Upload File

mysql 8.0: security - percona · ¡ensure service is not interrupted as a result of a security...

  • Home
  • Documents
  • MySQL 8.0: Security - Percona · ¡Ensure service is not interrupted as a result of a security incident ¡Even through the outage of a primary database ¡Forensics – post mortem
25
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | MySQL 8.0: Security Georgi “Joro” Kodinov, Senior Software Development Manager Mike Frank, Product Management Director

Upload: others

Post on 20-Mar-2020

2 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: MySQL 8.0: Security - Percona · ¡Ensure service is not interrupted as a result of a security incident ¡Even through the outage of a primary database ¡Forensics – post mortem

Copyright©2017, Oracleand/oritsaffiliates.Allrightsreserved.|

MySQL8.0:Security

Georgi“Joro”Kodinov,SeniorSoftwareDevelopmentManager

MikeFrank,ProductManagementDirector

Page 2: MySQL 8.0: Security - Percona · ¡Ensure service is not interrupted as a result of a security incident ¡Even through the outage of a primary database ¡Forensics – post mortem

Copyright©2017, Oracleand/oritsaffiliates.Allrightsreserved.|

SafeHarborStatementThefollowingisintendedtooutlineourgeneralproductdirection.Itisintendedforinformationpurposesonly,andmaynotbeincorporatedintoanycontract.Itisnotacommitmenttodeliveranymaterial,code,orfunctionality,andshouldnotberelieduponinmakingpurchasingdecisions.Thedevelopment,release,andtimingofanyfeaturesorfunctionalitydescribedforOracle’sproductsremainsatthesolediscretionofOracle.

Page 3: MySQL 8.0: Security - Percona · ¡Ensure service is not interrupted as a result of a security incident ¡Even through the outage of a primary database ¡Forensics – post mortem

Copyright©2017, Oracleand/oritsaffiliates.Allrightsreserved.|

Agenda• MySQLSecurityLandscape• New!inMySQL8.0– SQLRoles– AtomicACLStatements– DynamicGlobalPrivileges

• Architectureforimprovedsecurity– KeyringAPI

3

Page 4: MySQL 8.0: Security - Percona · ¡Ensure service is not interrupted as a result of a security incident ¡Even through the outage of a primary database ¡Forensics – post mortem

Copyright©2017, Oracleand/oritsaffiliates.Allrightsreserved.|

ComplexitygrowsRiskGrows

4

Page 5: MySQL 8.0: Security - Percona · ¡Ensure service is not interrupted as a result of a security incident ¡Even through the outage of a primary database ¡Forensics – post mortem

Copyright©2017, Oracleand/oritsaffiliates.Allrightsreserved.|

RegulatoryComplianceRequirementsGrow• Regulations– PCI– DSS:PaymentCardData– HIPAA:PrivacyofHealthData– SarbanesOxley,GLBA,TheUSAPatriotAct:

FinancialData,NPI"personallyidentifiablefinancialinformation"– FERPA– StudentData– EUGeneralDataProtectionDirective:ProtectionofPersonalData(GDPR)– DataProtectionAct(UK):ProtectionofPersonalData

• Requirements– ContinuousMonitoring(Users,Schema,Backups,etc.)– DataProtection(Encryption,PrivilegeManagement,etc.)– DataRetention(Backups,UserActivity,etc.)– DataAuditing(Useractivity,etc.)

