mysql security 5.7
TRANSCRIPT
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
MySQL Security
Mark Swarbrick, MySQL Sales Consultant UK&I [email protected]
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
43%
of companies have experienced a data breach in the past year. Source: Ponemon InsRtute, 2014
Oracle ConfidenRal – Internal/Restricted/Highly Restricted 2
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Mega Breaches
552 Million idenRRes exposed in 2013. 493% increase over previous year 77%
Web sites with vulnerabiliRes. 1-‐in-‐8 of all websites had a criRcal vulnerability.
8 Breaches that exposed more than 10 million records in 2013.
Total Breaches increased 62% in 2013
Oracle ConfidenRal – Internal/Restricted/Highly Restricted 3
Source: Internet Security Threat Report 2014, Symantec
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Target Breach, 2013, $270 million The hackers who commibed the Target breach took 40 million credit and debit card numbers and 70 million records, including names and addresses of shoppers. Source: Fortune.com, 2014
Oracle ConfidenRal – Internal/Restricted/Highly Restricted 4
Cybercrime cost the global economy $575 billion/year Source: paymetric.com, 2014
One major data breach discovered every month Those breaches include Michaels Stores, Sally Beauty Supply, Neiman Marcus, AOL, eBay and P.F. Chang’s Chinese Bistro. Source: paymetric.com, 2014
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
• Poor ConfiguraRons – Set controls and change default segng
• Over Privileged Accounts – Privilege Policies
• Weak Access Control – Dedicated AdministraRve Accounts
• Weak AuthenRcaRon – Strong Password Enforcement
• Weak AudiRng
– Compliance & Audit Policies
• Lack of EncrypRon – Data, Back, & Network EncrypRon
• Proper CredenRal or Key Management – Use mysql_config_editor , Key Vaults
• Unsecured Backups
– Encrypted Backups
• No Monitoring – Security Monitoring, Users, Objects
• Poorly Coded ApplicaRons
– Database Firewall
5
Database VulnerabiliRes
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Database Abacks • SQL InjecRon
– PrevenRon: DB Firewall, White List, Input ValidaRon • Buffer Overflow
– PrevenRon: Frequently apply Database Sooware updates, DB Firewall, White List, Input ValidaRon • Brute Force Aback
– PrevenRon: lock out accounts aoer a defined number of incorrect abempts. • Network Eavesdropping
– PrevenRon: Require SSL/TLS for all ConnecRons and Transport • Malware
– PrevenRon: Tight Access Controls, Limited Network IP access, Change default segngs
6
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Database Malicious AcRons
• InformaRon Disclosure: Obtain credit card and other personal informaRon – Defense: EncrypRon – Data and Network, Tighter Access Controls
• Denial of Service: Run resource intensive queries – Defense: Resource Usage Limits – Set various limits – Max ConnecRons, Sessions, Timeouts, …
• ElevaRon of Privilege: Retrieve and use administrator credenRals – Defense: Stronger authenRcaRon, Access Controls, AudiRng
• Spoofing: Retrieve and use other credenRals – Defense: Stronger account and password policies
• Tampering: Change data in the database, Delete transacRon records • Defense: Tighter Access Controls, AudiRng, Monitoring, Backups
7
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Regulatory Compliance
• RegulaRons – PCI – DSS: Payment Card Data – HIPAA: Privacy of Health Data – Sarbanes Oxley: Accuracy of Financial Data – EU Data ProtecRon DirecRve: ProtecRon of Personal Data – Data ProtecRon Act (UK): ProtecRon of Personal Data
• Requirements – ConRnuous Monitoring (Users, Schema, Backups, etc) – Data ProtecRon (EncrypRon, Privilege Management, etc.) – Data RetenRon (Backups, User AcRvity, etc.) – Data AudiRng (User acRvity, etc.)
