mysql manchester tt - security

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

MySQL Security: Best PracGces


43% of companies have experienced a data breach in the past year. Source: Ponemon InsGtute, 2014

Oracle ConfidenGal – Internal/Restricted/Highly Restricted 2


Mega Breaches

552 Million idenGGes exposed in 2013. 493% increase over previous year 77% Web sites with vulnerabiliGes.

1-‐in-‐8 of all websites had a criGcal vulnerability.

8 Breaches that exposed more than 10 million records in 2013.

Total Breaches increased 62% in 2013

Oracle ConfidenGal – Internal/Restricted/Highly Restricted 3

Source: Internet Security Threat Report 2014, Symantec


• Poor ConfiguraGons – Set controls and change default se[ng

• Over Privileged Accounts – Privilege Policies

• Weak Access Control – Dedicated AdministraGve Accounts

• Weak AuthenGcaGon – Strong Password Enforcement

• Weak AudiGng – Compliance & Audit Policies

•  Lack of EncrypGon – Data, Back, & Network EncrypGon

• Proper CredenGal or Key Management – Use mysql_config_editor , Key Vaults

• Unsecured Backups – Encrypted Backups

• No Monitoring – Security Monitoring, Users, Objects

• Poorly Coded ApplicaGons – Database Firewall

4

Database VulnerabiliGes


Database Ahacks •  SQL InjecGon

–  PrevenGon: DB Firewall, White List, Input ValidaGon

•  Buffer Overflow –  PrevenGon: Frequently apply Database Sokware updates, DB Firewall, White List, Input ValidaGon

•  Brute Force Ahack –  PrevenGon: lock out accounts aker a defined number of incorrect ahempts.

•  Network Eavesdropping –  PrevenGon: Require SSL/TLS for all ConnecGons and Transport

•  Malware –  PrevenGon: Tight Access Controls, Limited Network IP access, Change default se[ngs

5


Database Malicious AcGons •  InformaGon Disclosure: Obtain credit card and other personal informaGon

–  Defense: EncrypGon – Data and Network, Tighter Access Controls

•  Denial of Service: Run resource intensive queries –  Defense: Resource Usage Limits – Set various limits – Max ConnecGons, Sessions, Timeouts, …

•  ElevaGon of Privilege: Retrieve and use administrator credenGals –  Defense: Stronger authenGcaGon, Access Controls, AudiGng

•  Spoofing: Retrieve and use other credenGals –  Defense: Stronger account and password policies

•  Tampering: Change data in the database, Delete transacGon records •  Defense: Tighter Access Controls, AudiGng, Monitoring, Backups

6


Regulatory Compliance •  RegulaGons

–  PCI – DSS: Payment Card Data –  HIPAA: Privacy of Health Data –  Sarbanes Oxley: Accuracy of Financial Data –  EU Data ProtecGon DirecGve: ProtecGon of Personal Data –  Data ProtecGon Act (UK): ProtecGon of Personal Data

•  Requirements –  ConGnuous Monitoring (Users, Schema, Backups, etc) –  Data ProtecGon (EncrypGon, Privilege Management, etc.) –  Data RetenGon (Backups, User AcGvity, etc.) –  Data AudiGng (User acGvity, etc.)

7


PCI-‐DSS •  Requirement 2: Secure ConfiguraGons, Security Se[ngs & Patching

–  Not Using Vendor Default Passwords and Security Se[ngs

•  Requirement 3: ProtecGng Cardholder Data – Strong Cryptography –  Protect Stored Cardholder Data

•  Requirement 6: Up to Date Patching and Secure Systems –  Develop and Maintain Secure Systems and ApplicaGons

•  Requirement 7: User Access and AuthorizaGon –  Restrict Access to Cardholder Data by Need to Know

•  Requirement 8: IdenGty and Access Management –  IdenGfy and AuthenGcate Access to System Components

•  Requirement 10: Monitoring, Tracking and AudiGng –  Track and Monitor Access to Cardholder Data

8

White Paper

A Guide to MySQL

and PCI Compliance


HIPPA •  Access Controls

–  Access only to those persons or sokware programs that have been granted access rights –  Unique User IdenGficaGon, Emergency Access Procedure, AutomaGc Logoff, EncrypGon and DecrypGon

