The evolution of legal norms has centered privacy as a core value, becoming more and more relevant to keep up with the features and dynamic of technology. The recent changes brought by the EU's GDPR have made this even more relevant, as it imposes a uniform set of rulings to be applied in a variety of ecosystems. Also, besides its versatile mechanism of enforcement, it seems that it is becoming the new unofficial standard of the future.
The OSS field is well known for its concept of community formed around an OSS project, which contributes to its development as it evolves. This is maybe one of the reasons why a lot of projects have set privacy by default and by design as main ambitions, as it expresses a need of the people to have their data protected.
The GDPR is undoubtedly an effective tool to raise awareness about the right to privacy, enforcing data protection principles. However, each field of activity is currently setting up best practices, which eventually will become complementary to the legal norms.
This talk is about pointing out how the provisions of the GDPR apply in the OSS field and how we could analyse the model of data controller/processor in the context of OSS participants and infrastructure providers. Moreover, it will point out how privacy is and could be even more enforced by the OSS model.
The examples which will stand as basis for the analysis are those of XWiki and Cryptpad. XWiki is an OSS project started 15 years ago, currently having a mature company to provide services on top of it. It involves actors from all over the world, including members of the OSS community, customers, collaborators and team members. Cryptpad, on the other hand, is a project developed with the aim of placing privacy by design as a core principle, with the use of end to end encryption for data protection.
Ultimately, we all need to become more privacy aware, and whatever role we may find ourselves in, as controllers or processors of personal data, as authorities or even as data subjects, we are all participating in shaping the future of privacy.
In this day and age, maintaining privacy throughout our electronic communications is absolutely necessary. Creating user accounts, and not exposing your MongoDB environment to the wider internet, are basic concepts that have been missed in the past. Once that has been addressed, individuals and organizations interested in becoming PCI compliant must turn to securing their data through encryption. With MongoDB, we have two options for encryption: at rest (only available as an enterprise feature with MongoDB) and transport encryption.
In this session we will review
- MongoDB default security
- Additional layers of security
- Audit and Log reduction
- Encryption and why it's important
- Step by step for encryption at rest and in transit
- Percona for MongoDB security features
A discussion of different types of encryption as it relates to MySQL and the community, followed by a deep dive into key management with Hashicorp's Vault software and MySQL.
Real world examples, problems, and "what worked" for Empowered Benefits as they embarked on their journey to implement encryption at rest in their health care centric IT environment.
Data security plays a critical role in PayPal's database infrastructures. In this presentation, we will discuss how PayPal enforces data security. The following areas will be covered:
- SSL encrypted connections between applications and database instances, as well as database to database instances
- Integration of database login with LDAP for user authentication and authorization
- Enterprise auditing for database access and metadata/object modifications
- Securing application login with custom SSL key and password management, password rotations
- Methods to avoid password exposure, such as by using MySQL connection strings
- Challenges of standardization of MySQL to Percona XtraDB in PayPal. How we handled
-- different versions of MySQL on different operating systems
-- application users with super user privileges
-- incompatibilities between MySQL commercial and Percona XtraDB Cluster
Security is always a challenge when it comes to data, but regulations like GDPR brings a new layer on top. With rules come more and more restrictions to access and manipulate data. Join us in this presentation to check security best practices, and traditional and new features available for MySQL, including features coming with the new MySQL 8.
In this talk, DBA's and sysadmins will walk through the security features available on the OS and MySQL:
- SO security
- Audit Plugin
- MySQL 8 features
- New caching_sha2_password
- Password Management
- FIPS mode
We will share our experience of working with thousands of support customers, help the audience to become familiar with all the security concepts and methods, and give you the necessary knowledge to apply to your environment.
- General concepts
- what happens when keyring plugin is loaded
- where keys are stored
â€“ keyring initialization failures
â€“ taking care of core dumps
- how to setup keyring_vault (separation of servers on Vault server)
- list of keys on a server (base64 encoded)
2) How Innodb Master Key encryption internal works:
- where encryption key is stored
- relation between Master Key and tablespace's encryption key
- keyring cooperation
- keyring uninstallation
3) how key rotation works
4) can table be re-encrypted?
5) Encryption threads
- what are encryption threads
- key rotation
6) binlog encryption:
- communication between master and slave
- key rotation
- MySQL / PS encryption (8.0.14)
As we move into the future, data becomes worth stealing and is stolen often. Backups become critical not only to be safe in case of an accident, but safe from people and computers who should not have your data. Security Compliance is here (and there will be more in the future) and both PCI and GDPR have requirements for backups. Plus our data may be what thieves really want so encryption, storage and retention policies must be looked at or used.
Come share your experience and learn from others on how to make databases secure and compliant.
Deploying SSL/TLS with MySQL at Booking.com on thousands of servers is not without issues.
In this session I'll tell you what steps we took, what problems we hit, and how we improved various parts of the MySQL ecosystem while doing so.
To start we go over the basics: Which TLS settings are there in MySQL and MariaDB and how does this differ from HTTPS as used in browsers. And why do we want TLS in the first place? Is TLS and SSL the same thing?
The first set of problems is inside MySQL: YaSSL vs. OpenSSL, verification issues and reloading of certificates.
The second set of problems is inside Connectors: I'll touch on DBD::mysql (Perl), Go-MySQL-Driver, libmysqlclient (C)
Not all connectors have the same options and defaults. I'll go into TLSv1.2 support.
The third set of problems is tools: Using the require_secure_transport option caused issues with Percona Toolkit and Orchestrator.
I'll also cover: RSA v.s EC, security issues I found and how I wrote a Proxy for MySQL