SlideShare a Scribd company logo

Creating a Multi-Layered Secured Postgres Database

Download as PPTX, PDF
EDB
EDB

The document outlines the multi-layered security architecture for PostgreSQL databases provided by EDB, a leader in open-source software solutions. Key aspects include authentication, authorization, auditing, and multiple security barriers to protect against unauthorized access and data breaches. Additionally, it highlights EDB's expertise in application modernization and migration from legacy systems, emphasizing the importance of various security measures and best practices.

Technology
1 of 19
Downloaded 32 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
CONFIDENTIAL © Copyright EnterpriseDB Corporation, 2019. All rights reserved. Marc Linster SVP, Product Development and Support 1 Creating a Multi-layered Security Architecture for Your Postgres Databases
WHO IS EDB? The world leader in open-source based Postgres software and services 2 • Founded in 2004 • Recognized RDBMS leader by: • Gartner • Forrester • Customer base > 4000 • 300+ employees • Offices worldwide • Largest PostgreSQL community leader
EDB POSTGRES SOLUTION USE CASES New Applications DevOps, schema-less rapid development, and multiple programming language support Application Modernization Multi-model flexibility and integration with popular data sources Legacy Migration Compatibility with Oracle leverages existing DBA and developer skills 3 Migration to Cloud Flexible deployment options and simple business terms for moving to the cloud Our customers rely on our expertise and solutions to develop new applications, move applications to the cloud, modernize applications, and migrate off legacy databases like Oracle.
ONLY OPEN SOURCE BASED RDBMS IN GARTNER MQ EDB Recognized 6 Years In A Row on Gartner’s Magic Quadrant 4
5 Customers working SMARTER, reducing RISK and being more PRODUCTIVE with EDB. OVER 4,000 CUSTOMERS U.S Customers EMEA Customers APAC Customers 102 of the Fortune 500 337 of the Forbes Global 2000
EDB OPEN SOURCE LEADERSHIP NAMED EDB OPEN SOURCE COMMITTERS AND CONTRIBUTORS 6 • CORE TEAM • • • • MAJOR CONTRIBUTORS • CONTRIBUTORS Akshay Joshi Amul Sul Ashesh Vashi Dilip Kumar Jeevan Ladhe Mithun Cy Andres Freund Devrim Gündüz Thomas Munro Amit Kapila Bruce Momjian Dave Page Robert Haas Ashutosh Sharma Rushabh Lathia - designates committers
7 EDB Postgres Platform
8 Aspects of Data Security Data Security Unauthorized access Data corruption Loss of access Data breaches (Un)intentional corruption Hardware failure Operator error Process failure Loss of encryption keys Network failure Disaster recovery Notification and compliance
9 Key Concepts: AAA ● Authentication: verify the user is who they claim to be ● Authorization: verify the user is allowed access to the system and the data ● Auditing: record all database activity, including username and time
10 KEY CONCEPTS: MULTIPLE BARRIERS ● Secure physical access to the host ● Limited access to the network ● Limited access to the database host ● Limited access to the database application ● Limited access to the data in the database
11 DB Host Database files Data base Data base Data baseData access control: • Tables • Columns • Rows • Views • Security barriers DB Server Authentication: • Users • Roles • Password profiles Data Center Physical access Host access DB Server network access File system encryption Data file encryption Data encryption • Column based encryption DML/DDL Auditing SQL Injection Attack Prevention Encryption in transit w. host authentication Data redaction/masking Key Management System MULTIPLE LAYERS OF SECURITY