5

Page 6: MySQL 8.0: Security - Percona · ¡Ensure service is not interrupted as a result of a security incident ¡Even through the outage of a primary database ¡Forensics – post mortem

Copyright©2017, Oracleand/oritsaffiliates.Allrightsreserved.|

PrinciplesofSecuringDatabases¡Assess¡ LocateRisksandVulnerabilities,Ensurethatnecessarysecuritycontrolsareinplace

¡Prevent¡ UsingCryptography,UserControls,AccessControls,etc

¡Detect¡ Stillapossibilityofabreach– soAudit,Monitor,Alert

¡Recover¡ Ensureserviceisnotinterruptedasaresultofasecurityincident¡ Eventhroughtheoutageofaprimarydatabase¡ Forensics– postmortem– fixvulnerability

6

Page 7: MySQL 8.0: Security - Percona · ¡Ensure service is not interrupted as a result of a security incident ¡Even through the outage of a primary database ¡Forensics – post mortem

Copyright©2017, Oracleand/oritsaffiliates.Allrightsreserved.| 7

MySQLSecurityOverviewAuthentication

Authorization

Encryption

FirewallMySQLSecurity

Auditing

Monitoring

Availability

Page 8: MySQL 8.0: Security - Percona · ¡Ensure service is not interrupted as a result of a security incident ¡Even through the outage of a primary database ¡Forensics – post mortem

Copyright©2017, Oracleand/oritsaffiliates.Allrightsreserved.| 8

NowontotheNewStuffin8.0

Page 9: MySQL 8.0: Security - Percona · ¡Ensure service is not interrupted as a result of a security incident ¡Even through the outage of a primary database ¡Forensics – post mortem

Copyright©2017, Oracleand/oritsaffiliates.Allrightsreserved.|

New!MySQLRolls

wecouldn’tresist

9

Page 10: MySQL 8.0: Security - Percona · ¡Ensure service is not interrupted as a result of a security incident ¡Even through the outage of a primary database ¡Forensics – post mortem

Copyright©2017, Oracleand/oritsaffiliates.Allrightsreserved.|

New!MySQLRolesImprovingMySQLAccessControls• Introducedinthe8.0.0DMR• Easiertomanageuserandapplicationsrights• Asstandardscompliantaspracticallypossible• Multipledefaultroles• CanexporttherolegraphinGraphML

10

FeatureRequestfromDBAs

Directly

IndirectlySetRole(s)

DefaultRole(s)SetofACLS

SetofACLS

Page 11: MySQL 8.0: Security - Percona · ¡Ensure service is not interrupted as a result of a security incident ¡Even through the outage of a primary database ¡Forensics – post mortem

Copyright©2017, Oracleand/oritsaffiliates.Allrightsreserved.|

SQLRolesImplementationDetails- 1• Aroleisbasicallyauseraccountwithlogindisabled.• Amemorybasedhashofflattenedprivilegesetsforeachactiverole• 2newtables:mysql.role_edges andmysql.default_roles• 2newSQLfunctions:CURRENT_ROLE() andROLE_GRAPHML()• 3 newglobalprivileges:CREATEROLE,DROPROLE andROLE_ADMIN• Extensionsto:ALTERUSER,GRANT/REVOKE,SET[DEFAULT]ROLEandSHOWGRANTS

11

Page 12: MySQL 8.0: Security - Percona · ¡Ensure service is not interrupted as a result of a security incident ¡Even through the outage of a primary database ¡Forensics – post mortem

Copyright©2017, Oracleand/oritsaffiliates.Allrightsreserved.|

SQLRolesImplementationDetails- 2• Rolescanhaveanoptionalhostpart(notcurrentlyused)• Pre-rolesACLcodeisusedwhenthere’snoactiverole(s)• Userscanbeassignedseveralroles• Userscanhavezeroormoredefaultroles• ActiveRolescanbechanged– fromvariousassignedroles– Forexamplejustescalateorchangeprivilegesfromwithinanapplicationforcertainoperations

12

Page 13: MySQL 8.0: Security - Percona · ¡Ensure service is not interrupted as a result of a security incident ¡Even through the outage of a primary database ¡Forensics – post mortem

Copyright©2017, Oracleand/oritsaffiliates.Allrightsreserved.|

RoleExamples

13

Page 14: MySQL 8.0: Security - Percona · ¡Ensure service is not interrupted as a result of a security incident ¡Even through the outage of a primary database ¡Forensics – post mortem

Copyright©2017, Oracleand/oritsaffiliates.Allrightsreserved.|

New!AtomicACLStatements• LongstandingMySQLissue!– ForReplication,HA,Backups,etc.

