about securich
play

About Securich Started April 2009 Migration from Sybase to MySQL - PowerPoint PPT Presentation

Apr 10, 2023 •45 likes •325 views

About Securich Started April 2009 Migration from Sybase to MySQL inspired it Open Sourced June 2009 v0.1.1 Current version v0.2.5 GPLv2 (Sharing is Caring) Supported on MySQL 5.1.12 + NDB cluster - untested DBA

  2. About Securich  Started April 2009  Migration from Sybase to MySQL inspired it  Open Sourced June 2009 v0.1.1  Current version v0.2.5  GPLv2 (Sharing is Caring)  Supported on MySQL 5.1.12 +  NDB cluster - untested

  3. DBA responsibilities TO US DATA IS SACRED WE NEED TO PROTECT IT

  4. User management  How often do we audit user privileges and access levels?  Do we forget to remove temporary privileges once the user is done with the task?  How fast do we revoke access to former employees or compromised users?

  5. MySQL security model Privileges checking hierarchy USER • GRANTED - EXECUTE QUERY • DENIED check db table DB • GRANTED - EXECUTE QUERY • DENIED check tables_priv table TABLES • GRANTED - EXECUTE QUERY • DENIED check columns_priv table • GRANTED - EXECUTE QUERY COLUMNS • DENIED - BLOCK

  6. MySQL Security Model PROS  Authentication against 'username'@'hostname'  Password hashed by PASSWORD() function  Wide range of privileges  Intelligent control for requests of granting privileges (can’t grant what user doesn’t already have privileges on etc)

  7. MySQL Security Model  Quotes from “High Performance MySQL 2 nd Ed” " ..... MySQL doesn’t provide any functionality for User groups or roles , as they’re variously known in other database servers ..... " " ..... MySQL also doesn’t provide any way for an administrator to enforce good password standards ..... "

  8. MySQL Security Model  Passwords limits not available • No password size limit • No password history limitations • No password complexity meter • No password minimum age  Complex to manage  No roles  No user cloning  Easily unsecured

  9. MySQL Security Model  Passwords limits made available • Password size limit securich adds • Password history • Password complexity meter • Password minimum age  Easier to manage  Pseudo roles provided  Users can be cloned  MySQL is secured on installation

  10. SECURI - Roles  What is a role ?  A role is a set or group of privileges that can be granted to users.

  11. SECURI - Cloning

  12. SECURI securich mysql information schema create / grant / set password reconciliation revoke drop

  13. SECURI  PROS • Backend Open source • Very easy to install, upgrade, manage and uninstall • Doesn’t remove any prior functionalities • Enables migration from mysql to securich • Enables roles • Enhances password security • Enables user cloning • Enables granting privileges on tables using regexp • Enables revoking privileges on tables using regexp

  14. SECURI  PROS • Lightweight – Doesn’t require special resources • Self explanatory design • Compatible with MySQL 5.1.12 onwards • Friendlier display of `show grants` • Embedded `help` - documentation • Dynamic roles • Enables temporary block and unblock user • Stores user creation date and time

  15. SECURI  PROS • Password dictionary compare • Password complexity – Configurable • Audits changes in roles • Audits password changes • Audits grants and revokes • Restricts password changes to current user • Steady updates / new features • Assumes no_auto_create • Users can check their own privileges

  16. SECURI  PROS • Users can be safely renamed • Outputs suggestions if error is encountered • Option to kill user connections when revoking privileges • Enables reserved usernames • Doesn’t permit grants to the ‘mysql’ database • It doesn’t need Perl or other kind of compiler or interpreter • GUI is open source and platform independent

  17. SECURI - Cons • Doesn’t work on versions 5.1.11 and earlier because of certain types of prepared statements, it uses the information_schema and new password hashing • No column level privileges (future feature) • No functions privileges (future feature) • Emailing user about password expiry is in bash (not SQL) • It is beta

  18. SECURI - Passwords  Password setting by user requires old password  Password needs to be not less than eight characters (configurable)  Password complexity is configurable through sec_config or sam-my: Password length Special Characters Uppercase Dictionary check Lowercase Username equivalent check Numbers  Password complexity is only NOT obeyed when password is changed by root  Password history stores last five passwords