12 MULTIPLE BARRIERS 1. Physical access (locks on doors, cameras, etc.): If a data center is not physically protected, all other data security measures become significantly less valuable. 2. Host access (Operating System controls): Securing access at the host-level ensures no users have unfettered access to the database host. 3. DB Server Network Access: Through Postgres’s hba.conf, connections to the database server can be controlled and limited. 4. File system encryption (through native Linux or third-party solutions): Encrypting the file system protects the files on the drive if the drive is stolen. Third party solutions can also leverage third- party key management systems
13 MULTIPLE BARRIERS 5. SQL injection attack prevention: SQL injection attack prevention blocks corruption or co-opting of a database, including unauthorized relations, utility commands, SQL tautology, and unbounded DML. 6. Database authentication: Passwords, LDAP, Keberos, certificates or using operating systems credentials. Database authentication should be tied with overall user management to make sure access credentials get revoked when users leave the business or cease to be customers. 7. Database authorization and access control: Users must be granted permissions to view and work with data in the database. A principle of least privilege should be applied.
14 MULTIPLE BARRIERS 9. File system encryption (native Linux or third-party): Encrypting the file system protects the files on the drive if the drive is stolen. Third party solutions can leverage third- party key management systems 10. Data encryption (pgCrypto): If a user gets past file system encryption, they can access a database that’s been logged into. Encrypting data at the column level keeps the database information secure. 11. Auditing: Track and analyze database activities, like the creation, changing, or deletion of data. EDB recommends auditing based on user connections, DDL changes, data changes, and data views. 12. Data redaction: Data redaction shields certain data elements from certain types of users, like Social Security numbers.
15 EXAMPLE: DATA REDACTION 15 Username [enterprisedb]: privilegeduser mycompany=> select * from employees; id | name | ssn | phone | birthday ----+--------------+-------------+------------+-------------------- 1 | Sally Sample | 020-78-9345 | 5081234567 | 02-FEB-61 00:00:00 1 | Jane Doe | 123-33-9345 | 6171234567 | 14-FEB-63 00:00:00 1 | Bill Foo | 123-89-9345 | 9781234567 | 14-FEB-63 00:00:00 (3 rows) Username [enterprisedb]: redacteduser mycompany=> select * from employees; id | name | ssn | phone | birthday ----+--------------+-------------+------------+-------------------- 1 | Sally Sample | xxx-xx-9345 | 5081234567 | 02-FEB-02 00:00:00 1 | Jane Doe | xxx-xx-9345 | 6171234567 | 14-FEB-02 00:00:00 1 | Bill Foo | xxx-xx-9345 | 9781234567 | 14-FEB-02 00:00:00 (3 rows)
16 ADVANTAGES OF EDB POSTGRES ● SQL Injection Attack Prevention ● Password Profiles: Complexity rules, expiration, etc ● Auditing: DML auditing for INSERT, UPDATE, DELETE, TRUNCATE by user and database, syslog integration, etc. ⇒ Manage audit logs separately from server logs ⇐ ● Data Redaction (EPAS 11)
17 Conclusions ● AAA: ○ Authentication ○ Authorization ○ Auditing ● Multi-layered security measures ● Protection and security includes: ○ Physical security ○ Network security ○ Host security ○ Application security ○ Data security
18 RESOURCES Webinar: 5 Ways to Make Your PostgreSQL GDPR-ready Blog: Native Data Redaction Capability in EDB Postgres Advanced Server 11 Blog: EDB Postgres Secure Technology Implementation Guide Blog: Managing Roles with Password Profiles: Part 1-3
Contact Information, info@enterprisedb.com QUESTIONS & DISCUSSION 19

