Protecting MySQL network traffic. Daniël van Eeden 25 April 2017
|
|
- Oliver Shaw
- 6 years ago
- Views:
Transcription
1 Protecting MySQL network traffic Daniël van Eeden 25 April 2017
2 Booking.com at a glance Started in 1996; still based in Amsterdam Member of the Priceline Group since 2005 (stock: PCLN) Amazing growth; continuous scaling challenges Online Hotel/Accommodation/Travel Agent (OTA): Over 1.2 million active properties in 227 countries Over 1.2 million room nights reserved daily 40+ languages (website and customer service) Over 13,000 people working in 187 offices in 70 countries We use a lot of MySQL and MariaDB: Thousands (1000s) of servers, ~90% replicating >150 masters: ~30 >50 slaves & ~10 >100 slaves 2
3 Why protect MySQL network traffic? Protect leaking of authentication data (passwords, etc) Protect leaking of sensitive data (PII, credit card numbers, medical records) Ensure data is not tampered with. Because of regulations Because why not? Are you still using telnet to manage servers?
4 How? Use SSL! Done!
5 SSL Support in MySQL MySQL doesn't have SSL support MySQL never had any SSL support MySQL has TLS support.. this is what is called SSL but isn't Supported since (~2003) For now just assume SSL and TLS are the same
6 What is NOT protected by TLS Data-at-rest InnoDB and MyISAM data files Binlogs, redo logs, slow query logs Backups Does not protect against a DoS e.g. corrupting traffic Might not protect the query text performance_schema etc. Does not hide the traffic pattern
7 First steps with TLS 1. Get a certificate 2. Restart MySQL 3. Enable TLS on the client 4. Check if the connection actually uses TLS
8 Generating the certificate With 5.7 and up: Might already be done by your installation If not use mysql_ssl_rsa_setup For older versions: Or use the openssl commandline utilities as described in the reference manual on Did you know MySQL Workbench has a SSL Wizard?
9 Configuration On 5.7+: Place the ca.pem, server-cert.pem and server-key.pem in your datadir. (already the case if you use mysql_ssl_rsa_setup) Or set ssl-ca, ssl-key, ssl-cert in your my.cnf Restart MySQL Enable SSL in your application. You probably want to copy your ca.pem file to your client
10 Checking your connection 'status' or \s Look for 'Cipher in use' Or check the 'Ssl_cipher' session status.
11 What if it doesn't work? Check your mysqld.log Check the permissions on the pem files Should be readable for the mysql user Try to connect with --ssl-mode=required Use the OpenSSL commandline tools to see what's in the certificate. Use Wireshark. ERROR 2026 (HY000): SSL connection error: error: :lib(0):func(0):reason(1) ERROR 2026 (HY000): SSL connection error: unknown error number ERROR 2026 (HY000): SSL connection error: SSL certificate validation failure ERROR 2026 (HY000): SSL connection error: SSL_CTX_set_default_verify_paths failed ERROR 2026 (HY000): SSL connection error: protocol version mismatch ERROR 2026 (HY000): --ssl-mode=required option forbids non SSL connections ERROR 2026 (HY000): SSL connection error: Failed to set ciphers to use ERROR 2026 (HY000): SSL connection error: Unable to get certificate ERROR 2026 (HY000): SSL connection error: Unable to get private key
12 Now let's make it more secure Require the use of TLS on the server Require the use of TLS on the client Enable more security checks Security updates
13 Make TLS a requirement On a per user basis: ALTER USER foo REQUIRE SSL Undo: ALTER USER foo REQUIRE NONE But what happens if you accidentally create a user? e.g. GRANT on a nonexistent user? Set: sql_mode=no_auto_create_user, On a server level: SET GLOBAL require_secure_transport=on This still allows UNIX socket connections w/o TLS
14 Issues with full-on TLS Is your monitoring capable of using TLS connections? What about load balancer health checks?
15 On the client Use --ssl-mode=required The default in 5.7 is PREFERRED Older releases default to DISABLED This only makes a TLS connection a requirement Does not check if issued by a trusted CA Does not check if the hostname matches the cert To do this use VERIFY_CA or VERIFY_IDENTITY On older versions: Use --ssl-ca to allow TLS and enable CA checks Use --ssl-verify-server-cert to do hostname checks. Often not possible to force the use of TLS: this is the BACKRONYM vulnerability Use --ssl-ca=/path/to/ca.pem to specify which CA(s) are trusted.