• Possiblenow- ACLtablesresidein8.0InnoDBDataDictionary• Notjustatableoperation:memorycachesneedupdatetoo• Appliestostatementsperformingmultiplelogicaloperations,e.g.– CREATEUSERu1,u2– GRANTSELECTON*.*TOu1,u2

• UsesacustomMDLlocktoblockACLrelatedactivity–Whilealtering theACLcachesandtables

14

FeatureRequestfromDBAs

Page 15: MySQL 8.0: Security - Percona · ¡Ensure service is not interrupted as a result of a security incident ¡Even through the outage of a primary database ¡Forensics – post mortem

Copyright©2017, Oracleand/oritsaffiliates.Allrightsreserved.|

New!DynamicPrivilegesProvidesfinergrainedadministrativelevelaccesscontrols• Toooftensuperisrequiredfortaskswhenlessprivilegeisreallyneeded– Supportconceptof“leastprivilege”

• Neededtoallowaddingadministrativeaccesscontrols– Nowcancomewithnewcomponents– Examples• Replication• HA• Backup

• Giveusyourideas

15

Page 16: MySQL 8.0: Security - Percona · ¡Ensure service is not interrupted as a result of a security incident ¡Even through the outage of a primary database ¡Forensics – post mortem

Copyright©2017, Oracleand/oritsaffiliates.Allrightsreserved.|

WhyDynamicGlobalPrivileges?• Howtoaddanewglobalprivilege(the5.7version)– Addacolumninmysql.user– Extendtheparser– AmendACLcachecode:reading,caching,writing,upgrade,…– Addchecksforthenewprivilege

• Notpossiblefromaplugin!• Abuseofexistingprivileges(SUPER)!• TheSUPER-potentSUPER!

16

FeatureRequestfromDBAs

Page 17: MySQL 8.0: Security - Percona · ¡Ensure service is not interrupted as a result of a security incident ¡Even through the outage of a primary database ¡Forensics – post mortem

Copyright©2017, Oracleand/oritsaffiliates.Allrightsreserved.|

HowDoDynamicPrivilegesWork?• Providesnewcomponentservice– Canadd,removeandcheckglobalprivileges

• OnlyGRANTsarepersisted– Storedinmysql.global_grants

• Usesthefamiliar– GRANT<dynamic_acl>ON*.*TO… syntax

17

Page 18: MySQL 8.0: Security - Percona · ¡Ensure service is not interrupted as a result of a security incident ¡Even through the outage of a primary database ¡Forensics – post mortem

Copyright©2017, Oracleand/oritsaffiliates.Allrightsreserved.|

DynamicPrivilegesatWork• SUPERprivilegesplitintoasetofdynamicprivileges,e.g.– SYSTEM_VARIABLES_ADMIN– ROLE_ADMIN– CONNECTION_ADMIN,etc.

• Eachplugincannowregisterandusetheirownuniqueprivileges• AllexistingMySQLpluginscurrentlyusingSUPERareupdatedtoaddspecificprivileges,e.g.– FIREWALL_ADMIN– AUDIT_ADMIN– VERSION_TOKEN_ADMIN

18

FeatureRequestfromDBAs

Page 19: MySQL 8.0: Security - Percona · ¡Ensure service is not interrupted as a result of a security incident ¡Even through the outage of a primary database ¡Forensics – post mortem

Copyright©2017, Oracleand/oritsaffiliates.Allrightsreserved.|

Wouldloveyourfeedbackandideas

Pleasereviewthedynamicprivilegesdefinedbythe8.0.1DMR

Whatwouldyouliketosee?