•  AuthenGcaGon –  Verify that a person or enGty seeking electronic health informaGon is the one claimed

•  Integrity –  Protect electronic protected health informaGon from improper alteraGon or destrucGon

•  Transmission Security –  Guard against unauthorized access that is being transmihed over a network

•  EncrypGon –  Encrypt electronic protected health informaGon

•  Audit Control –  Record and examine acGvity that contain or use electronic protected health informaGon

9


Sarbanes Oxley • Accurate and factual business and financial reports

– Verify that the records protected from tampering and modificaGon

• Protect data accuracy and integrity – Minimal permissions on data for each employee – Deny any privileges above minimal – Audit all acGvity

10


Data ProtecGon Act – UK 1998 •  Personal data shall be processed fairly and lawfully •  Personal data shall be obtained only for one or more specified and lawful purposes

•  Personal data shall be adequate, relevant and not excessive •  Personal data shall be accurate and, where necessary, kept up to date •  Personal data processed for any purpose shall not be kept for longer than is necessary •  Personal data shall be processed in accordance with the rights of data subjects •  Measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destrucGon of, or damage to, personal data.

•  Personal data shall not be transferred to a country or territory outside the European Economic Area

11


DBA ResponsibiliGes •  Ensure only users who should get access, can get access •  Limit what users and applicaGons can do •  Limit from where users and applicaGons can access data • Watch what is happening, and when it happened • Make sure to back things up securely • Minimize ahack surface

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle ConfidenGal – Internal 13

MySQL Security Overview AuthenGcaGon

AuthorizaGon

EncrypGon

Firewall

MySQL Security

AudiGng


Block Threats

AudiGng

Regulatory Compliance

Login and Query AcGviGes

SSL/TLS

Public Key

Private Key

Digital Signatures

Privilege Management

AdministraGon

Database & Objects

Proxy Users

MySQL

Linux / LDAP

Windows AD

Custom

Oracle ConfidenGal – Internal 14

MySQL Security Overview

AuthorizaGon AuthenGcaGon

Firewall & AudiGng EncrypGon

Security


MySQL AuthorizaGon • AdministraGve Privileges • Database Privileges •  Session Limits and Object Privileges •  Fine grained controls over user privileges

– CreaGng, altering and deleGng databases – CreaGng, altering and deleGng tables – Execute INSERT, SELECT, UPDATE, DELETE queries – Create, execute, or delete stored procedures and with what rights – Create or delete indexes

15

Security Privilege Management in MySQL Workbench


MySQL Privilege Management • user: user accounts, global privileges columns • db: database-‐level privileges •  tables_priv: Contains table-‐level privileges •  columns_priv: Contains column-‐level privileges • procs_priv: Contains stored procedure and funcGon privileges • proxies_priv: Contains proxy-‐user

16


MySQL Privilege Management Grant Tables tables_priv

•  Table level privileges •  Table and columns

db•  Database Level Privileges •  Database, Tables, Objects •  User and host

user•  User Accounts •  Global Privileges

proxies_priv•  Proxy Users •  Proxy Privileges

procs_priv•  Stored Procedures •  FuncGons •  Single funcGon privilege

columns_priv•  Specific columns


MySQL Privilege Management • ConGnuous assessment

– ConfiguraGon – Users – Permissions and Rights

• Audit & Review acGvity – Who – does acGvity match expectaGon – What – is this it limited as expected – When – acts oken are at odd / off peak Gmes – Where – ConnecGons should be from expected hosts

• MySQL has simple to use controls and privileges to set secure limits

18


MySQL AuthenGcaGon •  Built in AuthenGcaGon

–  user table stores users and encrypted passwords

•  X.509 –  Server authenGcates client cerGficates

•  MySQL NaGve, SHA 256 Password plugin –  NaGve uses SHA1 or plugin with SHA-‐256 hashing and per user salGng for user account passwords.