16 Client checks The client could do these checks: Is the certificate signed by a trusted CA? Does the CommonName (CN) in the certificate match the hostname we are connecting to? Is the certificate expired?
17 Certificate Authority validation Validates that the server certificate is signed by one of the CA's present in the specified CA file. Note that a CA file can have multiple CA's There is also a CA path option. The auto generated certificates from mysql_ssl_rsa_setup all have their own CA.
18 Hostname validation mysql_ssl_rsa_setup generates certificates with CN=MySQL_Server_5.7.18_Auto_Generated_Server_Certificate So generate the certificates manually if want this to match your hostname A certificate can have a list of hostnames in SubjectAltName MySQL doesn't check those... Bug #68052 So if you use a virtual-ip, cname, etc. it might be difficult to match this. What if your clients connect on a CNAME and your replicas connect on the hostname? You can't have both!
19 Security updates I reported a few issues to Oracle. CVE for Connector/Python CVE for MySQL Workbench CVE for libmysqlclient Those are fixed. See the Oracle Critical Patch Update for details. But if you care about security you should follow the release notes and Critical Patch Update anyways...
20 What library does MySQL use? Community Edition: YaSSL Because GPL and the OpenSSL license are not really compatible This library is maintained by WolfSSL This not CyaSSL/WolfSSL WolfSSL made a patch to include WolfSSL in MySQL ( Enterprise Edition: OpenSSL If you build MySQL yourself: you can compile against either of them.
21 Why not TLS? Because it is SLOW! Because we trust our network! Because we encrypt with: The application (store encrypted data) SSH (Also works great with Workbench) VPN Because we want to inspect our network traffic! Wireshark can decrypt it if you hand over your private key. Some ciphers require you to somehow extract session keys.
22 How slow is slow? Overhead in milliseconds for setting up a TLS connection on localhost with TCP. Client: go 5.7 is faster than 5.6 OpenSSL is faster than YaSSL Using TLS tickets (OpenSSL only) helps Best case: 0.99ms (5.7 OpenSSL w/ tickets) vs. 0.60ms (no TLS) TLS does need more roundtrips, but this will change with TLS 1.3 OpenSSL performs better because it uses AVX2 and AES-NI
23 Bulk transfer performance Easy to test: mysqldump with and without TLS Different ciphers do make a difference. mysqldump performance with MySQL (YaSSL) No TLS 4.5s TLS Default 10.4s RC4-MD5 7.1s DES-CBC3-SHA 23.2s
24 Monitoring Monitor the Expiry of certificates Not just the certificate on disk, also the one in memory. Use TLS for your monitoring on 5.6 and earlier, otherwise you might not see the status vars Performance schema can show you the ciphers and TLS versions in use by all connections Using SYS is even easier: SELECT * FROM session_ssl_status
25
26 Client certificates This allows mutual authentication Often used together with a password You might want to use REQUIRE SUBJECT or REQUIRE ISSUER on accounts. At least use REQUIRE X509 instead of REQUIRE SSL
27 Replication Use CHANGE MASTER TO MASTER_SSL=1, etc Think about what happens if your certificate(s) expire Does the hostname match the certificate?
28 Changing certificates Needs restart Moving slaves around might not work until you restart.. Same for a switchover.
29 CRL and OCSP Only possible with OpenSSL Does not auto download the CRL from the distribution point Does not use OCSP Basically restart MySQL every time your CRL changes.. which is not practical
30 Where to get your certificate? Official CA? Internal CA? Self signed?
31 TLS handshake with MySQL server helo with ssl flag set 'empty' login packet with ssl flag set Start SSL handshake Basically STARTTLS-ish SSL and non-ssl on the same port
32 Protection of authentication data native password with nonce sha256 password with RSA keys or TLS cleartext plugin
33 TLS ciphers Possible to set restriction on Server and Client How are you going manage and maintain that? 'REQUIRE cipher' also requires client certificates One practical use case would be to use a faster cipher for mysqldump Might help with compliance already places more strict requirements on the list of ciphers
34 TLS versions Can be limited on the server and client Note that YaSSL only has TLS 1.0 and TLS 1.1 support Minimum is TLS 1.0
35 What about MariaDB? Doesn't use --ssl-mode Does have good TLS support MariaDB Connector/C has support for fingerprint verification password protected private keys 19 Open MDEV's tagged with SSL
36 Connector support Works for C, C++, Python (multiple), Perl, Java, ODBC, Go, etc The Go MySQL driver lets you specify a TLS Config, which is really flexible. Do update your Connector.. Many connectors did have security updates related to TLS.
