SlideShare a Scribd company logo

Creating a Multi-Layered Secured Postgres Database

Download as PPTX, PDF
EDB, profile picture
EDB

The document outlines the multi-layered security architecture for PostgreSQL databases provided by EDB, a leader in open-source software solutions. Key aspects include authentication, authorization, auditing, and multiple security barriers to protect against unauthorized access and data breaches. Additionally, it highlights EDB's expertise in application modernization and migration from legacy systems, emphasizing the importance of various security measures and best practices.

Technology
1 of 19
Downloaded 32 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
CONFIDENTIAL © Copyright EnterpriseDB Corporation, 2019. All rights reserved. Marc Linster SVP, Product Development and Support 1 Creating a Multi-layered Security Architecture for Your Postgres Databases
WHO IS EDB? The world leader in open-source based Postgres software and services 2 • Founded in 2004 • Recognized RDBMS leader by: • Gartner • Forrester • Customer base > 4000 • 300+ employees • Offices worldwide • Largest PostgreSQL community leader
EDB POSTGRES SOLUTION USE CASES New Applications DevOps, schema-less rapid development, and multiple programming language support Application Modernization Multi-model flexibility and integration with popular data sources Legacy Migration Compatibility with Oracle leverages existing DBA and developer skills 3 Migration to Cloud Flexible deployment options and simple business terms for moving to the cloud Our customers rely on our expertise and solutions to develop new applications, move applications to the cloud, modernize applications, and migrate off legacy databases like Oracle.
ONLY OPEN SOURCE BASED RDBMS IN GARTNER MQ EDB Recognized 6 Years In A Row on Gartner’s Magic Quadrant 4
5 Customers working SMARTER, reducing RISK and being more PRODUCTIVE with EDB. OVER 4,000 CUSTOMERS U.S Customers EMEA Customers APAC Customers 102 of the Fortune 500 337 of the Forbes Global 2000
EDB OPEN SOURCE LEADERSHIP NAMED EDB OPEN SOURCE COMMITTERS AND CONTRIBUTORS 6 • CORE TEAM • • • • MAJOR CONTRIBUTORS • CONTRIBUTORS Akshay Joshi Amul Sul Ashesh Vashi Dilip Kumar Jeevan Ladhe Mithun Cy Andres Freund Devrim Gündüz Thomas Munro Amit Kapila Bruce Momjian Dave Page Robert Haas Ashutosh Sharma Rushabh Lathia - designates committers
7 EDB Postgres Platform
8 Aspects of Data Security Data Security Unauthorized access Data corruption Loss of access Data breaches (Un)intentional corruption Hardware failure Operator error Process failure Loss of encryption keys Network failure Disaster recovery Notification and compliance
9 Key Concepts: AAA ● Authentication: verify the user is who they claim to be ● Authorization: verify the user is allowed access to the system and the data ● Auditing: record all database activity, including username and time
10 KEY CONCEPTS: MULTIPLE BARRIERS ● Secure physical access to the host ● Limited access to the network ● Limited access to the database host ● Limited access to the database application ● Limited access to the data in the database
11 DB Host Database files Data base Data base Data baseData access control: • Tables • Columns • Rows • Views • Security barriers DB Server Authentication: • Users • Roles • Password profiles Data Center Physical access Host access DB Server network access File system encryption Data file encryption Data encryption • Column based encryption DML/DDL Auditing SQL Injection Attack Prevention Encryption in transit w. host authentication Data redaction/masking Key Management System MULTIPLE LAYERS OF SECURITY
12 MULTIPLE BARRIERS 1. Physical access (locks on doors, cameras, etc.): If a data center is not physically protected, all other data security measures become significantly less valuable. 2. Host access (Operating System controls): Securing access at the host-level ensures no users have unfettered access to the database host. 3. DB Server Network Access: Through Postgres’s hba.conf, connections to the database server can be controlled and limited. 4. File system encryption (through native Linux or third-party solutions): Encrypting the file system protects the files on the drive if the drive is stolen. Third party solutions can also leverage third- party key management systems
13 MULTIPLE BARRIERS 5. SQL injection attack prevention: SQL injection attack prevention blocks corruption or co-opting of a database, including unauthorized relations, utility commands, SQL tautology, and unbounded DML. 6. Database authentication: Passwords, LDAP, Keberos, certificates or using operating systems credentials. Database authentication should be tied with overall user management to make sure access credentials get revoked when users leave the business or cease to be customers. 7. Database authorization and access control: Users must be granted permissions to view and work with data in the database. A principle of least privilege should be applied.
14 MULTIPLE BARRIERS 9. File system encryption (native Linux or third-party): Encrypting the file system protects the files on the drive if the drive is stolen. Third party solutions can leverage third- party key management systems 10. Data encryption (pgCrypto): If a user gets past file system encryption, they can access a database that’s been logged into. Encrypting data at the column level keeps the database information secure. 11. Auditing: Track and analyze database activities, like the creation, changing, or deletion of data. EDB recommends auditing based on user connections, DDL changes, data changes, and data views. 12. Data redaction: Data redaction shields certain data elements from certain types of users, like Social Security numbers.
15 EXAMPLE: DATA REDACTION 15 Username [enterprisedb]: privilegeduser mycompany=> select * from employees; id | name | ssn | phone | birthday ----+--------------+-------------+------------+-------------------- 1 | Sally Sample | 020-78-9345 | 5081234567 | 02-FEB-61 00:00:00 1 | Jane Doe | 123-33-9345 | 6171234567 | 14-FEB-63 00:00:00 1 | Bill Foo | 123-89-9345 | 9781234567 | 14-FEB-63 00:00:00 (3 rows) Username [enterprisedb]: redacteduser mycompany=> select * from employees; id | name | ssn | phone | birthday ----+--------------+-------------+------------+-------------------- 1 | Sally Sample | xxx-xx-9345 | 5081234567 | 02-FEB-02 00:00:00 1 | Jane Doe | xxx-xx-9345 | 6171234567 | 14-FEB-02 00:00:00 1 | Bill Foo | xxx-xx-9345 | 9781234567 | 14-FEB-02 00:00:00 (3 rows)
16 ADVANTAGES OF EDB POSTGRES ● SQL Injection Attack Prevention ● Password Profiles: Complexity rules, expiration, etc ● Auditing: DML auditing for INSERT, UPDATE, DELETE, TRUNCATE by user and database, syslog integration, etc. ⇒ Manage audit logs separately from server logs ⇐ ● Data Redaction (EPAS 11)
17 Conclusions ● AAA: ○ Authentication ○ Authorization ○ Auditing ● Multi-layered security measures ● Protection and security includes: ○ Physical security ○ Network security ○ Host security ○ Application security ○ Data security
18 RESOURCES Webinar: 5 Ways to Make Your PostgreSQL GDPR-ready Blog: Native Data Redaction Capability in EDB Postgres Advanced Server 11 Blog: EDB Postgres Secure Technology Implementation Guide Blog: Managing Roles with Password Profiles: Part 1-3
Contact Information, info@enterprisedb.com QUESTIONS & DISCUSSION 19