  19. SECURI Live Demo

  20. SECURI - Design

  21. SECURI - Credits TradingScreen Nicklas Westerlund and Lenz Grimmer Big guys Command line Applications / Web app MySQL DB vi / vim SQL Yog + Wine MySQL Workbench screen Text Wrangler MySQL Docs visor Mac VIM Google (chrome / code) unix tools / bash XAMPP

  22. SECURI THANK

  23. SECURI - Thank You Darren Cassar Skype: darren.cassar Email: darren@darrencassar.com Email: info@securich.com URL: http://www.securich.com URL: http://code.google.com/p/securich URL: http://code.google.com/p/sam-my Blog: http://www.mysqlpreacher.com

  24. SECURI

  25. SECURI

  26. SECURI

  27. SECURI

  28. SECURI

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CARES Economic Adjustment Assistance (EAA) at US EDA Program Impact Video #4 Henan Li Asia

CARES Economic Adjustment Assistance (EAA) at US EDA Program Impact Video #4 Henan Li Asia

CARES Economic Adjustment Assistance (EAA) at US EDA Program Impact Video #4 Henan Li Asia Trade and Investment Representative Henan.li@gobiz.ca.gov Overview Questions Submit using the link provided below this video. Survey

338 views • 13 slides
Deployment With The Magic Of PowerShell and Chocolatey Paul Broadwith @pauby

Deployment With The Magic Of PowerShell and Chocolatey Paul Broadwith @pauby

Click Free Application Deployment With The Magic Of PowerShell and Chocolatey Paul Broadwith @pauby https://blog.pauby.com Who Am I? Paul Broadwith, Glasgow, Scotland 25+ years in defence, government, financial sectors Lead

621 views • 26 slides
E@syFile Employer 2019 02 Enhancements Additional supporting documents can be found on

E@syFile Employer 2019 02 Enhancements Additional supporting documents can be found on

E@syFile Employer 2019 02 Enhancements Additional supporting documents can be found on www.sars.gov.za (search for PAYE BRS, E@syFile Release Notes, E@syFile User Guide) Filing Season 1st April End of May Update to pop-up message

741 views • 61 slides
P14031: Jib Transfer Bench Matt Brunelle Nicole Conway Mike Kennedy Katy Wurman 1 Agenda

P14031: Jib Transfer Bench Matt Brunelle Nicole Conway Mike Kennedy Katy Wurman 1 Agenda

System Design Part 1 P14031: Jib Transfer Bench Matt Brunelle Nicole Conway Mike Kennedy Katy Wurman 1 Agenda Tuesday Project Management Discussion Problem Statement and Background o Customer Requirements & Engineering

745 views • 45 slides
IT Management, Simplified Real-time IT management solution for the new speed of business

IT Management, Simplified Real-time IT management solution for the new speed of business

IT Management, Simplified Real-time IT management solution for the new speed of business Enterprise IT management soware division of Zoho Corporation Founded in 1996 as AdventNet Privately held, Rock solid Supplier and Partner Headquartered

823 views • 28 slides
DestinationOakland.com Oakland County 1 .2 m illion residents, 9 1 0 m iles 6 2

DestinationOakland.com Oakland County 1 .2 m illion residents, 9 1 0 m iles 6 2

DestinationOakland.com Oakland County 1 .2 m illion residents, 9 1 0 m iles 6 2 units of governm ent 1 4 4 0 lakes 5 m ajor river system s Oakland County Parks By the and Recreation Numbers: 1 3 parks

438 views • 16 slides
Solution Sales Training 2020 be seen be heard bAlert Critical Communication Cycle Critical

Solution Sales Training 2020 be seen be heard bAlert Critical Communication Cycle Critical

Solution Sales Training 2020 be seen be heard bAlert Critical Communication Cycle Critical Event Occurs Community members alert authorities with Blue Light Tower Communication continues as community In parking lots, garages members &

620 views • 45 slides
Cars.com Second Quarter 2018 Earnings August 8, 2018 Forward-Looking Statements This