37 Don't forget these MySQL Cluster (NDB) communication within the cluster Galera communication Sending backups to a central location (xbstream etc) Network traffic for iscsi, FCP, NFS
38 Future TLSv1.3 with 0-RTT WolfSSL?
39 Oh, and Booking.com is hiring! Almost any role: MySQL Engineer / DBA System Administrator System Engineer Site Reliability Engineer Developer Designer Technical Team Lead Product Owner Data Scientist And many more 39
40 Thank you! All references to Booking.com", including any mention of us, we and our refer to Booking.com BV, the company behind Booking.com
41 Title Item Item
Install the ExtraHop session key forwarder on a Windows server
Install the ExtraHop session key forwarder on a Windows server Published: 2018-12-17 Perfect Forward Secrecy (PFS) is a property of secure communication protocols that enables short-term, completely private
More informationEnhancing MySQL Security. Vinicius Grippa Percona
Enhancing MySQL Security Vinicius Grippa Percona About me Support Engineer at Percona since 2017 Working with MySQL for over 5 years - Started with SQL Server Working with databases for 7 years 2 Agenda
More informationInstall the ExtraHop session key forwarder on a Windows server
Install the ExtraHop session key forwarder on a Windows server Published: 2018-07-23 The ExtraHop session key forwarder runs as a process on a monitored Windows server running SSL services. The forwarder
More informationConfiguring SSL. SSL Overview CHAPTER
CHAPTER 8 Date: 4/23/09 This topic describes the steps required to configure your ACE (both the ACE module and the ACE appliance) as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination.
More informationRocket U2 Clients and APIs
Rocket U2 Clients and APIs U2 SSL Configuration Editor Version 4.52.0 October 2016 UCC-4520-SSL-UG-01 Notices Edition Publication date: October 2016 Book number: UCC-4520-SSL-UG-01 Product version: Version
More informationInstall the ExtraHop session key forwarder on a Windows server
Install the ExtraHop session key forwarder on a Windows server Published: 2018-10-09 The ExtraHop session key forwarder runs as a process on a monitored Windows server running SSL services. The forwarder
More informationInstall the ExtraHop session key forwarder on a Windows server
Install the ExtraHop session key forwarder on a Windows server Published: 2018-07-19 The ExtraHop session key forwarder runs as a process on a monitored Windows server running SSL services. The forwarder
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 24 April 16, 2012 CPSC 467b, Lecture 24 1/33 Kerberos Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management
More informationConfiguring SSL. SSL Overview CHAPTER
7 CHAPTER This topic describes the steps required to configure your ACE appliance as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination. The topics included in this section are:
More informationWhy we re excited about MySQL 8
Why we re excited about MySQL 8 Practical Look for Devs and Ops Peter Zaitsev, CEO, Percona February 4nd, 2018 FOSDEM 1 In the Presentation Practical view on MySQL 8 Exciting things for Devs Exciting things
More informationAutopsy of an automation disaster. Simon J Mudd (Senior Database Engineer) Percona Live, 25 th April 2017
Autopsy of an automation disaster Simon J Mudd (Senior Database Engineer) Percona Live, 25 th April 2017 To err is human To really foul things up requires a computer [1] (or a script) [1]: http://quoteinvestigator.com/2010/12/07/foul-computer/
More informationOverview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.
Overview of SSL/TLS Luke Anderson luke@lukeanderson.com.au 12 th May 2017 University Of Sydney Overview 1. Introduction 1.1 Raw HTTP 1.2 Introducing SSL/TLS 2. Certificates 3. Attacks Introduction Raw
More informationNessus Scan Report. Hosts Summary (Executive) Hosts Summary (Executive) Mon, 15 May :27:44 EDT
Nessus Scan Report Mon, 15 May 2017 15:27:44 EDT Table Of Contents Hosts Summary (Executive) 192.168.168.134 Hosts Summary (Executive) [-] Collapse All [+] Expand All 192.168.168.134 Summary Critical High
More informationConfiguring SSL CHAPTER
7 CHAPTER This chapter describes the steps required to configure your ACE appliance as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination. The topics included in this section
More informationMySQL High Availability. Michael Messina Senior Managing Consultant, Rolta-AdvizeX /
MySQL High Availability Michael Messina Senior Managing Consultant, Rolta-AdvizeX mmessina@advizex.com / mike.messina@rolta.com Introduction Michael Messina Senior Managing Consultant Rolta-AdvizeX, Working
More informationOracle 1Z MySQL 5.6 Database Administrator. Download Full Version :
Oracle 1Z0-883 MySQL 5.6 Database Administrator Download Full Version : http://killexams.com/pass4sure/exam-detail/1z0-883 D. The mysqld binary was not compiled with SSL support. E. The server s SSL certificate
More informationCryptography (Overview)
Cryptography (Overview) Some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) Modern secret key cryptography DES, AES Public key cryptography RSA, digital signatures Cryptography
More informationExinda How To Guide: SSL Acceleration. Exinda ExOS Version Exinda Networks, Inc.