•  MySQL Enterprise AuthenGcaGon – Microsok AcGve Directory –  Linux PAMs (Pluggable AuthenGcaGon Modules)

•  Support LDAP and more

• Custom AuthenGcaGon

19


MySQL Password Policies • Accounts without Passwords

– Assign passwords to all accounts to prevent unauthorized use • Password ValidaGon Plugin

– Enforce Strong Passwords • Password ExpiraGon/RotaGon

– Require users to reset their password • Account lockout (in v. 5.7)

20


MySQL EncrypGon •  SSL/TLS EncrypGon

– Between MySQL clients and Server – ReplicaGon: Between Master & Slave

• Data EncrypGon – AES Encrypt/Decrypt

21

• MySQL Enterprise EncrypGon – Asymmetric Encrypt/Decrypt – Generate Public Key and Private Keys – Derive Session Keys – Digital Signatures

• MySQL Enterprise Backup – AES Encrypt/Decrypt


SSL/TLS •  Encrypted connecGons

– Between MySQL Client and Server – ReplicaGon: Between Master & Slave

• MySQL enables encrypGon on a per-‐connecGon basis – IdenGty verificaGon using the X509 standard

•  Specify the appropriate SSL cerGficate and key files • Will work with trusted CAs (CerGficate AuthoriGes) •  Supports CRLs – CerGficate RevocaGon Lists

22


Database Firewall •  SQL InjecGon Ahacks

– #1 Web ApplicaGon Vulnerability – 77% of Web Sites had vulnerabiliGes

• MySQL Enterprise Firewall – Monitor database statements in real-‐Gme – AutomaGc White List “rules” generaGon for any applicaGon – Block SQL InjecGon Ahacks – Intrusion DetecGon System

23


Database AudiGng • AudiGng for Security & Compliance

– FIPS, HIPAA, PCI-‐DSS, SOX, DISA STIG, … • MySQL built-‐in logging infrastructure:

– general log, error log • MySQL Enterprise Audit

– Granularity made for audiGng – Can be modified live – Contains addiGonal details – CompaGble with Oracle Audit Vault.


MySQL Database Hardening User Management

•  Remove Extra Accounts

•  Grant Minimal Privileges

•  Audit users and privileges

ConfiguraGon •  Firewall •  AudiGng and Logging •  Limit Network Access

•  Monitor changes

InstallaGon •  Mysql_secure_installaGon

•  Keep MySQL up to date

•  MySQL Installer for Windows

•  Yum/Apt Repository

Backups

•  Monitor Backups

•  Encrypt Backups

EncrypGon •  SSL/TLS for Secure ConnecGons

•  Data EncrypGon (AES, RSA)

Passwords •  Strong Password Policy •  Hashing, ExpiraGon •  Password ValidaGon Plugin


MySQL 5.7 Linux Packages -‐ Security Improvements •  Test/Demo database has been removed

–  Now in separate packages

•  Anonymous account creaGon is removed.

•  CreaGon of single root account – local host only •  Default installaGon ensures encrypted communicaGon by default –  AutomaGc generaGon of SSL/RSA Certs/Keys

•  For EE : At server startup if opGons Certs/Keys were not set

•  For CE : Through new mysql_ssl_rsa_setup uGlity

•  AutomaGc detecGon of SSL Certs/Keys

26

•  Client ahempts secure TLS connecGon by default

•  Compile Gme restricGon over locaGon used for data import/export operaGons

•  Ensures locaGon has restricted access •  Only mysql user and group

•  Supports disabling data import/export

•  Set secure-‐file-‐priv to empty string

MySQL Installer for Windows includes various Security Setup and Hardening Steps


MySQL Database Hardening: InstallaGon • MySQL_Secure_InstallaGon / MySQL Installer for Windows

– Set a strong password for root account – Remove root accounts that are accessible from outside the local host – Remove anonymous-‐user accounts – Remove the test database

• Which by default can be accessed by all users •  Including Anonymous Users

• Keep MySQL up to date – Repos – YUM/APT/SUSE – MySQL Installer for Windows

27


Sokware Updates -‐ Database and OS Maintenance • Maintaining security requires keeping OperaGng System and MySQL security patches up to date. – May require a restart (mysql or operaGng system) to take effect.