Cars.com Second Quarter 2018 Earnings August 8, 2018 Forward-Looking Statements This

Cars.com Second Quarter 2018 Earnings August 8, 2018 Forward-Looking Statements This presentation contains forward-looking statements within the meaning of the federal securities laws. All statements other than statements of historical

783 views • 26 slides
FY15 Preliminary Results Presentation 9 th December 2015 Agenda Simon Cooper FY15 Highlights

FY15 Preliminary Results Presentation 9 th December 2015 Agenda Simon Cooper FY15 Highlights

FY15 Preliminary Results Presentation 9 th December 2015 Agenda Simon Cooper FY15 Highlights CEO Wendy Parry Financial Performance FY15 CFO Evolution of Key Drivers Simon Cooper Summary and Outlook CEO Q and A 2 FY15

370 views • 20 slides
Agenda Quick Poll Report Out Your Resources Quick Poll - Media Diet Menti Meter Open

Agenda Quick Poll Report Out Your Resources Quick Poll - Media Diet Menti Meter Open

Agenda Quick Poll Report Out Your Resources Quick Poll - Media Diet Menti Meter Open www.menti.com on your phone or laptop Enter code 23 23 37 Apprenticeship Evolution Campaign USDOL Grant CDLE/CWDC spent $200,000 of a U.S.

477 views • 18 slides
A year of transition WORCESTER ART MUSEUM Hiatt gallery In Search of Julien Hudson: Free Artist

A year of transition WORCESTER ART MUSEUM Hiatt gallery In Search of Julien Hudson: Free Artist

Directors Report FY 2012 A year of transition WORCESTER ART MUSEUM Hiatt gallery In Search of Julien Hudson: Free Artist of Color in Pre-Civil War New Orleans Reinstallation Japanese gallery Acquisitions Conservation Christ of Saint

436 views • 16 slides
25 February 2020 ASX Market Announcements Office Dear Sir/Madam SEEK Limited ( SEEK ) - FY2020

25 February 2020 ASX Market Announcements Office Dear Sir/Madam SEEK Limited ( SEEK ) - FY2020

25 February 2020 ASX Market Announcements Office Dear Sir/Madam SEEK Limited ( SEEK ) - FY2020 Half Year Results Presentation In accordance with the Listing Rules, SEEK releases its FY2020 Half Year Results Presentation to the market. This

472 views • 43 slides
National City Tourism Marketing District (TMD) 2015 Marketing Campaign Public Relations - TV

National City Tourism Marketing District (TMD) 2015 Marketing Campaign Public Relations - TV

National City Tourism Marketing District (TMD) 2015 Marketing Campaign Public Relations - TV Visit National City has been showcased in traditional media such as print, radio and TV. Culturally appropriate, precise English-and Spanish-language

521 views • 24 slides
BOARD MEETING Marketing Update January 13, 2020 PR REPORT November Update Using Cision, we

BOARD MEETING Marketing Update January 13, 2020 PR REPORT November Update Using Cision, we

BOARD MEETING Marketing Update January 13, 2020 PR REPORT November Update Using Cision, we track UVPM (unique visitors per month) and publicity value for stories trackable by the service. In November, we received a UVPM of 24.4M and a publicity

296 views • 12 slides
Why a an E Eve vent Strategy? Addison invests considerable resources annually to support the

Why a an E Eve vent Strategy? Addison invests considerable resources annually to support the

Why a an E Eve vent Strategy? Addison invests considerable resources annually to support the planning, promotion and infrastructure required to host events and attract visitors to Addison. This strategy aims to ensure that funds and

487 views • 25 slides
Initiative Forum: First results and next steps #EUTakeTheInitiative

Initiative Forum: First results and next steps #EUTakeTheInitiative

European Citizens' Initiative Forum: First results and next steps #EUTakeTheInitiative ec.europa.eu/citizens-initiative ECI Forum |Context and Objectives Pilot project suggested by the EP Objectives: Provide information and

365 views • 12 slides
Sir Christopher Gent Sir Christopher Gent Chief Executive Chief Executive Vodafone Group Plc