More Related Content

PPTX
Whats New in Postgres 12
EDB
 
PDF
EPAS + Cloud = Oracle Compatible Postgres in Minutes
EDB
 
PDF
Best Practices for Monitoring Postgres
EDB
 
PPTX
No Time to Waste: Migrate from Oracle to Postgres in Minutes
EDB
 
PDF
Managing Postgres at Scale With Postgres Enterprise Manager
EDB
 
PDF
EDB & ELOS Technologies - Break Free from Oracle
EDB
 
PPTX
Where Should You Deliver Database Services From?
EDB
 
PDF
Transform Your DBMS to Drive Application Innovation
EDB
 
Whats New in Postgres 12
EDB
 
EPAS + Cloud = Oracle Compatible Postgres in Minutes
EDB
 
Best Practices for Monitoring Postgres
EDB
 
No Time to Waste: Migrate from Oracle to Postgres in Minutes
EDB
 
Managing Postgres at Scale With Postgres Enterprise Manager
EDB
 
EDB & ELOS Technologies - Break Free from Oracle
EDB
 
Where Should You Deliver Database Services From?
EDB
 
Transform Your DBMS to Drive Application Innovation
EDB
 

What's hot (20)

PPTX
Oracle Migration to Postgres in the Cloud
EDB
 
PPTX
Webinar: Managing Postgres at Scale
EDB
 
PDF
Using PEM to understand and improve performance in Postgres: Postgres Tuning ...
EDB
 