19

Page 20: MySQL 8.0: Security - Percona · ¡Ensure service is not interrupted as a result of a security incident ¡Even through the outage of a primary database ¡Forensics – post mortem

Copyright©2017, Oracleand/oritsaffiliates.Allrightsreserved.|

New!InnoDBRedoandUndoEncryption• AES256encryption• Encryptedwhenredo/undologdataiswrittentodisk• Decryptionoccurswhenredo/undologdataisreadfromdisk• Onceredo/undologdataisreadintomemory,itisinunencryptedform.• Twotieredencryption– likeInnodbtablepaceencryption– Fastkeyrotation,highperformance

• Easytouse– Enabledusing innodb_redo_log_encrypt andinnodb_undo_log_encrypt

20

FeatureRequestfromDBAs

Page 21: MySQL 8.0: Security - Percona · ¡Ensure service is not interrupted as a result of a security incident ¡Even through the outage of a primary database ¡Forensics – post mortem

Copyright©2017, Oracleand/oritsaffiliates.Allrightsreserved.|

TheKeyringAPI:TheBigPicture

21

TheMySQLServerPlugins(Consumers) Keys

KeyringPlugin(backend)

KeyStorage

Keys

KeyringPluginService

KeyringPluginAPI

KeysKeyRingAPI EachKey

HasaName/ACL

Page 22: MySQL 8.0: Security - Percona · ¡Ensure service is not interrupted as a result of a security incident ¡Even through the outage of a primary database ¡Forensics – post mortem

Copyright©2017, Oracleand/oritsaffiliates.Allrightsreserved.|

WhatistheKeyringAPI?• Auniforminfrastructureforhandlingkeys• Usablebyboththeserverandplugins• AvailableinMySQL5.7andupasapluginAPIandapluginservice• Fullyextensible• CanbeinitializedbeforeInnoDBatstartup• Minimumefforttoaddnewbackendsandconsumers

22

Page 23: MySQL 8.0: Security - Percona · ¡Ensure service is not interrupted as a result of a security incident ¡Even through the outage of a primary database ¡Forensics – post mortem

Copyright©2017, Oracleand/oritsaffiliates.Allrightsreserved.|

Keyringplugins:TheInventory

23

• CurrentConsumers– InnoDBtablespaceencryption– SQLuserdefinedfunctions(UDF)plugin

• CurrentBackends– Flatfilebackend– KMIPcompliantclients• OracleKeyVault• GemaltoSafenetKeySecure• ProbablymoreiftheysupportKMIPstandards– giveitatry.

Page 24: MySQL 8.0: Security - Percona · ¡Ensure service is not interrupted as a result of a security incident ¡Even through the outage of a primary database ¡Forensics – post mortem

Copyright©2017, Oracleand/oritsaffiliates.Allrightsreserved.|

Questions?

24

Page 25: MySQL 8.0: Security - Percona · ¡Ensure service is not interrupted as a result of a security incident ¡Even through the outage of a primary database ¡Forensics – post mortem

Copyright©2017, Oracleand/oritsaffiliates.Allrightsreserved.|

SafeHarborStatementTheprecedingisintendedtooutlineourgeneralproductdirection.Itisintendedforinformationpurposesonly,andmaynotbeincorporatedintoanycontract.Itisnotacommitmenttodeliveranymaterial,code,orfunctionality,andshouldnotberelieduponinmakingpurchasingdecisions.Thedevelopment,release,andtimingofanyfeaturesorfunctionalitydescribedforOracle’sproductsremainsatthesolediscretionofOracle.