Exinda How To Guide: SSL Acceleration Exinda ExOS Version 7.4.3 2 Copyright All rights reserved. No parts of this work may be reproduced in any form or by any means - graphic, electronic, or mechanical,
More informationContents. Introduction. Prerequisites. Requirements. Components Used
Contents Introduction Prerequisites Requirements Components Used Background Information Configure Step 1. Use the Public CA or the Set Up CA on Windows Server 2003 Step 2. Verify Hostname and Settings
More informationConfiguring Secure Socket Layer HTTP
This feature provides Secure Socket Layer (SSL) version 3.0 support for the HTTP 1.1 server and HTTP 1.1 client within Cisco IOS software. SSL provides server authentication, encryption, and message integrity
More informationConfiguring Secure Socket Layer HTTP
This feature provides Secure Socket Layer (SSL) version 3.0 support for the HTTP 1.1 server and HTTP 1.1 client within Cisco IOS software. SSL provides server authentication, encryption, and message integrity
More informationHow to setup Orchestrator to manage thousands of MySQL servers. Simon J Mudd 3 rd October 2017
How to setup Orchestrator to manage thousands of MySQL servers Simon J Mudd 3 rd October 2017 Session Summary What is orchestrator and why use it? What happens as you monitor more servers? Features added
More informationOracle Exam 1z0-883 MySQL 5.6 Database Administrator Version: 8.0 [ Total Questions: 100 ]
s@lm@n Oracle Exam 1z0-883 MySQL 5.6 Database Administrator Version: 8.0 [ Total Questions: 100 ] Oracle 1z0-883 : Practice Test Question No : 1 Consider the Mysql Enterprise Audit plugin. You are checking
More informationHow to Set Up VPN Certificates
For the VPN service, you can use either self-signed certificates or certificates that are generated by an external CA. In this article: Before You Begin Before you set up VPN certificates, verify that
More informationCO MySQL for Database Administrators
CO-61762 MySQL for Database Administrators Summary Duration 5 Days Audience Administrators, Database Designers, Developers Level Professional Technology Oracle MySQL 5.5 Delivery Method Instructor-led
More informationBut where'd that extra "s" come from, and what does it mean?
SSL/TLS While browsing Internet, some URLs start with "http://" while others start with "https://"? Perhaps the extra "s" when browsing websites that require giving over sensitive information, like paying
More informationAndroid Mobile Single Sign-On to VMware Workspace ONE. SEP 2018 VMware Workspace ONE VMware Identity Manager VMware Identity Manager 3.
Android Mobile Single Sign-On to VMware Workspace ONE SEP 2018 VMware Workspace ONE VMware Identity Manager VMware Identity Manager 3.3 You can find the most up-to-date technical documentation on the VMware
More informationTransport Level Security
2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,
More informationBitnami MariaDB for Huawei Enterprise Cloud
Bitnami MariaDB for Huawei Enterprise Cloud First steps with the Bitnami MariaDB Stack Welcome to your new Bitnami application running on Huawei Enterprise Cloud! Here are a few questions (and answers!)
More informationContent and Purpose of This Guide... 1 User Management... 2
Contents Introduction--1 Content and Purpose of This Guide........................... 1 User Management........................................ 2 Security--3 Security Features.........................................