PDF
EDB Postgres Platform
EDB
 
PDF
Best Practices in Security with PostgreSQL
EDB
 
PPTX
Ein Expertenleitfaden für die Migration von Legacy-Datenbanken zu PostgreSQL
EDB
 
PPTX
Break Free from Oracle
EDB
 
PDF
Transform DBMS to Drive Apps of Engagement Innovation
EDB
 
PDF
Postgres Integrates Effectively in the "Enterprise Sandbox"
EDB
 
PPTX
Migrate Today: Proactive Steps to Unhook from Oracle
EDB
 
PDF
No Time to Waste: Migrate from Oracle to EDB Postgres in Minutes
EDB
 
PDF
How to Build On-demand Oracle Compatible Postgres Database in Minutes
EDB
 
PDF
Optimize with Open Source
EDB
 
PPTX
Advanced Database Patterns for Kubernetes
EDB
 
PPTX
Best Practices in Security with PostgreSQL
EDB
 
PDF
Remote DBA Service: Powering your DBA needs
EDB
 
PDF
Keynote: The Postgres Ecosystem
EDB
 
PPTX
New Approaches to Integrating Oracle and Postgres Database Strategies
EDB
 
PDF
Drive DBMS Transformation with EDB Postgres
EDB
 
PDF
Reducing Database Pain & Costs with Postgres
EDB
 
Oracle Migration to Postgres in the Cloud
EDB
 
Webinar: Managing Postgres at Scale
EDB
 
Using PEM to understand and improve performance in Postgres: Postgres Tuning ...
EDB
 
EDB Postgres Platform
EDB
 
Best Practices in Security with PostgreSQL
EDB
 
Ein Expertenleitfaden für die Migration von Legacy-Datenbanken zu PostgreSQL
EDB
 
Break Free from Oracle
EDB
 
Transform DBMS to Drive Apps of Engagement Innovation
EDB
 
Postgres Integrates Effectively in the "Enterprise Sandbox"
EDB
 
Migrate Today: Proactive Steps to Unhook from Oracle
EDB
 
No Time to Waste: Migrate from Oracle to EDB Postgres in Minutes
EDB
 
How to Build On-demand Oracle Compatible Postgres Database in Minutes
EDB
 
Optimize with Open Source
EDB
 
Advanced Database Patterns for Kubernetes
EDB
 
Best Practices in Security with PostgreSQL
EDB
 
Remote DBA Service: Powering your DBA needs
EDB
 
Keynote: The Postgres Ecosystem
EDB
 
New Approaches to Integrating Oracle and Postgres Database Strategies
EDB
 
Drive DBMS Transformation with EDB Postgres
EDB
 
Reducing Database Pain & Costs with Postgres
EDB
 
Ad

Similar to Creating a Multi-Layered Secured Postgres Database (20)

PDF
Best Practices in Security with PostgreSQL
EDB
 
PDF
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot
 
PPTX
Enterprise-class security with PostgreSQL - 1
Ashnikbiz
 
PPTX
5 Ways to Make Your Postgres GDPR-Ready
EDB
 
PPTX
GDPR Webinar January 2018
EDB
 
PPTX
PostgreSQL Security. How Do We Think?
Ohyama Masanori
 
PDF
Achieving Pci Compliace
Denish Patel
 
PPTX
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Andrejs Prokopjevs
 
PDF
New enhancements for security and usability in EDB 13
EDB
 
PDF
Transparent Data Encryption in PostgreSQL
Masahiko Sawada
 
PDF
PostgreSQL Security. How Do We Think? at PGCon 2017
Ohyama Masanori
 
PPTX
New enhancements for security and usability in EDB 13
EDB
 
DOCX
Database Security – Issues and Best PracticesOutline
OllieShoresna
 
PDF
Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Masahiko Sawada
 
PPT
UNIT 1 DBMS Security made by me it hrlps you to makr your future bright.ppt
AnuradhaGupta789099
 
PPT
SQL Server 2008 Security Overview
ukdpe
 
PDF
Expanding with EDB Postgres Advanced Server 9.5
EDB
 
PPTX
PCI Compliance: How to Remain Compliant and Gain Near Real-Time Analytics on ...
Emtec Inc.
 