More Related Content

What's hot (20)

PPTX
Oracle Migration to Postgres in the Cloud
EDB
 
PPTX
Webinar: Managing Postgres at Scale
EDB
 
PDF
Using PEM to understand and improve performance in Postgres: Postgres Tuning ...
EDB
 
PDF
EDB Postgres Platform
EDB
 
PDF
Best Practices in Security with PostgreSQL
EDB
 
PPTX
Ein Expertenleitfaden für die Migration von Legacy-Datenbanken zu PostgreSQL
EDB
 
PPTX
Break Free from Oracle
EDB
 
PDF
Transform DBMS to Drive Apps of Engagement Innovation
EDB
 
PDF
Postgres Integrates Effectively in the "Enterprise Sandbox"
EDB
 
PPTX
Migrate Today: Proactive Steps to Unhook from Oracle
EDB
 
PDF
No Time to Waste: Migrate from Oracle to EDB Postgres in Minutes
EDB
 
PDF
How to Build On-demand Oracle Compatible Postgres Database in Minutes
EDB
 
PDF
Optimize with Open Source
EDB
 
PPTX
Advanced Database Patterns for Kubernetes
EDB
 
PPTX
Best Practices in Security with PostgreSQL
EDB
 
PDF
Remote DBA Service: Powering your DBA needs
EDB
 
PDF
Keynote: The Postgres Ecosystem
EDB
 
PPTX
New Approaches to Integrating Oracle and Postgres Database Strategies
EDB
 
PDF
Drive DBMS Transformation with EDB Postgres
EDB
 
PDF
Reducing Database Pain & Costs with Postgres
EDB
 
Oracle Migration to Postgres in the Cloud
EDB
 
Webinar: Managing Postgres at Scale
EDB
 
Using PEM to understand and improve performance in Postgres: Postgres Tuning ...
EDB
 
EDB Postgres Platform
EDB
 
Best Practices in Security with PostgreSQL
EDB
 
Ein Expertenleitfaden für die Migration von Legacy-Datenbanken zu PostgreSQL
EDB
 
Break Free from Oracle
EDB
 
Transform DBMS to Drive Apps of Engagement Innovation
EDB
 
Postgres Integrates Effectively in the "Enterprise Sandbox"
EDB
 
Migrate Today: Proactive Steps to Unhook from Oracle
EDB
 
No Time to Waste: Migrate from Oracle to EDB Postgres in Minutes
EDB
 
How to Build On-demand Oracle Compatible Postgres Database in Minutes
EDB
 
Optimize with Open Source
EDB
 
Advanced Database Patterns for Kubernetes
EDB
 
Best Practices in Security with PostgreSQL
EDB
 
Remote DBA Service: Powering your DBA needs
EDB
 
Keynote: The Postgres Ecosystem
EDB
 
New Approaches to Integrating Oracle and Postgres Database Strategies
EDB
 
Drive DBMS Transformation with EDB Postgres
EDB
 
Reducing Database Pain & Costs with Postgres
EDB
 

Similar to Creating a Multi-Layered Secured Postgres Database (20)

PDF
Best Practices in Security with PostgreSQL
EDB
 
PDF
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot
 
PPTX
Enterprise-class security with PostgreSQL - 1
Ashnikbiz
 
PPTX
5 Ways to Make Your Postgres GDPR-Ready
EDB
 
PPTX
GDPR Webinar January 2018
EDB
 
PPTX
PostgreSQL Security. How Do We Think?
Ohyama Masanori
 
PDF
Achieving Pci Compliace
Denish Patel
 
PPTX
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Andrejs Prokopjevs
 
PDF
New enhancements for security and usability in EDB 13
EDB
 
PDF
Transparent Data Encryption in PostgreSQL
Masahiko Sawada
 
PDF
PostgreSQL Security. How Do We Think? at PGCon 2017
Ohyama Masanori
 
PPTX
New enhancements for security and usability in EDB 13
EDB
 
DOCX
Database Security – Issues and Best PracticesOutline
OllieShoresna
 
PDF
Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Masahiko Sawada
 
PPT
UNIT 1 DBMS Security made by me it hrlps you to makr your future bright.ppt
AnuradhaGupta789099
 
PPT
SQL Server 2008 Security Overview
ukdpe
 
PDF
Expanding with EDB Postgres Advanced Server 9.5
EDB
 
PPTX
PCI Compliance: How to Remain Compliant and Gain Near Real-Time Analytics on ...
Emtec Inc.
 