8
https://www.mysql.com/why-mysql/white-papers/mysql-pci-data-security-compliance/
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
DBA ResponsibiliRes
• Ensure only users who should get access, can get access
• Limit what users and applicaRons can do
• Limit from where users and applicaRons can access data
• Watch what is happening, and when it happened
• Make sure to back things up securely
• Minimize aback surface
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle ConfidenRal – Internal 10
MySQL Security Overview
AuthenRcaRon
AuthorizaRon
EncrypRon
Firewall
MySQL Security
AudiRng
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Block Threats AudiRng
Regulatory Compliance Login and Query AcRviRes
SSL/TLS Public Key Private Key Digital Signatures
Privilege Management AdministraRon
Database & Objects Proxy Users
MySQL Linux / LDAP Windows AD Custom
Oracle ConfidenRal – Internal 11
MySQL Security Overview
AuthorizaRon AuthenRcaRon
Firewall & AudiRng EncrypRon
Security
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
MySQL AuthorizaRon
• AdministraRve Privileges
• Database Privileges
• Session Limits and Object Privileges
• Fine grained controls over user privileges – CreaRng, altering and deleRng databases – CreaRng, altering and deleRng tables – Execute INSERT, SELECT, UPDATE, DELETE queries – Create, execute, or delete stored procedures and with what rights – Create or delete indexes
12
Security Privilege Management in MySQL Workbench
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
MySQL Privilege Management
• user: user accounts, global privileges columns
• db: database-‐level privileges
• tables_priv: Contains table-‐level privileges
• columns_priv: Contains column-‐level privileges
• procs_priv: Contains stored procedure and funcRon privileges
• proxies_priv: Contains proxy-‐user
13
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle ConfidenRal – Internal 14
MySQL Privilege Management Grant Tables
tables_priv
• Table level privileges • Table and columns
db
• Database Level Privileges • Database, Tables, Objects • User and host
user
• User Accounts • Global Privileges
proxies_priv
• Proxy Users • Proxy Privileges
procs_priv
• Stored Procedures • FuncRons • Single funcRon privilege
columns_priv
• Specific columns
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
MySQL AuthenRcaRon
• Built in AuthenRcaRon – user table stores users and encrypted passwords
• X.509 – Server authenRcates client cerRficates
• MySQL NaRve, SHA 256 Password plugin – NaRve uses SHA1 or plugin with SHA-‐256 hashing and per user salRng for user account passwords.
• MySQL Enterprise AuthenRcaRon – Microsoo AcRve Directory – Linux PAMs (Pluggable AuthenRcaRon Modules)
• Support LDAP and more
15
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
MySQL Password Policies
• Accounts without Passwords – Assign passwords to all accounts to prevent unauthorized use
• Password ValidaRon Plugin – Enforce Strong Passwords
• Password ExpiraRon/RotaRon – Require users to reset their password
• Account lockout (in v. 5.7)
16
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
MySQL EncrypRon
• SSL/TLS EncrypRon – Between MySQL clients and Server – ReplicaRon: Between Master & Slave
• Data EncrypRon – AES Encrypt/Decrypt
17
• MySQL Enterprise EncrypRon – Asymmetric Encrypt/Decrypt – Generate Public Key and Private Keys – Derive Session Keys – Digital Signatures
• MySQL Enterprise Backup – AES Encrypt/Decrypt
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
SSL/TLS
• Encrypted connecRons – Between MySQL Client and Server – ReplicaRon: Between Master & Slave
• MySQL enables encrypRon on a per-‐connecRon basis – IdenRty verificaRon using the X509 standard
• Specify the appropriate SSL cerRficate and key files
• Will work with trusted CAs (CerRficate AuthoriRes) • Supports CRLs – CerRficate RevocaRon Lists
18
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Database AudiRng
• AudiRng for Security & Compliance
– FIPS, HIPAA, PCI-‐DSS, SOX, DISA STIG, …
• MySQL built-‐in logging infrastructure: – general log, error log
• MySQL Enterprise Audit
– Granularity made for audiRng
– Can be modified live
– Contains addiRonal details
– CompaRble with Oracle Audit Vault.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Database Firewall • SQL InjecRon: #1 Web ApplicaRon Vulnerability
– 77% of Web Sites had vulnerabiliRes – 1 in 8 criRcal vulnerabiliRes
• MySQL Enterprise Firewall – Monitor database statements in real-‐Rme – AutomaRc White List “rules” generaRon for any applicaRon – Out of policy database transacRons detected and blocked
20
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle ConfidenRal – Internal 21
MySQL Database Hardening
User Management • Remove Extra Accounts • Grant Minimal Privileges • Audit users and privileges
ConfiguraRon
• Firewall • AudiRng and Logging • Limit Network Access • Monitor changes
InstallaRon
• Mysql_secure_installaRon • Keep MySQL up to date
− MySQL Installer for Windows − Yum/Apt Repository
Backups
• Monitor Backups • Encrypt Backups
EncrypRon
• SSL/TLS for Secure ConnecRons • Data EncrypRon (AES, RSA)
Passwords
• Strong Password Policy • Hashing, ExpiraRon • Password ValidaRon Plugin
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
MySQL 5.7 Linux Packages -‐ Security Improvements
• Test/Demo database has been removed – Now in separate packages (prod/dev)
• Anonymous account creaRon is removed. • CreaRon of single root account – local host only • Default installaRon ensures encrypted communicaRon by default
– AutomaRc generaRon of SSL/RSA Certs/Keys • For EE : At server startup if opRons Certs/Keys were not set • For CE : Through new mysql_ssl_rsa_setup uRlity
• AutomaRc detecRon of SSL Certs/Keys • Client abempts secure TLS connecRon by default
22
MySQL Installer for Windows includes various Security Setup and Hardening Steps
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
MySQL Database Hardening: InstallaRon
• MySQL_Secure_InstallaRon / MySQL Installer for Windows – Set a strong password for root account – Remove root accounts that are accessible from outside the local host – Remove anonymous-‐user accounts – Remove the test database
• Which by default can be accessed by all users • Including Anonymous Users
• Keep MySQL up to date – Repos – YUM/APT/SUSE – MySQL Installer for Windows
23
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Sooware Updates -‐ Database and OS Maintenance
• Maintaining security requires keeping OperaRng System and MySQL security patches up to date.