PDF
Security Best Practices for your Postgres Deployment
PGConf APAC
 
PDF
PgDay Asia 2016 - Security Best Practices for your Postgres Deployment
Ashnikbiz
 
Best Practices in Security with PostgreSQL
EDB
 
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot
 
Enterprise-class security with PostgreSQL - 1
Ashnikbiz
 
5 Ways to Make Your Postgres GDPR-Ready
EDB
 
GDPR Webinar January 2018
EDB
 
PostgreSQL Security. How Do We Think?
Ohyama Masanori
 
Achieving Pci Compliace
Denish Patel
 
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Andrejs Prokopjevs
 
New enhancements for security and usability in EDB 13
EDB
 
Transparent Data Encryption in PostgreSQL
Masahiko Sawada
 
PostgreSQL Security. How Do We Think? at PGCon 2017
Ohyama Masanori
 
New enhancements for security and usability in EDB 13
EDB
 
Database Security – Issues and Best PracticesOutline
OllieShoresna
 
Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Masahiko Sawada
 
UNIT 1 DBMS Security made by me it hrlps you to makr your future bright.ppt
AnuradhaGupta789099
 
SQL Server 2008 Security Overview
ukdpe
 
Expanding with EDB Postgres Advanced Server 9.5
EDB
 
PCI Compliance: How to Remain Compliant and Gain Near Real-Time Analytics on ...
Emtec Inc.
 
Security Best Practices for your Postgres Deployment
PGConf APAC
 
PgDay Asia 2016 - Security Best Practices for your Postgres Deployment
Ashnikbiz
 
Ad

More from EDB (20)

PDF
Cloud Migration Paths: Kubernetes, IaaS, or DBaaS
EDB
 
PDF
Die 10 besten PostgreSQL-Replikationsstrategien für Ihr Unternehmen
EDB
 
PDF
Migre sus bases de datos Oracle a la nube
EDB
 
PDF
EFM Office Hours - APJ - July 29, 2021
EDB
 
PDF
Benchmarking Cloud Native PostgreSQL
EDB
 
PDF
Las Variaciones de la Replicación de PostgreSQL
EDB
 
PDF
NoSQL and Spatial Database Capabilities using PostgreSQL
EDB
 
PDF
Is There Anything PgBouncer Can’t Do?
EDB
 
PDF
Data Analysis with TensorFlow in PostgreSQL
EDB
 
PDF
Practical Partitioning in Production with Postgres
EDB
 
PDF
A Deeper Dive into EXPLAIN
EDB
 
PDF
IOT with PostgreSQL
EDB
 
PDF
A Journey from Oracle to PostgreSQL
EDB
 
PDF
Psql is awesome!
EDB
 
PDF
EDB 13 - New Enhancements for Security and Usability - APJ
EDB
 
PPTX
Comment sauvegarder correctement vos données
EDB
 
PDF
Cloud Native PostgreSQL - Italiano
EDB
 
PDF
Cloud Native PostgreSQL - APJ
EDB
 
PDF
EDB Postgres & Tools in a Smart City Project
EDB
 
PDF
All you need to know about CREATE STATISTICS
EDB
 
Cloud Migration Paths: Kubernetes, IaaS, or DBaaS
EDB
 
Die 10 besten PostgreSQL-Replikationsstrategien für Ihr Unternehmen
EDB
 
Migre sus bases de datos Oracle a la nube
EDB
 
EFM Office Hours - APJ - July 29, 2021
EDB
 
Benchmarking Cloud Native PostgreSQL
EDB
 
Las Variaciones de la Replicación de PostgreSQL
EDB
 
NoSQL and Spatial Database Capabilities using PostgreSQL
EDB
 
Is There Anything PgBouncer Can’t Do?
EDB
 
Data Analysis with TensorFlow in PostgreSQL
EDB
 
Practical Partitioning in Production with Postgres
EDB
 
A Deeper Dive into EXPLAIN
EDB
 
IOT with PostgreSQL
EDB
 
A Journey from Oracle to PostgreSQL
EDB
 
Psql is awesome!
EDB
 
EDB 13 - New Enhancements for Security and Usability - APJ
EDB
 
Comment sauvegarder correctement vos données
EDB
 
Cloud Native PostgreSQL - Italiano
EDB
 
Cloud Native PostgreSQL - APJ
EDB
 
EDB Postgres & Tools in a Smart City Project
EDB
 
All you need to know about CREATE STATISTICS
EDB
 

Recently uploaded (20)

PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
Transforming Manufacturing operations through Intelligent Integrations
TGH Software Solutions Pvt. Ltd.
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
madgavkar20181017ppt McKinsey Presentation.pdf
georgschmitzdoerner
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PDF
solutions_manual_-_materials___processing_in_manufacturing__demargo_.pdf
AbdullahSani29
 
PDF
AI And Its Effect On The Evolving IT Sector In Australia - Elevate
Elevate
 
PDF
Advanced IT Governance
University of Hertfordshire
 
PPTX
Comunidade Salesforce São Paulo - Desmistificando o Omnistudio (Vlocity)
Francisco Vieira Júnior
 
PDF
Sensors and Actuators in IoT Systems using pdf
jeffinmathew654
 
PPTX
breach-and-attack-simulation-cybersecurity-india-chennai-defenderrabbit-2025....
defencerabbit Team
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
Telecom Fraud Prevention Guide | Hyperlink InfoSystem
danielle hunter
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Transforming Manufacturing operations through Intelligent Integrations
TGH Software Solutions Pvt. Ltd.
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
madgavkar20181017ppt McKinsey Presentation.pdf
georgschmitzdoerner
 
Cloud computing and distributed systems.
kkkkkhan
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
solutions_manual_-_materials___processing_in_manufacturing__demargo_.pdf
AbdullahSani29
 
AI And Its Effect On The Evolving IT Sector In Australia - Elevate
Elevate
 
Advanced IT Governance
University of Hertfordshire
 
Comunidade Salesforce São Paulo - Desmistificando o Omnistudio (Vlocity)
Francisco Vieira Júnior
 
Sensors and Actuators in IoT Systems using pdf
jeffinmathew654
 
breach-and-attack-simulation-cybersecurity-india-chennai-defenderrabbit-2025....
defencerabbit Team
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Telecom Fraud Prevention Guide | Hyperlink InfoSystem
danielle hunter
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 