PDF
PgDay Asia 2016 - Security Best Practices for your Postgres Deployment
Ashnikbiz
 
PDF
Security Best Practices for your Postgres Deployment
PGConf APAC
 
Best Practices in Security with PostgreSQL
EDB
 
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot
 
Enterprise-class security with PostgreSQL - 1
Ashnikbiz
 
5 Ways to Make Your Postgres GDPR-Ready
EDB
 
GDPR Webinar January 2018
EDB
 
PostgreSQL Security. How Do We Think?
Ohyama Masanori
 
Achieving Pci Compliace
Denish Patel
 
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Andrejs Prokopjevs
 
New enhancements for security and usability in EDB 13
EDB
 
Transparent Data Encryption in PostgreSQL
Masahiko Sawada
 
PostgreSQL Security. How Do We Think? at PGCon 2017
Ohyama Masanori
 
New enhancements for security and usability in EDB 13
EDB
 
Database Security – Issues and Best PracticesOutline
OllieShoresna
 
Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Masahiko Sawada
 
UNIT 1 DBMS Security made by me it hrlps you to makr your future bright.ppt
AnuradhaGupta789099
 
SQL Server 2008 Security Overview
ukdpe
 
Expanding with EDB Postgres Advanced Server 9.5
EDB
 
PCI Compliance: How to Remain Compliant and Gain Near Real-Time Analytics on ...
Emtec Inc.
 
PgDay Asia 2016 - Security Best Practices for your Postgres Deployment
Ashnikbiz
 
Security Best Practices for your Postgres Deployment
PGConf APAC
 
Ad

More from EDB (20)

PDF
Cloud Migration Paths: Kubernetes, IaaS, or DBaaS
EDB
 
PDF
Die 10 besten PostgreSQL-Replikationsstrategien für Ihr Unternehmen
EDB
 
PDF
Migre sus bases de datos Oracle a la nube
EDB
 
PDF
EFM Office Hours - APJ - July 29, 2021
EDB
 
PDF
Benchmarking Cloud Native PostgreSQL
EDB
 
PDF
Las Variaciones de la Replicación de PostgreSQL
EDB
 
PDF
NoSQL and Spatial Database Capabilities using PostgreSQL
EDB
 
PDF
Is There Anything PgBouncer Can’t Do?
EDB
 
PDF
Data Analysis with TensorFlow in PostgreSQL
EDB
 
PDF
Practical Partitioning in Production with Postgres
EDB
 
PDF
A Deeper Dive into EXPLAIN
EDB
 
PDF
IOT with PostgreSQL
EDB
 
PDF
A Journey from Oracle to PostgreSQL
EDB
 
PDF
Psql is awesome!
EDB
 
PDF
EDB 13 - New Enhancements for Security and Usability - APJ
EDB
 
PPTX
Comment sauvegarder correctement vos données
EDB
 
PDF
Cloud Native PostgreSQL - Italiano
EDB
 
PDF
Cloud Native PostgreSQL - APJ
EDB
 
PDF
EDB Postgres & Tools in a Smart City Project
EDB
 
PDF
All you need to know about CREATE STATISTICS
EDB
 
Cloud Migration Paths: Kubernetes, IaaS, or DBaaS
EDB
 
Die 10 besten PostgreSQL-Replikationsstrategien für Ihr Unternehmen
EDB
 
Migre sus bases de datos Oracle a la nube
EDB
 
EFM Office Hours - APJ - July 29, 2021
EDB
 
Benchmarking Cloud Native PostgreSQL
EDB
 
Las Variaciones de la Replicación de PostgreSQL
EDB
 
NoSQL and Spatial Database Capabilities using PostgreSQL
EDB
 
Is There Anything PgBouncer Can’t Do?
EDB
 
Data Analysis with TensorFlow in PostgreSQL
EDB
 
Practical Partitioning in Production with Postgres
EDB
 
A Deeper Dive into EXPLAIN
EDB
 
IOT with PostgreSQL
EDB
 
A Journey from Oracle to PostgreSQL
EDB
 
Psql is awesome!
EDB
 
EDB 13 - New Enhancements for Security and Usability - APJ
EDB
 
Comment sauvegarder correctement vos données
EDB
 
Cloud Native PostgreSQL - Italiano
EDB
 
Cloud Native PostgreSQL - APJ
EDB
 
EDB Postgres & Tools in a Smart City Project
EDB
 
All you need to know about CREATE STATISTICS
EDB
 
Ad

Recently uploaded (20)

