Practical Use Cases for ACLs in Redis 6 by Jamie Scott - Redis Day Seattle 2020

•Descargar como PPTX, PDF•

0 recomendaciones•302 vistas

Redis Labs

Practical Use Cases for ACLs in Redis 6

Software

PRESENTED
BY
1 New Security Features in Redis 6.0 Release Candidate.
Discussion of the paradigm shifts in the ways you can secure Redis OSS.
2 Use Cases for Access Control Lists (ACLs)
Describe possible use cases for ACLs & create an open-discussion to facilitate brainstorming of
additional use cases
3 ACL Demo
Demonstration of the new access control list features in ACLs along with use cases
Agenda:

PRESENTED
BY
New Security Features: Redis 6 Open Source Release Candidate
Out of the box Encryption in Transit
Key Space and Command Restrictions
Multiple Access Control List Users

PRESENTED
BY
Redis ACLs allow users to facilitate access strategies based on key design.
• ACLs allow users to enhance operational security by defining what a user is
allowed to access.
– Tags, Classifications, Labels (~<pattern>:*) assign labels for access.
Design Data Security Labels with Key Restrictions
Key = secret:users:u123:password

PRESENTED
BY
Labels for Key Restrictions (Demo)
Label Redis Key Value ACL Rule
Secret secret:users:1:password 5f4dcc3b5aa765d6
1d8327deb882cf99
~secret:*
Secret secret:users:2:ccn 489-36-8350 ~secret:*
Public public:users:1:username Itamar ~public:*
Redis ACLs can be used to facilitate discretionary and mandatory access controls
Fake Data Source:
https://dlptest.com/sample-data/
User Access
serviceaccount ~secret:* ~public:* ~@secret:* ~@public:* -@all +set +get
admin +@admin (No Key Permissions only admin)
useraccount ~public:* +@all -@dangerous -@admin
>ACL WHOAMI
"useraccount"
> get secret:users:1:password
(error) NOPERM this user has no permissions to access
one of the keys used as arguments
>ACL WHOAMI
“serviceaccount”
>get secret:users:1:password
“"5f4dcc3b5aa765d61d8327deb882cf99"

PRESENTED
BY
Redis ACLs allow users to facilitate access strategies based on key design.
• Compromise Path = New User Backdoor > Keys or Scan > Type > Goodies
>acl whoami
“default”
>acl setuser backdoor on >pwnd ~* +@all
>keys *
>type secret:users:1:password
“string”
>get secret:users:1:password
• To err is to be human - planning helps!
ACL Command Restrictions Enable Operational Security

PRESENTED
BY
ACL Command Operational Designs (Demo)
Normal Users
Customer
Security
Service
Accounts for
Operations Administrators

Más contenido relacionado

La actualidad más candente

암호화 이것만 알면 된다.

KwangSeob Jeong

Get Hands-On with NGINX and QUIC+HTTP/3

NGINX, Inc.

HashiCorp's Vault - The Examples

Michał Czeraszkiewicz

(참고) Elk stack 설치 및 kafka

NoahKIM36

Scylla includes multiple features that collectively provide a robust security model. Most recently we announced support for encryption-at-rest in Scylla Enterprise. This enables you to lock-down your data even in multi-tenant and hybrid deployments of Scylla. Join Tzach and Dejan for an overview of security in Scylla and to see how you can approach it holistically using the array of Scylla capabilities. He will review Scylla Security features, from basic to more advanced, including: Reducing your attack surface Authorization & Authentication Role-Based Access Control Encryption at Transit Encryption at Rest, in 2019.1.1 and beyond LDAP authentication is a common requirement for any enterprise software. It gives users consistent login procedures across multiple components of the IT infrastructure, while centralizing the control of access rights. Scylla Enterprise now supports authentication via LDAP. We will look into how to configure Scylla Enterprise for LDAP interaction and how to fine-tune access control through it.

How to Secure Your Scylla Deployment: Authorization, Encryption, LDAP Authent...