– May require a restart (mysql or operaRng system) to take effect. • To enable seamless upgrades consider MySQL ReplicaRon
– Allows for changes to be performed in a rolling fashion • Best pracRce to upgrade slaves first
– MySQL 5.6 and above supports GTID-‐based replicaRon • Provides for simple rolling upgrades
• Follow OS vendor specific hardening Guidelines – For example
• hbp://www.oracle.com/technetwork/arRcles/servers-‐storage-‐admin/Rps-‐harden-‐oracle-‐linux-‐1695888.html
24
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
MySQL Database Hardening: ConfiguraRon
• Audit AcRvity – Use Enterprise Audit – Alt. Transiently enable Query Logging – Monitor and Inspect regularly
• Disable or Limit Remote Access – If local “skip-‐networking” or bind-‐ address=127.0.0.1 – If Remote access then limit hosts/IP
• Change root username
25
• Disable unauthorized reading from local files
– Disable LOAD DATA LOCAL INFILE • Run MySQL on non default port
– More difficult to find database • Limit MySQL OS User • Ensure secure-‐auth is enabled (do not allow old passwords format)
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
MySQL Database Hardening: Best PracRces
Parameter Recommended Value Why Secure_file_priv A Designated Leaf directory for
data loads Only allows file to be loaded from a specific locaRon. Limits use of MySQL to get data from across the OS
Symbolic_links Boolean – NO Prevents redirecRon into less secure filesystem directories
Default-‐storage_engine InnoDB Ensures transacRons commits, data safety! General-‐log Boolean – OFF Should only be used for debugging – off
otherwise Log-‐raw Default -‐ OFF Should only be used for debugging – off
otherwise Skip-‐networking or bind-‐address
ON 127.0.0.1
If all local, then block network connecRons or limit to the local host.
SSL opRons Set valid values Should encrypt network communicaRon
26
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
MySQL Database Hardening: Password Policies
• Enforce Strong Password Policies
• Password Hashing
• Password ExpiraRon
• Password ValidaRon Plugin
• AuthenRcaRon Plugin – Inherits the password policies from the component – LDAP, Windows AcRve Directory, etc.
• Disable accounts when not in use – Account lockout (5.7+)
27
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
MySQL Database Hardening: Backups
• Backups are Business CriRcal – Used to restore aoer aback – Migrate, move or clone server – Part of Audit Trail
• Regularly Scheduled Backups
• Monitor Backups
• Encrypt Backups
28
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
ApplicaRons and CredenRals -‐ Best PracRces
• ApplicaRons – minimize sharing credenRals (username/password) – Finer grained the beber – don’t overload across many applicaRons/servers
• Should enable support for credenRal rotaRon – Do not require all passwords to be changed in synchronizaRon. – Facilitates beber troubleshooRng and root-‐cause analysis.
• Steps to changing credenRals should be secure and straigh~orward – Not embedded in your code
• Can be changed without redeploying an applicaRon • Should never be stored in version control and must differ between environments. • ApplicaRons should get credenRals using a secure configuraRon methodology.