More informationPolicy Manager for IBM WebSphere DataPower 7.2: Configuration Guide
Policy Manager for IBM WebSphere DataPower 7.2: Configuration Guide Policy Manager for IBM WebSphere DataPower Configuration Guide SOAPMDP_Config_7.2.0 Copyright Copyright 2015 SOA Software, Inc. All rights
More informationMySQL Port Reference
MySQL Port Reference Abstract This document describes ports used by MySQL products and features in MySQL 5.7 and MySQL 8.0. For legal information, see the Legal Notices. For help with using MySQL, please
More informationDefeating All Man-in-the-Middle Attacks
Defeating All Man-in-the-Middle Attacks PrecisionAccess Vidder, Inc. Defeating All Man-in-the-Middle Attacks 1 Executive Summary The man-in-the-middle attack is a widely used and highly preferred type
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 24a December 2, 2013 CPSC 467, Lecture 24a 1/20 Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management and Trusted
More informationTLS1.2 IS DEAD BE READY FOR TLS1.3
TLS1.2 IS DEAD BE READY FOR TLS1.3 28 March 2017 Enterprise Architecture Technology & Operations Presenter Photo Motaz Alturayef Jubial Cyber Security Conference 70% Privacy and security concerns are
More informationMQ Jumping... Or, move to the front of the queue, pass go and collect 200
MQ Jumping.... Or, move to the front of the queue, pass go and collect 200 Martyn Ruks DEFCON 15 2007-08-03 One Year Ago Last year I talked about IBM Networking attacks and said I was going to continue
More informationBIG-IP System: SSL Administration. Version
BIG-IP System: SSL Administration Version 13.0.0 Table of Contents Table of Contents About SSL Administration on the BIG-IP System...7 About SSL administration on the BIG-IP system... 7 Device Certificate
More informationMariaDB CeBIT MariaDB 10.1: Datenbankverschlüsselung und andere Sicherheitsvorteile. Jens Bollmann, Principal Instructor/Consultant
2015, MariaDB Corp. MariaDB CeBIT 2016 MariaDB 10.1: Datenbankverschlüsselung und andere Sicherheitsvorteile Jens Bollmann, Principal Instructor/Consultant Agenda MariaDB 10.1/10.2 new features High Availabilty
More informationMySQL for Database Administrators Ed 3.1
Oracle University Contact Us: 1.800.529.0165 MySQL for Database Administrators Ed 3.1 Duration: 5 Days What you will learn The MySQL for Database Administrators training is designed for DBAs and other
More informationITS. MySQL for Database Administrators (40 Hours) (Exam code 1z0-883) (OCP My SQL DBA)
MySQL for Database Administrators (40 Hours) (Exam code 1z0-883) (OCP My SQL DBA) Prerequisites Have some experience with relational databases and SQL What will you learn? The MySQL for Database Administrators
More informationDigital Certificates Demystified
Digital Certificates Demystified Ross Cooper, CISSP IBM Corporation RACF/PKI Development Poughkeepsie, NY Email: rdc@us.ibm.com August 9 th, 2012 Session 11622 Agenda Cryptography What are Digital Certificates
More informationR&S GP-U gateprotect Firewall How-to
gateprotect Firewall How-to Setting up a VPN SSL Client-to-Site connection to an ios device (T^Wì2) 3646.3994.02 01 Cybersecurity How-to 2017 Rohde & Schwarz Cybersecurity GmbH Muehldorfstr. 15, 81671
More informationBlackBerry Dynamics Security White Paper. Version 1.6
BlackBerry Dynamics Security White Paper Version 1.6 Page 2 of 36 Overview...4 Components... 4 What's New... 5 Security Features... 6 How Data Is Protected... 6 On-Device Data... 6 In-Transit Data... 7
More informationSteel Belted Radius. Release Notes SBR 6.24 Build 1. Release, Build Published Document Version Build 1 May,
Steel Belted Radius Release Notes SBR 6.24 Build 1 Release, Build Published Document Version 6.24 Build 1 May, 2017 2.0 Contents Steel-Belted Radius Release - 6.2 Release Notes... 3 System Requirements...
