
 
Basic concepts of computer Networking
Basic concepts of computer NetworkingBasic concepts of computer Networking
Basic concepts of computer NetworkingHj Habib
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
Introduction to computer network
Introduction to computer networkIntroduction to computer network
Introduction to computer networkAshita Agrawal
 
Internet of Things and its applications
Internet of Things and its applicationsInternet of Things and its applications
Internet of Things and its applicationsPasquale Puzio
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 

Viewers also liked (16)

Computer security basics
Computer security basicsComputer security basics
Computer security basics
 
Network security chapter 6 and 7 internet architecture
Network security chapter 6 and 7 internet architectureNetwork security chapter 6 and 7 internet architecture
Network security chapter 6 and 7 internet architecture
 
Security Basics - Internet Safety
Security Basics - Internet SafetySecurity Basics - Internet Safety
Security Basics - Internet Safety
 
Network basics
Network basicsNetwork basics
Network basics
 
Network security & cryptography
Network security & cryptographyNetwork security & cryptography
Network security & cryptography
 
Network Basics & Internet
Network Basics & InternetNetwork Basics & Internet
Network Basics & Internet
 
Internet architecture
Internet architectureInternet architecture
Internet architecture
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
What exactly is the "Internet of Things"?
What exactly is the "Internet of Things"?What exactly is the "Internet of Things"?
What exactly is the "Internet of Things"?
 
Basic concepts of computer Networking
Basic concepts of computer NetworkingBasic concepts of computer Networking
Basic concepts of computer Networking
 
IoT architecture
IoT architectureIoT architecture
IoT architecture
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
Introduction to computer network
Introduction to computer networkIntroduction to computer network
Introduction to computer network
 
Internet of Things and its applications
Internet of Things and its applicationsInternet of Things and its applications
Internet of Things and its applications
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 

Recently uploaded

8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park masabamasaba
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastPapp Krisztián
 
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentHarnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentVictorSzoltysek
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...masabamasaba
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdfPearlKirahMaeRagusta1
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfonteinmasabamasaba
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024VictoriaMetrics
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfkalichargn70th171
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrandmasabamasaba
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park masabamasaba
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...SelfMade bd
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 

Recently uploaded (20)

8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentHarnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 

Plmce mysql-101-security-basics

  • 2. `whoami` • David Busby –Information Security Architect –Percona since Jan 2013 –Several talks on Security 2
  • 3. You will be compromised • Let's talk about –Kübler-Ross model –Acceptance –Damage Limitation –Mitigation –Focus on what can be controlled 3
  • 4. You will be compromised • Let's NOT talk about –$three_letter_agencies –$govt –$espionage –$doomsday_scenario 4
  • 5. Security from the ground up • Let's talk about –A solid foundation –VM, Baremetal –Side channel attacks –Phishing, Spear Phishing –Social Engineering –Unintentional emissions 5
  • 6. Because … acronyms! • Let's talk about –A.C.L –P.O.L.P –M.A.C –D.A.C –I.D.S / I.P.S –W.A.F 6
  • 9. Plugging the holes • Let's talk about – Attack surface – Reduce avenues of access – Reduce visibility – Remove Bad ACLs ANY ↔ ANY:ANY GRANT ALL – Bad file permissions – 0640 files, 0750 dirs 9
  • 10. Plugging the holes • Let's continue to talk about –Attack surface –Remove redundant packages –Remove redundant services –Isolate the DB system via network ACL –Don't be the guy in the “target vest” 10
  • 11. Plugging the holes • Let's talk about –MySQL security features –sha256_password –auth_pam –Proxy groups Requires MySQL >= 5.7.7 Or use of auth plugin 11
  • 12. Plugging the holes • Let's talk about –Selective grants  NO: “ALL on *.*” NO: “SUPER” NO: “WITH GRANT OPTION” 12
  • 13. Plugging the holes • Let's talk about –MySQL auth handshake && passwords (default 5.x) –Password storage: sha1(sha1(password)) –Auth: SHA1(password) XOR (salt + sha1(sha1(password))) –Strong passwords are KEY! 13
  • 16. Why password complexity is important • We've “recovered” the passwords MUCH: ACA068D24BC58DB72E9D3C2D8D29D43FB6F674D9 PASS: B415DD9C4FB5EF59FE80C4FEBC1F9C715E6E97C4 SUCH: F469EBEEF4AD5F9DE9A0703EABF87DD88A7AF52D BAD: CB7DFF0540F8C51BF178A1502A286FB8F4A2691E WOW: F49091CCA44CEC66E65D3D97EA2C3F92D7636734 16
  • 17. Plugging the holes • Let's talk about – REQUIRE SSL – Auth takes place over SSL connection – Overhead – ssl_cipher 17
  • 18. Plugging the holes • Let's talk about – Training your employees – Train yourself – No “head in the sand” – Be aware of potential threats 18
  • 19. … more acronyms • Let's talk about – B.Y.O.D – I.o.T – Malicous H.I.D – Abusing / Malicious WiFi 19

Editor's Notes

  1. Kübler-Ross model for grief. - Denial - Anger - Bargaining - Depression - Acceptance
  2. Kübler-Ross model for grief. - Denial - Anger - Bargaining - Depression - Acceptance