29
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
MySQL Enterprise EdiRon
• MySQL Enterprise AuthenRcaRon – External AuthenRcaRon Modules
• Microsoo AD, Linux PAMs • MySQL Enterprise EncrypRon
– Public/Private Key Cryptography – Asymmetric EncrypRon – Digital Signatures, Data ValidaRon
• MySQL Enterprise Firewall – Query Monitoring, White List Matching,
• MySQL Enterprise Audit – User AcRvity AudiRng, Regulatory Compliance
30
• MySQL Enterprise Monitor – Changes in Database ConfiguraRons, Users Permissions, Database Schema, Passwords
• MySQL Enterprise Backup – Securing Backups, AES 256 encrypRon
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
MySQL Enterprise Monitor
• Enforce MySQL Security Best PracRces – IdenRfies VulnerabilRes – Assesses current setup against security hardening policies
• Monitoring & AlerRng – User Monitoring – Password Monitoring – Schema Change Monitoring – Backup Monitoring – Firewall Monitoring? for 3.1-‐ ML is Checking
• ConfiguraRon Management – ConfiguraRon Tuning Advice
• Centralized User Management
31
"I definitely recommend the MySQL Enterprise Monitor to DBAs who don't have a ton of MySQL experience. It makes monitoring MySQL security, performance and availability very easy to understand and to act on.”
Sandi Barr Sr. Sooware Engineer
Schneider Electric
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Oracle Enterprise Manager for MySQL
32
Performance Security
Availability
• Availability monitoring
• Performance monitoring
• ConfiguraRon monitoring
• All available metrics collected – Allowing for custom threshold based incident reports
• MySQL auto-‐detecRon
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
MySQL Enterprise Firewall • Real Time ProtecRon
– Queries analyzed and matched against White List • Blocks SQL InjecRon Abacks
– PosiRve Security Model • Block Suspicious Traffic
– Out of Policy TransacRons detected & blocked
• Learns White List – Automated creaRon of approved list of SQL command paberns on a per user basis
• Transparent – No changes to applicaRon required
33
MySQL Enterprise Firewall monitoring
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
MySQL Enterprise Firewall • SQL InjecRon ProtecRon with PosiRve Security Model
34
• Out of policy database transacRons detected and blocked
• Logging & Analysis
Select *.* from employee where id=22
Select *.* from employee where id=22 or 1=1 Block & Log ✖
Allow & Log ✔
White List ApplicaAons
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Firewall Overview
35
Inbound SQL traffic
Firewall Web
ApplicaRons
Internet
In Whitelist ALLOW
MySQL Instance
SQL InjecRon Aback Via Brower
Blocks SQL
Abacks
Allows Normal SQL
Results Table Table
Table
Not In Whitelist BLOCK
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
MySQL Enterprise Firewall Details
• Firewall operaRon is turned on at a per user level • Per User States are
– RECORDING
– PROTECTING
– OFF
37
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 38
Per User Firewall White Lists
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
What happens when SQL is blocked?
• The client applicaRon gets an ERROR mysql> SELECT first_name, last_name FROM customer WHERE customer_id = 1 OR TRUE; ERROR 1045 (28000): Statement was blocked by Firewall mysql> SHOW DATABASES; ERROR 1045 (28000): Statement was blocked by Firewall mysql> TRUNCATE TABLE mysql.user; ERROR 1045 (28000): Statement was blocked by Firewall • Reported to the Error Log
• Increment Counter
39
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Monitoring the Firewall Firewall Status Counters mysql> SHOW STATUS LIKE 'Firewall%'; +-------------------------+-------+ | Variable_name | Value | +-------------------------+-------+ | Firewall_access_denied | 32 | | Firewall_access_granted | 138 | | Firewall_cached_entries | 39 | +-------------------------+-------+ 3 rows in set (0,00 sec)
40
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
What’s the whitelist look like?