More informationSSL Accelerated Service Configuration Mode Commands
SSL Accelerated Service Configuration Mode Commands SSL accelerated services lets you enable and configure SSL acceleration on your WAAS system, and define services to be accelerated on the SSL path. To
More informationFindings for
Findings for 198.51.100.23 Scan started: 2017-07-11 12:30 UTC Scan ended: 2017-07-11 12:39 UTC Overview Medium: Port 443/tcp - NEW Medium: Port 443/tcp - NEW Medium: Port 443/tcp - NEW Medium: Port 80/tcp
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationSharkFest 17 Europe. SSL/TLS Decryption. uncovering secrets. Wednesday November 8th, Peter Wu Wireshark Core Developer
SharkFest 17 Europe SSL/TLS Decryption uncovering secrets Wednesday November 8th, 2017 Peter Wu Wireshark Core Developer peter@lekensteyn.nl 1 About me Wireshark contributor since 2013, core developer
More informationMcAfee epolicy Orchestrator Release Notes
McAfee epolicy Orchestrator 5.9.1 Release Notes Contents About this release What's new Resolved issues Known issues Installation information Getting product information by email Where to find product documentation
More informationDisplaying SSL Configuration Information and Statistics
CHAPTER 7 Displaying SSL Configuration Information and Statistics This chapter describes the show commands available for displaying CSS SSL configuration information and statistics and an explanation of
More informationSecurity context. Technology. Solution highlights
Code42 CrashPlan Security Code42 CrashPlan provides continuous, automatic desktop and laptop backup. Our layered approach to security exceeds industry best practices and fulfills the enterprise need for
More informationSecuring VMware NSX MAY 2014
Securing VMware NSX MAY 2014 Securing VMware NSX Table of Contents Executive Summary... 2 NSX Traffic [Control, Management, and Data]... 3 NSX Manager:... 5 NSX Controllers:... 8 NSX Edge Gateway:... 9
More informationIBM i Version 7.2. Security Digital Certificate Manager IBM
IBM i Version 7.2 Security Digital Certificate Manager IBM IBM i Version 7.2 Security Digital Certificate Manager IBM Note Before using this information and the product it supports, read the information
More informationTable of Contents. Configure and Manage Logging in to the Management Portal Verify and Trust Certificates
Table of Contents Configure and Manage Logging in to the Management Portal Verify and Trust Certificates Configure System Settings Add Cloud Administrators Add Viewers, Developers, or DevOps Administrators
More informationLecture 9a: Secure Sockets Layer (SSL) March, 2004
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by
More informationHTTPS is Fast and Hassle-free with Cloudflare
HTTPS is Fast and Hassle-free with Cloudflare 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com In the past, organizations had to choose between performance and security when encrypting their
More informationCSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L
CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any
More informationMysql Workbench Doesn't Show
Mysql Workbench Doesn't Show Information_schema Right now both on MySQL Workbench and also phpmyadmin I can see and view schema and the tables in side it. 'show create table 'actions'': Table 'resource.actions'
More informationSecurity Management System Release Notes
Security Management System Release Notes Version 5.1 Important notes You can upgrade the SMS to v5.1 directly from SMS v4.4 or later. If you are upgrading from a release earlier than v4.4 you must first
More informationTLS/sRTP Voice Recording AddPac Technology
Secure IP Telephony Solution (TLS/SRTP Protocol) TLS/sRTP Voice Recording AddPac Technology 2015, Sales and Marketing www.addpac.com Contents Secure IP Telephony Service Diagram Secure VoIP Protocol &
More informationMysql Cluster Could Not Acquire Global Schema Lock
Mysql Cluster Could Not Acquire Global Schema Lock 2 x Mgmt Nodes: Ubuntu 14.10LTS, 2 cores, 3.5GB ram 2 x MySQL API Nodes: Ubuntu 14.10LTS, 2 cores, 3.5GB ram Could not acquire global schema lock. MySQL
More informationConfiguring Cisco Unified MeetingPlace Web Conferencing Security Features
Configuring Cisco Unified MeetingPlace Web Conferencing Security Features Release 7.1 Revised: February 15, 2012 3:42 pm How to Configure Restricted Meeting ID Patterns, page 1 How to Configure Secure
More informationSSL Report: bourdiol.xyz ( )
Home Projects Qualys.com Contact You are here: Home > Projects > SSL Server Test > bourdiol.xyz > 217.70.180.152 SSL Report: bourdiol.xyz (217.70.180.152) Assessed on: Sun Apr 19 12:22:55 PDT 2015 HIDDEN
More informationPercona XtraDB Cluster