PDF
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
PDF
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
PPTX
Seamless Tech Experiences Showcasing Cross-Platform App Design.pptx
presentifyai
 
PDF
Mastering Financial Management in Direct Selling
Epixel MLM Software
 
PDF
Transcript: New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
PPTX
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
PDF
Transforming Utility Networks: Large-scale Data Migrations with FME
Safe Software
 
PPTX
Designing_the_Future_AI_Driven_Product_Experiences_Across_Devices.pptx
presentifyai
 
PDF
“NPU IP Hardware Shaped Through Software and Use-case Analysis,” a Presentati...
Edge AI and Vision Alliance
 
DOCX
Cryptography Quiz: test your knowledge of this important security concept.
Rajni Bhardwaj Grover
 
PDF
"AI Transformation: Directions and Challenges", Pavlo Shaternik
Fwdays
 
PDF
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
PDF
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
PDF
Book industry state of the nation 2025 - Tech Forum 2025
BookNet Canada
 
PDF
LOOPS in C Programming Language - Technology
RishabhDwivedi43
 
PPTX
"Autonomy of LLM Agents: Current State and Future Prospects", Oles` Petriv
Fwdays
 
PDF
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
PDF
Go Concurrency Real-World Patterns, Pitfalls, and Playground Battles.pdf
Emily Achieng
 
PDF
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
PPTX
The Project Compass - GDG on Campus MSIT
dscmsitkol
 
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
Seamless Tech Experiences Showcasing Cross-Platform App Design.pptx
presentifyai
 
Mastering Financial Management in Direct Selling
Epixel MLM Software
 
Transcript: New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
Transforming Utility Networks: Large-scale Data Migrations with FME
Safe Software
 
Designing_the_Future_AI_Driven_Product_Experiences_Across_Devices.pptx
presentifyai
 
“NPU IP Hardware Shaped Through Software and Use-case Analysis,” a Presentati...
Edge AI and Vision Alliance
 
Cryptography Quiz: test your knowledge of this important security concept.
Rajni Bhardwaj Grover
 
"AI Transformation: Directions and Challenges", Pavlo Shaternik
Fwdays
 
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
Book industry state of the nation 2025 - Tech Forum 2025
BookNet Canada
 
LOOPS in C Programming Language - Technology
RishabhDwivedi43
 
"Autonomy of LLM Agents: Current State and Future Prospects", Oles` Petriv
Fwdays
 
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
Go Concurrency Real-World Patterns, Pitfalls, and Playground Battles.pdf
Emily Achieng
 
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
The Project Compass - GDG on Campus MSIT
dscmsitkol
 