• mysql> SELECT userhost, substr(rule,1,80) FROM mysql.firewall_whitelist WHERE userhost= 'wpuser@localhost'; +------------------+----------------------------------------------------------------------------------+ | userhost | substr(rule,1,80) | +------------------+----------------------------------------------------------------------------------+ | wpuser@localhost | SELECT * FROM `wp_posts` WHERE `ID` = ? LIMIT ? | | wpuser@localhost | SELECT `option_value` FROM `wp_options` WHERE `option_name` = ? LIMIT ? | | wpuser@localhost | SELECT `wp_posts` . * FROM `wp_posts` WHERE ? = ? AND `wp_posts` . `ID` = ? AND | ... | wpuser@localhost | UPDATE `wp_posts` SET `comment_count` = ? WHERE `ID` = ? | | wpuser@localhost | SELECT `t` . * , `tt` . * FROM `wp_terms` AS `t` INNER JOIN `wp_term_taxonomy` A | | wpuser@localhost | SELECT `t` . * , `tt` . * FROM `wp_terms` AS `t` INNER JOIN `wp_term_taxonomy` A | +------------------+----------------------------------------------------------------------------------+
41
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
MySQL Enterprise Firewall DocumentaRon
• hbp://dev.mysql.com/doc/refman/5.6/en/firewall.html • hbp://mysqlserverteam.com/new-‐mysql-‐enterprise-‐firewall-‐prevent-‐sql-‐injecRon-‐abacks/
42
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
MySQL Enterprise AuthenRcaRon
43
• Integrate with Centralized AuthenRcaRon Infrastructure – Centralized Account Management – Password Policy Management – Groups & Roles
• PAM (Pluggable AuthenRcaRon Modules) – Standard interface (Unix, LDAP, Kerberos, others) – Windows
• Access naRve Windows service -‐ Use to AuthenRcate users using Windows AcRve Directory or to a naRve host
Integrates MySQL with exisRng security infrastructures
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
MySQL Enterprise AuthenRcaRon: PAM
• Standard Interface – LDAP – Unix/Linux
• Proxy Users
44
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
MySQL Enterprise AuthenRcaRon: Windows
• Windows AcRve Directory
• Windows NaRve Services
45
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
MySQL Enterprise EncrypRon
• MySQL encrypRon funcRons – Symmetric encrypRon AES256 (All EdiRons) – Public-‐key / asymmetric cryptography – RSA
• Key management funcRons – Generate public and private keys – Key exchange methods: DH
• Sign and verify data funcRons – Cryptographic hashing for digital signing, verificaRon, & validaRon – RSA,DSA
46
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
MySQL DecrypRon “This is a secret”
Public Key (It only encrypts)
Private Key (It can decrypt)
Could be From Client App Within MySQL (funcAon call)
EncrypRon #@%@&#
MySQL Enterprise EncrypRon FuncRons
Can Generate Public/Private Key Pairs
(or use those generated externally – say by OpenSSL)
“This is a secret”
All within MySQL
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
MySQL
DecrypRon “This is a secret”
Public Key (It only encrypts)
Private Key (It can decrypt)
EncrypRon #@%@&#
MySQL Enterprise EncrypRon FuncRons
Can Generate Public/Private Key Pairs
(or use those generated externally – say by OpenSSL)
“This is a secret”
App encrypts MySQL Stores Decrypts
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
MySQL
DecrypRon “This is a secret”
Public Key (It only encrypts)
Private Key (It can decrypt)
EncrypRon #@%@&#
MySQL Enterprise EncrypRon FuncRons
Can Generate Public/Private Key Pairs
(or use those generated externally –
say by OpenSSL)
“This is a secret”
App encrypts MySQL Stores App Decrypts
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
MySQL DecrypRon “This is a secret”
Public Key (It only encrypts)
Private Key (It can decrypt)
EncrypRon #@%@&# “This is a secret”
Oracle (or other) Key Vault Generates Keys App Encrypts (only has public Key) MySQL Stores Decrypts
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
MySQL Enterprise Audit
• Out-‐of-‐the-‐box logging of connecRons, logins, and query
• User defined policies for filtering, and log rotaRon
• Dynamically enabled, disabled: no server restart • XML-‐based audit stream per Oracle Audit Vault spec
51
Adds regulatory compliance to
MySQL applicaRons (HIPAA, Sarbanes-‐Oxley, PCI, etc.)
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
MySQL Enterprise Audit
52
2. User Joe connects and runs a query
1. DBA enables Audit plugin
3. Joe’s connecRon & query logged
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
MySQL Enterprise Backup
• Online Backup for InnoDB (scriptable interface) • Full, Incremental, ParRal Backups (with compression) • Strong EncrypRon (AES 256) • Point in Time, Full, ParRal Recovery opRons
• Metadata on status, progress, history
• Scales – High Performance/Unlimited Database Size
• Windows, Linux, Unix
• CerRfied with Oracle Secure Backup, NetBackup, Tivoli, others
53
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
MySQL Enterprise Oracle CerRficaRons
• Oracle Enterprise Manager for MySQL
• Oracle Linux (w/DRBD stack) • Oracle VM
• Oracle Solaris
• Oracle Solaris Clustering
• Oracle Clusterware
• Oracle Audit Vault and Database Firewall • Oracle Secure Backup
• Oracle Fusion Middleware
• Oracle GoldenGate
• My Oracle Support
MySQL integrates into your Oracle environment
54
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Oracle Audit Vault and Database Firewall • Oracle DB Firewall
– Oracle, MySQL, SQL Server, IBM DB2, Sybase – AcRvity Monitoring & Logging – White List, Black List, ExcepRon List
• Audit Vault – Built-‐in Compliance Reports – External storage for audit archive
55