•  To enable seamless upgrades consider MySQL ReplicaGon – Allows for changes to be performed in a rolling fashion

•  Best pracGce to upgrade slaves first – MySQL 5.6 and above supports GTID-‐based replicaGon

•  Provides for simple rolling upgrades

•  Follow OS vendor specific hardening Guidelines –  For example

•  hhp://www.oracle.com/technetwork/arGcles/servers-‐storage-‐admin/Gps-‐harden-‐oracle-‐linux-‐1695888.html

28


MySQL Database Hardening: ConfiguraGon • Audit AcGvity

– Use Enterprise Audit – Alt. Transiently enable Query Logging – Monitor and Inspect regularly

• Disable or Limit Remote Access – If local “skip-‐networking” or bind-‐address=127.0.0.1

– If Remote access then limit hosts/IP

• Consider changing default port • Change root username

29

• Disable unauthorized reading from local files – Disable LOAD DATA LOCAL INFILE

• Run MySQL on non default port – More difficult to find database

•  Limit MySQL OS User •  Ensure secure-‐auth is enabled


MySQL Database Hardening: Best PracGces Parameter Recommended Value Why

Secure_file_priv A Designated Leaf directory for data loads

Only allows file to be loaded from a specific locaGon. Limits use of MySQL to get data from across the OS

Symbolic_links Boolean – NO Prevents redirecGon into less secure filesystem directories

Default-‐storage_engine InnoDB Ensures transacGons commits, ???

General-‐log Boolean – OFF Should only be used for debugging – off otherwise

Log-‐raw Default -‐ OFF Should only be used for debugging – off otherwise

Skip-‐networking or bind-‐address

ON 127.0.0.1

If all local, then block network connecGons or limit to the local host.

SSL opGons Set valid values Should encrypt network communicaGon

30


MySQL Database Hardening: Password Policies •  Enforce Strong Password Policies • Password Hashing • Password ExpiraGon • Password ValidaGon Plugin • AuthenGcaGon Plugin

– Inherits the password policies from the component – LDAP, Windows AcGve Directory, etc.

• Disable accounts when not in use – Account lockout (5.7+)

31


MySQL Database Hardening: EncrypGon •  Encryted CommunicaGon and More •  SSL/TLS encrypted for transport • X.509 adds addiGonal “Factor” – something you have – in addiGon to username/password or other authenGcaGon – Assures the client is validated – thus more likely trusted

• Use database and applicaGon level encrypGon of highly sensiGve data • User database or applicaGon funcGons to mask or de-‐idenGfy data

– Personal IDs, Credit Cards, … • Consider Public Keys for ApplicaGons that encrypt only

32


MySQL Database Hardening: Backups • Backups are Business CriGcal

– Used to restore aker ahack – Migrate, move or clone server – Part of Audit Trail

• Regularly Scheduled Backups • Monitor Backups •  Encrypt Backups

33


ApplicaGons and CredenGals -‐ Best PracGces • ApplicaGons – minimize sharing a credenGals (username/password)

– Finer grained the beher – don’t overload across many applicaGons/servers

•  Should enable support for credenGal rotaGon – Do not require all passwords to be changed in synchronizaGon. – Facilitates beher troubleshooGng and root-‐cause analysis.

•  Steps to changing credenGals should be secure and straigh{orward – Not embedded in your code

•  Can be changed without redeploying an applicaGon •  Should never be stored in version control and must differ between environments. •  ApplicaGons should get credenGals using a secure configuraGon methodology.

34


MySQL Enterprise EdiGon •  MySQL Enterprise AuthenGcaGon

–  External AuthenGcaGon Modules •  Microsok AD, Linux PAMs

•  MySQL Enterprise EncrypGon –  Public/Private Key Cryptography –  Asymmetric EncrypGon –  Digital Signatures, Data ValidaGon

•  MySQL Enterprise Firewall –  Block SQL InjecGon Ahacks –  Intrusion DetecGon

•  MySQL Enterprise Audit –  User AcGvity AudiGng, Regulatory Compliance

35

•  MySQL Enterprise Monitor –  Changes in Database ConfiguraGons, Users Permissions, Database Schema, Passwords

•  MySQL Enterprise Backup –  Securing Backups, AES 256 encrypGon


MySQL Enterprise Monitor •  Enforce MySQL Security Best PracGces

–  IdenGfies VulnerabilGes –  Assesses current setup against security hardening policies

•  Monitoring & AlerGng –  User Monitoring –  Password Monitoring –  Schema Change Monitoring –  Backup Monitoring

–  ConfiguraGon Management –  ConfiguraGon Tuning Advice

•  Centralized User Management

36

"I definitely recommend the MySQL Enterprise Monitor to DBAs who don't have a ton of MySQL experience. It makes monitoring MySQL security, performance and availability very easy to understand and to act on.”