Creating a Multi-Layered Secured Postgres Database

  • 1. CONFIDENTIAL © Copyright EnterpriseDB Corporation, 2019. All rights reserved. Marc Linster SVP, Product Development and Support 1 Creating a Multi-layered Security Architecture for Your Postgres Databases
  • 2. WHO IS EDB? The world leader in open-source based Postgres software and services 2 • Founded in 2004 • Recognized RDBMS leader by: • Gartner • Forrester • Customer base > 4000 • 300+ employees • Offices worldwide • Largest PostgreSQL community leader
  • 3. EDB POSTGRES SOLUTION USE CASES New Applications DevOps, schema-less rapid development, and multiple programming language support Application Modernization Multi-model flexibility and integration with popular data sources Legacy Migration Compatibility with Oracle leverages existing DBA and developer skills 3 Migration to Cloud Flexible deployment options and simple business terms for moving to the cloud Our customers rely on our expertise and solutions to develop new applications, move applications to the cloud, modernize applications, and migrate off legacy databases like Oracle.
  • 4. ONLY OPEN SOURCE BASED RDBMS IN GARTNER MQ EDB Recognized 6 Years In A Row on Gartner’s Magic Quadrant 4
  • 5. 5 Customers working SMARTER, reducing RISK and being more PRODUCTIVE with EDB. OVER 4,000 CUSTOMERS U.S Customers EMEA Customers APAC Customers 102 of the Fortune 500 337 of the Forbes Global 2000
  • 6. EDB OPEN SOURCE LEADERSHIP NAMED EDB OPEN SOURCE COMMITTERS AND CONTRIBUTORS 6 • CORE TEAM • • • • MAJOR CONTRIBUTORS • CONTRIBUTORS Akshay Joshi Amul Sul Ashesh Vashi Dilip Kumar Jeevan Ladhe Mithun Cy Andres Freund Devrim Gündüz Thomas Munro Amit Kapila Bruce Momjian Dave Page Robert Haas Ashutosh Sharma Rushabh Lathia - designates committers
  • 8. 8 Aspects of Data Security Data Security Unauthorized access Data corruption Loss of access Data breaches (Un)intentional corruption Hardware failure Operator error Process failure Loss of encryption keys Network failure Disaster recovery Notification and compliance
  • 9. 9 Key Concepts: AAA ● Authentication: verify the user is who they claim to be ● Authorization: verify the user is allowed access to the system and the data ● Auditing: record all database activity, including username and time
  • 10. 10 KEY CONCEPTS: MULTIPLE BARRIERS ● Secure physical access to the host ● Limited access to the network ● Limited access to the database host ● Limited access to the database application ● Limited access to the data in the database
  • 11. 11 DB Host Database files Data base Data base Data baseData access control: • Tables • Columns • Rows • Views • Security barriers DB Server Authentication: • Users • Roles • Password profiles Data Center Physical access Host access DB Server network access File system encryption Data file encryption Data encryption • Column based encryption DML/DDL Auditing SQL Injection Attack Prevention Encryption in transit w. host authentication Data redaction/masking Key Management System MULTIPLE LAYERS OF SECURITY
  • 12. 12 MULTIPLE BARRIERS 1. Physical access (locks on doors, cameras, etc.): If a data center is not physically protected, all other data security measures become significantly less valuable. 2. Host access (Operating System controls): Securing access at the host-level ensures no users have unfettered access to the database host. 3. DB Server Network Access: Through Postgres’s hba.conf, connections to the database server can be controlled and limited. 4. File system encryption (through native Linux or third-party solutions): Encrypting the file system protects the files on the drive if the drive is stolen. Third party solutions can also leverage third- party key management systems
  • 13. 13 MULTIPLE BARRIERS 5. SQL injection attack prevention: SQL injection attack prevention blocks corruption or co-opting of a database, including unauthorized relations, utility commands, SQL tautology, and unbounded DML. 6. Database authentication: Passwords, LDAP, Keberos, certificates or using operating systems credentials. Database authentication should be tied with overall user management to make sure access credentials get revoked when users leave the business or cease to be customers. 7. Database authorization and access control: Users must be granted permissions to view and work with data in the database. A principle of least privilege should be applied.
  • 14. 14 MULTIPLE BARRIERS 9. File system encryption (native Linux or third-party): Encrypting the file system protects the files on the drive if the drive is stolen. Third party solutions can leverage third- party key management systems 10. Data encryption (pgCrypto): If a user gets past file system encryption, they can access a database that’s been logged into. Encrypting data at the column level keeps the database information secure. 11. Auditing: Track and analyze database activities, like the creation, changing, or deletion of data. EDB recommends auditing based on user connections, DDL changes, data changes, and data views. 12. Data redaction: Data redaction shields certain data elements from certain types of users, like Social Security numbers.
  • 15. 15 EXAMPLE: DATA REDACTION 15 Username [enterprisedb]: privilegeduser mycompany=> select * from employees; id | name | ssn | phone | birthday ----+--------------+-------------+------------+-------------------- 1 | Sally Sample | 020-78-9345 | 5081234567 | 02-FEB-61 00:00:00 1 | Jane Doe | 123-33-9345 | 6171234567 | 14-FEB-63 00:00:00 1 | Bill Foo | 123-89-9345 | 9781234567 | 14-FEB-63 00:00:00 (3 rows) Username [enterprisedb]: redacteduser mycompany=> select * from employees; id | name | ssn | phone | birthday ----+--------------+-------------+------------+-------------------- 1 | Sally Sample | xxx-xx-9345 | 5081234567 | 02-FEB-02 00:00:00 1 | Jane Doe | xxx-xx-9345 | 6171234567 | 14-FEB-02 00:00:00 1 | Bill Foo | xxx-xx-9345 | 9781234567 | 14-FEB-02 00:00:00 (3 rows)
  • 16. 16 ADVANTAGES OF EDB POSTGRES ● SQL Injection Attack Prevention ● Password Profiles: Complexity rules, expiration, etc ● Auditing: DML auditing for INSERT, UPDATE, DELETE, TRUNCATE by user and database, syslog integration, etc. ⇒ Manage audit logs separately from server logs ⇐ ● Data Redaction (EPAS 11)
  • 17. 17 Conclusions ● AAA: ○ Authentication ○ Authorization ○ Auditing ● Multi-layered security measures ● Protection and security includes: ○ Physical security ○ Network security ○ Host security ○ Application security ○ Data security
  • 18. 18 RESOURCES Webinar: 5 Ways to Make Your PostgreSQL GDPR-ready Blog: Native Data Redaction Capability in EDB Postgres Advanced Server 11 Blog: EDB Postgres Secure Technology Implementation Guide Blog: Managing Roles with Password Profiles: Part 1-3