25


Percona XtraBackup: install, usage, tricks · Percona XtraBackup: install, usage, tricks ... productivity Percona XtraBackup: ... MySQL 5.1 + InnoDB-plugin

MySQL security best practices - Percona · MySQL security best practices. 2 MySQL Security • Having a security mindset. • Infrastructure • Operating system • Applications

PXC Product Lead @ Percona Percona XtraDB Cluster 101 ...1 © 2017 Percona Krunal Bauskar PXC Product Lead @ Percona Percona XtraDB Cluster 101

Percona toolkit 2_1_operations_manual

Percona FT / TokuDB

Integrate Percona MySQL...EventTracker: Integrate Percona MySQL 3 Introduction Percona MySQL is an open source software company specializing in . MySQL support, consulting, managed

Percona XtraDB Cluster Documentation · Percona XtraDB Cluster Documentation, Release 5.6.22-25.8 Percona XtraDB Cluster is High Availability and Scalability solution for MySQL Users

INTERRUPTED WOMEN’S

Percona - Architecture and Design of MySQL Powered ......About Percona Open Source Software for MySQL Ecosystem •Percona Server •Percona XtraDB Cluster (PXC) •Percona Xtrabackup

Vitess percona 2012

Percona XtraDB Cluster · Percona XtraDB Cluster powered by Galera Peter Zaitsev CEO, Percona Slide Credits: Vadim Tkachenko Percona MySQL University , Montevideo,UY Feb 5,2013

Percona + Grafana + Prometheus = Love - GrafanaCon 2020 · 2 © 2016 Percona About Percona We Exist to help you to succeed with MySQL and MongoDB

Percona – The Database Performance Experts · Peter Zaitsev, CEO, Percona February 24, 2016 Percona Technical Webinars Using Grafana for MySQL Monitoring

Percona Live - Dublin 02 security + tuning

Percona Server versus Percona XtraDB Cluster: A …1(866)639-2377 3 Percona Server versus Percona XtraDB Cluster: A Magento Case Study Hardware configuration Web application server ·

WOMEN INTERRUPTED

MongoDB - Percona

Hive Percona 2009

Percona presentation v2

Percona Toolkit 2.2.12

Percona SQL Injections

tmp MySQL/Percona Server/MariaDB Server security features ... MySQ… · Key security features by version • 5.1 - McAfee Audit plugin • 5.5 - pluggable authentication (MariaDB

Zine, Interrupted

Percona toolkit

Interrupted quotations

Peter Zaitsev, CEO, Percona January 14, 2015 Percona ... · Peter Zaitsev, CEO, Percona January 14, 2015 Percona Technical Webinars Technologies for your Data in 2015 . ... OpenStack

Percona and TokuDB: Architecture, Design, and …...Peter Zaitsev, CEO, Percona Jon Tobin Sr System Engineer, Tokutek January 28, 2015 Percona Technical Webinars Percona and TokuDB:

Percona Software & Services Update · Percona Software & Services Update Q3 2016 Peter Zaitsev,CEO Percona Technical Webinars September 28, 2016 . 2 ... MongoDB Percona Server for

Writing Prometheus exporters - Percona...1 © 2016 Percona Alexey Palazhchenko Writing Prometheus exporters In theory and practice PMM developer / Prometheus contributor / Gopher Percona

MySQL Router – Simple HA - Percona · MySQL Router – Simple HA Marcos Albe, Percona Inc. Percona Live Data Performance Conference Santa Clara – April 2016

Percona XtraDB 集群

Percona XtraDB Cluster (PXC) 101 · Percona XtraDB Cluster (PXC) 101 ... Percona XtraDB Cluster (PXC) 101 This presentation is based on a Webinar: Percona XtraDB Cluster (PXC) 101

Forking and Branching - Percona...© 2018 Percona. 1 Peter Zaitsev, CEO, Percona Forking and Branching Lessons from MySQL Community August 28, 2018 Percona Technical Webinars

Percona Software & ServicesUpdate · Percona Server for MySQL MariaDB Percona XtraDBCluster GaleraCluster for MySQL MariaDBGaleraCluster MongoDB Percona Server for MongoDB Amazon

Checklist MongoDB Security - Percona · 3 Agenda Authorization External Authentication SSL / TLS Encryption Filesystem Security SELinux Network Security