ScyllaDB

Introduction to Redis

Dvir Volk

How does PostgreSQL work with disks: a DBA's checklist in detail. PGConf.US 2015

PostgreSQL-Consulting

Running any application in a multi-tenant environment poses its challenges. This talk is focused around how we at Rackspace run Redis in a multi-tenant environment, ensuring security, performance, fault tolerance and high availability. This talk will cover: an architecture deep dive of multi tenant Redis on the cloud, management of sentinels, monitoring and operations of a large scale Redis deployment,introducing new Redis versions,scaling, security, some lessons learnt. The target audience for this talk is anyone who is interested in the deployment/operational aspect of running Redis. This is relevant not only for those who want to run Redis themselves, but also interested in how a Redis provider might be doing it for them.

Redis in a Multi Tenant Environment–High Availability, Monitoring & Much More!

Redis Labs

OWASP AppSecCali 2015 - Marshalling Pickles

Christopher Frohoff

Introduction to redis

Tanu Siwag

ZeroNights 2018 | I <"3 XSS

Дмитрий Бумов

Introduction to ELK

YuHsuan Chen

Spring boot 를 적용한 전사모니터링 시스템 backend 개발 사례

Jemin Huh

Redis is an open source in memory database which is easy to use. In this introductory presentation, several features will be discussed including use cases. The datatypes will be elaborated, publish subscribe features, persistence will be discussed including client implementations in Node and Spring Boot. After this presentation, you will have a basic understanding of what Redis is and you will have enough knowledge to get started with your first implementation!

Introduction to Redis

Maarten Smeets

[pgday.Seoul 2022] POSTGRES 테스트코드로 기여하기 - 이동욱

PgDay.Seoul

Introduction to memcached

Jurriaan Persyn

SIP & TLS - Security in a peer to peer world

Olle E Johansson

Slides from a talk given at DevSecCon on 206h October 2016 http://www.devseccon.com/blog/session/automating-owasp-zap/ The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular and best maintained free security tools. In this workshop you will learn how to automate security tests using ZAP. These tests can then be included in your continuous integration / delivery pipeline. Simon will cover the range of integration options available and then walk you through automating ZAP against a test application. The ZAP UI will be used to explain the concepts and python scripting used to drive ZAP via its API – this can then also be used to drive ZAP in daemon mode. This workshop is aimed at anyone interested in automating ZAP for security testing, including developers, functional testers (QA) and security/pentesters.

Automating OWASP ZAP - DevCSecCon talk

Simon Bennetts

Redis Streams

Redis Labs

aclpwn - Active Directory ACL exploitation with BloodHound

DirkjanMollema

La actualidad más candente (20)

암호화 이것만 알면 된다.

Get Hands-On with NGINX and QUIC+HTTP/3

HashiCorp's Vault - The Examples

(참고) Elk stack 설치 및 kafka

How to Secure Your Scylla Deployment: Authorization, Encryption, LDAP Authent...

Introduction to Redis

How does PostgreSQL work with disks: a DBA's checklist in detail. PGConf.US 2015

Redis in a Multi Tenant Environment–High Availability, Monitoring & Much More!

OWASP AppSecCali 2015 - Marshalling Pickles

Introduction to redis

ZeroNights 2018 | I <"3 XSS

Introduction to ELK

Spring boot 를 적용한 전사모니터링 시스템 backend 개발 사례

Introduction to Redis

[pgday.Seoul 2022] POSTGRES 테스트코드로 기여하기 - 이동욱

Introduction to memcached

SIP & TLS - Security in a peer to peer world

Automating OWASP ZAP - DevCSecCon talk

Redis Streams

aclpwn - Active Directory ACL exploitation with BloodHound

Similar a Practical Use Cases for ACLs in Redis 6 by Jamie Scott - Redis Day Seattle 2020

This talk will review the advanced security features in DataStax Enterprise and discuss best practices for secure deployments. In particular, topics reviewed will cover: Authentication with Kerberos & LDAP/Active Directory, Role-based Authorization and LDAP role assignment, Auditing, Securing network communication, Encrypting data files and using the Key-Management Interoperability Protocol (KMIP) for secure off-host key management. The talk will also suggest strategies for addressing security needs not met directly by the built-in features of the database such as how to address applications that require Attribute Based Access Control (ABAC). About the Speaker Matt Kennedy Sr. Product Manager, DataStax Matt Kennedy works at DataStax as the product manager for DataStax Enterprise Core. Matt has been a Cassandra user and occasional contributor since version 0.7 and was named a Cassandra MVP in 2013 shortly before joining DataStax. Unlike Cassandra, Matt is not partition tolerant.