Percona XtraDB Cluster Ensure High Availability Presenter Karthik P R CEO Mydbops www.mydbops.com info@mydbops.com Mydbops Mydbops is into MySQL/MongoDB Support and Consulting. It is founded by experts
More informationCryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea
Cryptography SSL/TLS Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea 1 History Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent
More informationHP Instant Support Enterprise Edition (ISEE) Security overview
HP Instant Support Enterprise Edition (ISEE) Security overview Advanced Configuration A.03.50 Mike Brandon Interex 03 / 30, 2004 2003 Hewlett-Packard Development Company, L.P. The information contained
More informationPercona Software & Services Update
Percona Software & Services Update Q4 2016 Peter Zaitsev,CEO Percona Technical Webinars January 12, 2017 Why? Talking to Many Users and Customers Getting What have you been up to? Question This is a way
More informationBitnami MySQL for Huawei Enterprise Cloud
Bitnami MySQL for Huawei Enterprise Cloud Description MySQL is a fast, reliable, scalable, and easy to use open-source relational database system. MySQL Server is intended for mission-critical, heavy-load
More informationIP Phone Security and CTL (Certificate Trust List)
IP Phone Security and CTL (Certificate Trust List) Purpose on page 1 Phone Security and CTL Overview on page 1 Configuration on page 3 1. Obtain USB etokens on page 3 2. Activate CTL Provider and CAPF
More informationovirt - PKI Alon Bar-Lev Red Hat
ovirt - PKI Alon Bar-Lev Red Hat 2012-10-17 Ovirt PKI Back-end purposes Application Server TLS/SSL (Server identification) VDSM authentication (Client authentication) SSH authentication (PK) (Client authentication)
More informationMySQL for Database Administrators Ed 4
Oracle University Contact Us: (09) 5494 1551 MySQL for Database Administrators Ed 4 Duration: 5 Days What you will learn The MySQL for Database Administrators course teaches DBAs and other database professionals
More informationPre-exam 3 Review. Fall Paul Krzyzanowski Distributed Systems
Pre-exam 3 Review Fall 2012 Questions from Exam 3 Fall 2011 Question 1 If Alice has Bob s digital certificate, how can she send a message securely to Bob? The certificate contains Bob s public key. Encrypt
More informationSteel-Belted RADIUS. Release Notes SBR 6.25-R R1 August, Release, Build Published Document Version
3 Steel-Belted RADIUS s SBR 6.25-R1 Release, Build Published Document Version 6.25-R1 August, 2018 1.0 Pulse Secure, LLC 2700 Zanker Road, Suite 200 San Jose, CA 95134 https://www.pulsesecure.net. Pulse
More informationChoosing a MySQL HA Solution Today. Choosing the best solution among a myriad of options
Choosing a MySQL HA Solution Today Choosing the best solution among a myriad of options Questions...Questions...Questions??? How to zero in on the right solution You can t hit a target if you don t have
More informationAppGate 11.0 RELEASE NOTES
Changes in 11.0 AppGate 11.0 RELEASE NOTES 1. New packet filter engine. The server-side IP tunneling packet filter engine has been rewritten from scratch, reducing memory usage drastically and improving
More informationRelational Database Service. User Guide. Issue 05 Date
Issue 05 Date 2017-02-08 Contents Contents 1 Introduction... 1 1.1 Concepts... 2 1.1.1 RDS... 2 1.1.2 DB Cluster... 2 1.1.3 DB Instance... 2 1.1.4 DB Backup... 3 1.1.5 DB Snapshot... 3 1.2 RDS DB Instances...
More informationChoosing a MySQL HA Solution Today
Choosing a MySQL HA Solution Today Choosing the best solution among a myriad of options. Michael Patrick Technical Account Manager at Percona The Evolution of HA in MySQL Blasts from the past Solutions
More informationContents. Configuring SSH 1
Contents Configuring SSH 1 Overview 1 How SSH works 1 SSH authentication methods 2 SSH support for Suite B 3 FIPS compliance 3 Configuring the device as an SSH server 4 SSH server configuration task list
More informationHow to Configure SSL Interception in the Firewall
Most applications encrypt outgoing connections with SSL or TLS. SSL Interception decrypts SSL-encrypted HTTPS and SMTPS traffic to allow Application Control features (such as the Virus Scanner, ATP, URL
More informationAuthentication in real world: Kerberos, SSH and SSL. Zheng Ma Apr 19, 2005
Authentication in real world: Kerberos, SSH and SSL Zheng Ma Apr 19, 2005 Where are we? After learning all the foundation of modern cryptography, we are ready to see some real world applications based
More informationExam : Title : Security Solutions for Systems Engineers(SSSE) Version : Demo
Exam : 642-565 Title : Security Solutions for Systems Engineers(SSSE) Version : Demo 1. SomeCompany, Ltd. wants to implement the the PCI Data Security Standard to protect sensitive cardholder information.