Sandi Barr Sr. Sokware Engineer

Schneider Electric


Oracle Enterprise Manager for MySQL

37

Performance Security

Availability

• Availability monitoring • Performance monitoring • ConfiguraGon monitoring • All available metrics collected

– Allowing for custom threshold based incident reports

• MySQL auto-‐detecGon


MySQL Enterprise Firewall • Real Time ProtecGon

– Queries analyzed and matched against White List

• Blocks SQL InjecGon Ahacks – Block Out of Policy TransacGons

•  Intrusion DetecGon – Detect and Alert on Out of Policy TransacGons

•  Learns White List – Automated creaGon of approved list of SQL command paherns on a per user basis

•  Transparent – No changes to applicaGon required

38

MySQL Enterprise Firewall monitoring


MySQL Enterprise Firewall • Block SQL InjecGon Ahacks

– Allow: SQL Statements that match Whitelist – Block: SQL statements that are not on Whitelist

•  Intrusion DetecGon System – Detect: SQL statements that are not on Whitelist

•  SQL Statements execute and alert administrators

39

Select *.* from employee where id=22

Select *.* from employee where id=22 or 1=1Block ✖

Allow ✔

White List Applica@ons

Detect & Alert Intrusion DetecGon


MySQL Enterprise Firewall: Overview

40

Inbound SQL Traffic

Web Applica@ons

SQL Injec@on AJack Via Brower

ALLOW

BLOCK

DETECT

1

2

3

Instance

MySQL Enterprise Firewall Internet


MySQL Enterprise Firewall: OperaGng Modes

41

ALLOW In Whitelist

Blocks SQL AJacks

Allows “Matching” SQL

Table

Table

Table

BLOCK NOT In Whitelist BLOCK and ALERT DETECT (IDS) NOT In Whitelist ALLOW and ALERT

Table

Table

Table

ALLOW – Execute SQL -‐ SQL Matches Whitelist

BLOCK – Block the request -‐ Not in Whitelist

DETECT – Execute SQL & Alert -‐ Not in Whitelist

1

2

3

Table

Table

Table Allows SQL & Alerts

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 42

Receive SQL from client

Digest into parser tokens Firewall

Store SQL digest in Firewall whitelist

Check user Firewall mode

Detect or protect mode

In whitelist?

Execute SQL

Send Firewall alert to

error log

Reject SQL

Recording

Yes

Detect

Protect

Off

MySQL Enterprise Firewall Workflow

No

Protect or Detect


MySQL Enterprise Firewall Details •  Firewall operaGon is turned on at a per user level • Per User States are

– RECORDING – PROTECTING – DETECTING – OFF

43


MySQL Workbench: Firewall Status

44


MySQL Enterprise Firewall: What happens when SQL is blocked in Protect Mode?

•  The client applicaGon gets an ERROR mysql> SELECT first_name, last_name FROM customer WHERE customer_id = 1 OR TRUE;

ERROR 1045 (28000): Statement was blocked by Firewall

mysql> SHOW DATABASES;

ERROR 1045 (28000): Statement was blocked by Firewall

mysql> TRUNCATE TABLE mysql.user;

ERROR 1045 (28000): Statement was blocked by Firewall • Reported to the Error Log •  Increment Counter

46


MySQL Enterprise Firewall: Monitoring

Firewall Status Counters

47


MySQL Enterprise Firewall: Whitelist Example •  mysql> SELECT userhost, substr(rule,1,80) FROM mysql.firewall_whitelist WHERE userhost=

'wpuser@localhost';

+------------------+----------------------------------------------------------------------------------+

| userhost | substr(rule,1,80) |

+------------------+----------------------------------------------------------------------------------+

| wpuser@localhost | SELECT * FROM `wp_posts` WHERE ÌD` = ? LIMIT ? |

| wpuser@localhost | SELECT òption_value` FROM `wp_options` WHERE òption_name` = ? LIMIT ? |

| wpuser@localhost | SELECT `wp_posts` . * FROM `wp_posts` WHERE ? = ? AND `wp_posts` . ÌD` = ? AND |

...