DataStax | Best Practices for Securing DataStax Enterprise (Matt Kennedy) | C...

DataStax

The webinar will review a multi-layered framework for PostgreSQL security, with a deeper focus on limiting access to the database and data, as well as securing the data. Using the popular AAA (Authentication, Authorisation, Auditing) framework EnterpriseDB will cover: - Best practices for authentication (trust, certificate, MD5, Scram, etc). - Advanced approaches, such as password profiles. - Deep dive of authorisation and data access control for roles, database objects (tables, etc), view usage, row-level security, and data redaction. - Auditing, encryption, and SQL injection attack prevention

Kangaroot EDB Webinar Best Practices in Security with PostgreSQL

Kangaroot

The webinar will review a multi-layered framework for PostgreSQL security, with a deeper focus on limiting access to the database and data, as well as securing the data. Using the popular AAA (Authentication, Authorization, Auditing) framework we will cover: - Best practices for authentication (trust, certificate, MD5, Scram, etc). - Advanced approaches, such as password profiles. - Deep dive of authorization and data access control for roles, database objects (tables, etc), view usage, row-level security, and data redaction. - Auditing, encryption, and SQL injection attack prevention. Note: this session is delivered in French

Best Practices in Security with PostgreSQL

EDB

Sql Server Security

Vinod Kumar

Rundeck Office Hours: Best Practices for Access Control Policies

TraciMyers6

Join us this month for an AMA discussion followed by a live Q&A led by technical experts from Rundeck’s engineering, product, and solution engineering teams. Experts are available to provide advice on your technical architecture, give recommendations for operational best practices, review current Github issues, or dive into the open source code itself. Don’t miss the opportunity to learn Rundeck product best practices and ask experts your questions about Rundeck. https://www.rundeck.com/rundeck-office-hours

Rundeck Office Hours: Best Practices Access Control Policies

Rundeck

2008 08-12 SELinux: A Key Component in Secure Infrastructures

Shawn Wells

Presentation database security enhancements with oracle

xKinAnx

Trusted extensions-gdansk-v1 0

Kevin Mayo

Creating a Multi-Layered Secured Postgres Database

EDB

DB2 10 Security Enhancements

Laura Hood

Overview of RedDatabase 2.5

Mind The Firebird

Cognitive data capture with Elis - Rossum's technical webinar

Petr Baudis

In this session get an overview of all the new security features in MySQL 8.0 and how they fit together to answer the modern security challenges. MySQL 8 takes a new step in tightening the security of MySQL installations and provides new and flexible tools including a brand new default authentication method, SQL roles, enhancements in transparent disk encryption, and modern password controls on password reuse, complexity, and brute force password guessing.

Percona Live Europe 2018: What's New in MySQL 8.0 Security

Georgi Kodinov

We will review a multi-layered framework for PostgreSQL security, with a deeper focus on limiting access to the database and data, as well as securing the data. Using the popular AAA (Authentication, Authorization, Auditing) framework we will cover: Best practices for authentication (trust, certificate, MD5, Scram, etc). Advanced approaches, such as password profiles. Deep dive of authorization and data access control for roles, database objects (tables etc), view usage, row level security and data redaction. Auditing, encryption and SQL injection attack prevention.