More informationConfiguring Secure Socket Layer HTTP
Finding Feature Information, page 1 Information about Secure Sockets Layer (SSL) HTTP, page 1 How to Configure Secure HTTP Servers and Clients, page 4 Monitoring Secure HTTP Server and Client Status, page
More informationBarracuda Firewall Release Notes 6.5.x
Please Read Before Upgrading Before installing the new firmware version, back up your configuration and read all of the release notes that apply to the versions that are more current than the version that
More informationScan Report Executive Summary
Scan Report Executive Summary Part 1. Scan Information Scan Customer Company: Date scan was completed: Vin65 ASV Company: Comodo CA Limited 11/20/2017 Scan expiration date: 02/18/2018 Part 2. Component
More informationScan Report Executive Summary
Scan Report Executive Summary Part 1. Scan Information Scan Customer Company: Date scan was completed: Vin65 ASV Company: Comodo CA Limited 08/28/2017 Scan expiration date: 11/26/2017 Part 2. Component
More informationKerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos
Kerberos and Public-Key Infrastructure Key Points Kerberos is an authentication service designed for use in a distributed environment. Kerberos makes use of a thrusted third-part authentication service
More informationConfiguring SSL Security
CHAPTER9 This chapter describes how to configure SSL on the Cisco 4700 Series Application Control Engine (ACE) appliance. This chapter contains the following sections: Overview Configuring SSL Termination
More informationAppSense DataNow. Release Notes (Version 4.0) Components in this Release. These release notes include:
AppSense DataNow Release Notes (Version 4.0) These release notes include: Components in this Release Important Upgrade Information New Features Bugs Fixed Known Issues and Limitations Supported Operating
More informationOpenVPN Tunnel APPLICATION NOTE
APPLICATION NOTE Used symbols Danger Information regarding user safety or potential damage to the router. Attention Problems that can arise in specific situations. Information, notice Useful tips or information
More informationExposing The Misuse of The Foundation of Online Security
Exposing The Misuse of The Foundation of Online Security HLA ID: 90FZSBZFZSB 56BVCXVBVCK 23YSLUSYSLI 01GATCAGATC Cyber space is very similar to organic realm Keys & certificates are like HLA tags But,
More informationSSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1
SSL/TLS & 3D Secure CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk SSL/TLS & 3DSec 1 SSLv2 Brief History of SSL/TLS Released in 1995 with Netscape 1.1 Key generation algorithm
More informationWireless Terminal Emulation Advanced Terminal Session Management (ATSM) Device Management Stay-Linked
Wireless Terminal Emulation Advanced Terminal Session Management (ATSM) Device Management Stay-Linked Secure Communications Stay-Linked Secure Communications Guide Page 1 Rev. 10.0.0 Dated: 04/26/10 Table
More informationUpgrading MySQL Best Practices. Apr 11-14, 2011 MySQL Conference and Expo Santa Clara,CA by Peter Zaitsev, Percona Inc
Upgrading MySQL Best Practices Apr 11-14, 2011 MySQL Conference and Expo Santa Clara,CA by Peter Zaitsev, Percona Inc MySQL Upgrade How many of you have performed MySQL upgrade? Home many of you have done
More informationConfiguring Cisco TelePresence Manager
CHAPTER 3 Revised: November 27, 2006, First Published: November 27, 2006 Contents Introduction, page 3-1 System Configuration Tasks, page 3-2 Security Settings, page 3-3 Database, page 3-4 Room Phone UI,
More informationOracle Database Security and Audit. Authentication and authorization
Copyright 2014, Oracle Database Security and Audit Beyond Checklists Authentication and authorization Copyright 2014, Learning objectives Understand authentication Understand authorization Understand the
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 6 Release 1 System i Security Digital Certificate Manager Version 6 Release 1 Note Before using this information and the product it supports, be sure
More informationMariaDB 10.3 vs MySQL 8.0. Tyler Duzan, Product Manager Percona
MariaDB 10.3 vs MySQL 8.0 Tyler Duzan, Product Manager Percona Who Am I? My name is Tyler Duzan Formerly an operations engineer for more than 12 years focused on security and automation Now a Product Manager
More informationLinux Administration
Linux Administration This course will cover all aspects of Linux Certification. At the end of the course delegates will have the skills required to administer a Linux System. It is designed for professionals
More informationENTRUST CONNECTOR Installation and Configuration Guide Version April 21, 2017
ENTRUST CONNECTOR Installation and Configuration Guide Version 0.5.1 April 21, 2017 2017 CygnaCom Solutions, Inc. All rights reserved. Contents What is Entrust Connector... 4 Installation... 5 Prerequisites...
More informationMSE System and Appliance Hardening Guidelines
MSE System and Appliance Hardening Guidelines This appendix describes the hardening of MSE, which requires some services and processes to be exposed to function properly. This is referred to as MSE Appliance
More information