| wpuser@localhost | UPDATE `wp_posts` SET `comment_count` = ? WHERE ÌD` = ? |

| wpuser@localhost | SELECT `t` . * , `tt` . * FROM `wp_terms` AS `t` INNER JOIN `wp_term_taxonomy` A |

| wpuser@localhost | SELECT `t` . * , `tt` . * FROM `wp_terms` AS `t` INNER JOIN `wp_term_taxonomy` A |

+------------------+----------------------------------------------------------------------------------+

48


MySQL Enterprise AuthenGcaGon

49

•  Integrate with Centralized AuthenGcaGon Infrastructure – Centralized Account Management – Password Policy Management – Groups & Roles

• PAM (Pluggable AuthenGcaGon Modules) – Standard interface (Unix, LDAP, Kerberos, others) – Windows

•  Access naGve Windows service -‐ Use to AuthenGcate users using Windows AcGve Directory or to a naGve host

Integrates MySQL with exisGng security infrastructures


MySQL Enterprise AuthenGcaGon: PAM •  Standard Interface

– LDAP – Unix/Linux

• Proxy Users

50


MySQL Enterprise AuthenGcaGon: Windows • Windows AcGve Directory • Windows NaGve Services

51


MySQL Enterprise EncrypGon • MySQL encrypGon funcGons

– Symmetric encrypGon AES256 (All EdiGons) – Public-‐key / asymmetric cryptography – RSA

• Key management funcGons – Generate public and private keys – Key exchange methods: DH

•  Sign and verify data funcGons – Cryptographic hashing for digital signing, verificaGon, & validaGon – RSA,DSA

52


MySQL Enterprise EncrypGon EncrypGon/DecrypGon within MySQL

53

Sensi@ve Data Sensi@ve Data

Private / Public Key Pairs -‐  Generate using MySQL Enterprise EncrypGon FuncGons -‐  Use externally generated (e.g. OpenSSL)

EncrypGon Public Key

DecrypGon Private Key

Encrypted Data


MySQL Enterprise EncrypGon App Encrypts/MySQL Decrypts

54



Encrypted Data

Sensi@ve Data

Applica@ons

Sensi@ve Data


MySQL Enterprise EncrypGon App Encrypts / MySQL Stores / MySQL Decrypts

55



Encrypted Data

Sensi@ve Data Sensi@ve Data

Applica@ons Applica@ons


Oracle Key Vault -‐  Generate keys using Oracle Key Vault -‐  Use externally generated (e.g. OpenSSL)



Encrypted Data

Sensi@ve Data

Applica@ons

Sensi@ve Data

MySQL Enterprise EncrypGon Oracle Key Vault Generates Keys (or externally generated)

56


MySQL Enterprise Audit • Out-‐of-‐the-‐box logging of connecGons, logins, and query • User defined policies for filtering, and log rotaGon • Dynamically enabled, disabled: no server restart • XML-‐based audit stream per Oracle Audit Vault spec

57

Adds regulatory compliance to

MySQL applicaGons (HIPAA, Sarbanes-‐Oxley, PCI, etc.)


MySQL Enterprise Audit

58

2. User Joe connects and runs a query

1. DBA enables Audit plugin

3. Joe’s connecGon & query logged


MySQL Enterprise Backup • Online Backup for InnoDB (scriptable interface) •  Full, Incremental, ParGal Backups (with compression) •  Strong EncrypGon (AES 256) • Point in Time, Full, ParGal Recovery opGons • Metadata on status, progress, history •  Scales – High Performance/Unlimited Database Size • Windows, Linux, Unix • CerGfied with Oracle Secure Backup, NetBackup, Tivoli, others

59


MySQL Enterprise Oracle CerGficaGons • Oracle Enterprise Manager for MySQL

• Oracle Linux (w/DRBD stack) • Oracle VM • Oracle Solaris • Oracle Solaris Clustering • Oracle Clusterware

• Oracle Audit Vault and Database Firewall • Oracle Secure Backup • Oracle Fusion Middleware • Oracle GoldenGate • My Oracle Support

MySQL integrates into your Oracle environment

60


Oracle Audit Vault and Database Firewall • Oracle DB Firewall

– Oracle, MySQL, SQL Server, IBM DB2, Sybase – AcGvity Monitoring & Logging – White List, Black List, ExcepGon List

• Audit Vault – Built-‐in Compliance Reports – External storage for audit archive

61


Thank You

mysql manchester tt - security

Technology