Sir Christopher Gent Sir Christopher Gent Chief Executive Chief Executive Vodafone Group Plc

Sir Christopher Gent Sir Christopher Gent Chief Executive Chief Executive Vodafone Group Plc Vodafone Group Plc Agenda Agenda Overview of the results Overview of the results Sir Christopher Gent Sir Christopher Gent Analysis of

739 views • 63 slides
Gifted Services: Program Evaluation Regina Van Horne Assistant Director, Evaluation Cheryl

Gifted Services: Program Evaluation Regina Van Horne Assistant Director, Evaluation Cheryl

Gifted Services: Program Evaluation Regina Van Horne Assistant Director, Evaluation Cheryl McCullough Supervisor, Gifted Services June 29, 2017 Gifted Services: Goals and Services Data-driven differentiation Curricular resources

478 views • 18 slides
THE ROAD TO UNIVERSAL PRE-K IN RHODE ISLAND 2019 C O N T E N T S : The Vision 3 The Value 5 The

THE ROAD TO UNIVERSAL PRE-K IN RHODE ISLAND 2019 C O N T E N T S : The Vision 3 The Value 5 The

THE ROAD TO UNIVERSAL PRE-K IN RHODE ISLAND 2019 C O N T E N T S : The Vision 3 The Value 5 The Current State 6 The Plan 7 The Investment 8 The Road Ahead 9 3 V I S I O N VA L U E C U R R E N T S TAT E P L A N I N V E S T M E N T

282 views • 11 slides
Welcome to GSA Schedule 36 Records Management Industry Day 1 Schedule 36 Industry Day Lisa

Welcome to GSA Schedule 36 Records Management Industry Day 1 Schedule 36 Industry Day Lisa

Welcome to GSA Schedule 36 Records Management Industry Day 1 Schedule 36 Industry Day Lisa Haralampus Director, Records Management Policy and Outreach Courtney Anderson, Electronic Records Policy Analyst Jeffrey Auser Contracting

524 views • 36 slides
Universal Credit 1 Universal Credit - overview Housing Benefit Income based Income based

Universal Credit 1 Universal Credit - overview Housing Benefit Income based Income based

Universal Credit 1 Universal Credit - overview Housing Benefit Income based Income based Jobseekers Employment Allowance and Support Allowance Universal Credit Working Child Tax Tax Credit Credits Income Support Will replace

197 views • 17 slides
Universal Plug and Play Eventing Vulnerabilities Joeri Blokhuis February 4, 2009 Joeri Blokhuis

Universal Plug and Play Eventing Vulnerabilities Joeri Blokhuis February 4, 2009 Joeri Blokhuis

Outline Research question Introduction Eventing Research Conclusion Universal Plug and Play Eventing Vulnerabilities Joeri Blokhuis February 4, 2009 Joeri Blokhuis Universal Plug and Play Eventing Vulnerabilities Outline Research

477 views • 18 slides
SARVAM UCS Unified Communication Server Unified Communication Server for Modern Enterprises

SARVAM UCS Unified Communication Server Unified Communication Server for Modern Enterprises

SARVAM UCS Unified Communication Server Unified Communication Server for Modern Enterprises www.nutechsolution.com UNIFIED NETWORKS COLLABORATION UYOD UYOD UNIFIED SARVAM UCS MOBILITY MESSAGING www.nutechsolution.com UNIFIED NETWORKS

1.12k views • 32 slides
RATIONALIZATION OF INFORMATION TECHNOLOGY (IT) INITIATIVES IN GOVERNMENT MDAs BY JAMES SAAKA

RATIONALIZATION OF INFORMATION TECHNOLOGY (IT) INITIATIVES IN GOVERNMENT MDAs BY JAMES SAAKA

National Information Technology Authority Uganda (NITA-U) RATIONALIZATION OF INFORMATION TECHNOLOGY (IT) INITIATIVES IN GOVERNMENT MDAs BY JAMES SAAKA EXECUTIVE DIRECTOR NATIONAL INFORMATION TECHNOLOGY AUTHORITY, UGANDA 1 ABOUT NITA-U .....

464 views • 19 slides

More recommend