Best Practices in Security with PostgreSQL

EDB

The webinar will review a multi-layered framework for PostgreSQL security, with a deeper focus on limiting access to the database and data, as well as securing the data. Using the popular AAA (Authentication, Authorization, Auditing) framework we will cover: - Best practices for authentication (trust, certificate, MD5, Scram, etc). - Advanced approaches, such as password profiles. - Deep dive of authorization and data access control for roles, database objects (tables, etc), view usage, row-level security, and data redaction. - Auditing, encryption, and SQL injection attack prevention. Note: this session is delivered in German Speaker: Borys Neselovskyi, Sales Engineer, EDB

Best Practices in Security with PostgreSQL

EDB

Odv oracle customer_demo

Viaggio Italia

Chapter 3 access control fundamental i

Syaiful Ahdan

CCNA4 Verson6 Chapter4

Chaing Ravuth

(Vahid Fereydouny, Confluent) Kafka Summit SF 2018 Security and compliance are key concerns for many organizations today and it is very important that we can meet these requirements in our platform. This is also extremely critical for customers who are adopting Confluent cloud offerings, since moving the streaming platform to cloud exposes new security and governance issues. In this session, we will discuss how Confluent is providing control and visibility to address these concerns and enable secure streaming platforms. We will cover the main pillars of IT security in access control (authentication, authorization), data confidentiality (encryption) and auditing.

End-End Security with Confluent Platform

confluent

Similar a Practical Use Cases for ACLs in Redis 6 by Jamie Scott - Redis Day Seattle 2020 (20)

DataStax | Best Practices for Securing DataStax Enterprise (Matt Kennedy) | C...

Kangaroot EDB Webinar Best Practices in Security with PostgreSQL

Best Practices in Security with PostgreSQL

Sql Server Security

Rundeck Office Hours: Best Practices for Access Control Policies

Rundeck Office Hours: Best Practices Access Control Policies

2008 08-12 SELinux: A Key Component in Secure Infrastructures

Presentation database security enhancements with oracle

Trusted extensions-gdansk-v1 0

Creating a Multi-Layered Secured Postgres Database

DB2 10 Security Enhancements

Overview of RedDatabase 2.5

Cognitive data capture with Elis - Rossum's technical webinar

Percona Live Europe 2018: What's New in MySQL 8.0 Security

Best Practices in Security with PostgreSQL

Odv oracle customer_demo

Chapter 3 access control fundamental i

CCNA4 Verson6 Chapter4

End-End Security with Confluent Platform

Más de Redis Labs

Redis Day Bangalore 2020 - Session state caching with redis

Redis Labs

Protecting Your API with Redis by Jane Paek - Redis Day Seattle 2020

Redis Labs

The Happy Marriage of Redis and Protobuf by Scott Haines of Twilio - Redis Da...

Redis Labs

SQL, Redis and Kubernetes by Paul Stanton of Windocks - Redis Day Seattle 2020

Redis Labs

Rust and Redis - Solving Problems for Kubernetes by Ravi Jagannathan of VMwar...

Redis Labs

Redis for Data Science and Engineering by Dmitry Polyakovsky of Oracle

Redis Labs

Moving Beyond Cache by Yiftach Shoolman Redis Labs - Redis Day Seattle 2020

Redis Labs

Leveraging Redis for System Monitoring by Adam McCormick of SBG - Redis Day S...

Redis Labs

JSON in Redis - When to use RedisJSON by Jay Won of Coupang - Redis Day Seatt...

Redis Labs

Highly Available Persistent Session Management Service by Mohamed Elmergawi o...

Redis Labs

Anatomy of a Redis Command by Madelyn Olson of Amazon Web Services - Redis Da...

Redis Labs

Building a Multi-dimensional Analytics Engine with RedisGraph by Matthew Goos...

Redis Labs

RediSearch 1.6 by Pieter Cailliau - Redis Day Bangalore 2020

Redis Labs

RedisGraph 2.0 by Pieter Cailliau - Redis Day Bangalore 2020

Redis Labs

RedisTimeSeries 1.2 by Pieter Cailliau - Redis Day Bangalore 2020

Redis Labs

RedisAI 0.9 by Sherin Thomas of Tensorwerk - Redis Day Bangalore 2020

Redis Labs

Rate-Limiting 30 Million requests by Vijay Lakshminarayanan and Girish Koundi...

Redis Labs

Three Pillars of Observability by Rajalakshmi Raji Srinivasan of Site24x7 Zoh...

Redis Labs

Solving Complex Scaling Problems by Prashant Kumar and Abhishek Jain of Myntr...

Redis Labs

Redis as a High Scale Swiss Army Knife by Rahul Dagar and Abhishek Gupta of G...

Redis Labs

Más de Redis Labs (20)