October 2, 2014

Database auditing alternatives for MySQL

Database auditing is the monitoring of selected actions of database users. It doesn’t protect the database in case privileges are set incorrectly, but it can help the administrator detect mistakes. Audits are needed for security. You can track data access and be alerted to suspicious activity. Audits are required for data integrity. They are the […]

Heartbleed: Separating FAQ From FUD

If you’ve been following this blog (my colleague, David Busby, posted about it yesterday) or any tech news outlet in the past few days, you’ve probably seen some mention of the “Heartbleed” vulnerability in certain versions of the OpenSSL library. So what is ‘Heartbleed’, really? In short, Heartbleed is an information-leak issue. An attacker can […]

Database security: Why should you review yours?

Ah database security… the black sheep of topics and something you would really rather not have to deal with right? I mean surely all the fanfare and paranoia is reserved for the neck beards with tinfoil hats whom live in their own D.I.Y Faraday cage … that must be it … it just has to […]

Hardening your Cacti setup

If you are using Percona Monitoring Plugins for Cacti, this article should be important to you. By default, the Cacti setup is closed from accessing from Web. Here is an excerpt from /etc/httpd/conf.d/cacti.conf:

In order, to access the Cacti web interface, most likely, you will be changing this configuration. Commenting out Deny/Require statements will […]

MySQL encryption performance, revisited

This is part two on a two-part series on the performance implications of in-flight data encryption with MySQL. In the first part, I focused specifically on the impact of using MySQL’s built-in SSL support with some rather surprising results. Certainly it was expected that query throughput would be lower with SSL than without, but I […]