Creating a Multi-Layered Secured Postgres Database

  • 1. CONFIDENTIAL © Copyright EnterpriseDB Corporation, 2019. All rights reserved. Marc Linster SVP, Product Development and Support 1 Creating a Multi-layered Security Architecture for Your Postgres Databases
  • 2. WHO IS EDB? The world leader in open-source based Postgres software and services 2 • Founded in 2004 • Recognized RDBMS leader by: • Gartner • Forrester • Customer base > 4000 • 300+ employees • Offices worldwide • Largest PostgreSQL community leader
  • 3. EDB POSTGRES SOLUTION USE CASES New Applications DevOps, schema-less rapid development, and multiple programming language support Application Modernization Multi-model flexibility and integration with popular data sources Legacy Migration Compatibility with Oracle leverages existing DBA and developer skills 3 Migration to Cloud Flexible deployment options and simple business terms for moving to the cloud Our customers rely on our expertise and solutions to develop new applications, move applications to the cloud, modernize applications, and migrate off legacy databases like Oracle.
  • 4. ONLY OPEN SOURCE BASED RDBMS IN GARTNER MQ EDB Recognized 6 Years In A Row on Gartner’s Magic Quadrant 4
  • 5. 5 Customers working SMARTER, reducing RISK and being more PRODUCTIVE with EDB. OVER 4,000 CUSTOMERS U.S Customers EMEA Customers APAC Customers 102 of the Fortune 500 337 of the Forbes Global 2000
  • 6. EDB OPEN SOURCE LEADERSHIP NAMED EDB OPEN SOURCE COMMITTERS AND CONTRIBUTORS 6 • CORE TEAM • • • • MAJOR CONTRIBUTORS • CONTRIBUTORS Akshay Joshi Amul Sul Ashesh Vashi Dilip Kumar Jeevan Ladhe Mithun Cy Andres Freund Devrim Gündüz Thomas Munro Amit Kapila Bruce Momjian Dave Page Robert Haas Ashutosh Sharma Rushabh Lathia - designates committers
  • 8. 8 Aspects of Data Security Data Security Unauthorized access Data corruption Loss of access Data breaches (Un)intentional corruption Hardware failure Operator error Process failure Loss of encryption keys Network failure Disaster recovery Notification and compliance
  • 9. 9 Key Concepts: AAA ● Authentication: verify the user is who they claim to be ● Authorization: verify the user is allowed access to the system and the data ● Auditing: record all database activity, including username and time
  • 10. 10 KEY CONCEPTS: MULTIPLE BARRIERS ● Secure physical access to the host ● Limited access to the network ● Limited access to the database host ● Limited access to the database application ● Limited access to the data in the database
  • 11. 11 DB Host Database files Data base Data base Data baseData access control: • Tables • Columns • Rows • Views • Security barriers DB Server Authentication: • Users • Roles • Password profiles Data Center Physical access Host access DB Server network access File system encryption Data file encryption Data encryption • Column based encryption DML/DDL Auditing SQL Injection Attack Prevention Encryption in transit w. host authentication Data redaction/masking Key Management System MULTIPLE LAYERS OF SECURITY
  • 12. 12 MULTIPLE BARRIERS 1. Physical access (locks on doors, cameras, etc.): If a data center is not physically protected, all other data security measures become significantly less valuable. 2. Host access (Operating System controls): Securing access at the host-level ensures no users have unfettered access to the database host. 3. DB Server Network Access: Through Postgres’s hba.conf, connections to the database server can be controlled and limited. 4. File system encryption (through native Linux or third-party solutions): Encrypting the file system protects the files on the drive if the drive is stolen. Third party solutions can also leverage third- party key management systems
  • 13. 13 MULTIPLE BARRIERS 5. SQL injection attack prevention: SQL injection attack prevention blocks corruption or co-opting of a database, including unauthorized relations, utility commands, SQL tautology, and unbounded DML. 6. Database authentication: Passwords, LDAP, Keberos, certificates or using operating systems credentials. Database authentication should be tied with overall user management to make sure access credentials get revoked when users leave the business or cease to be customers. 7. Database authorization and access control: Users must be granted permissions to view and work with data in the database. A principle of least privilege should be applied.
  • 14. 14 MULTIPLE BARRIERS 9. File system encryption (native Linux or third-party): Encrypting the file system protects the files on the drive if the drive is stolen. Third party solutions can leverage third- party key management systems 10. Data encryption (pgCrypto): If a user gets past file system encryption, they can access a database that’s been logged into. Encrypting data at the column level keeps the database information secure. 11. Auditing: Track and analyze database activities, like the creation, changing, or deletion of data. EDB recommends auditing based on user connections, DDL changes, data changes, and data views. 12. Data redaction: Data redaction shields certain data elements from certain types of users, like Social Security numbers.
  • 15. 15 EXAMPLE: DATA REDACTION 15 Username [enterprisedb]: privilegeduser mycompany=> select * from employees; id | name | ssn | phone | birthday ----+--------------+-------------+------------+-------------------- 1 | Sally Sample | 020-78-9345 | 5081234567 | 02-FEB-61 00:00:00 1 | Jane Doe | 123-33-9345 | 6171234567 | 14-FEB-63 00:00:00 1 | Bill Foo | 123-89-9345 | 9781234567 | 14-FEB-63 00:00:00 (3 rows) Username [enterprisedb]: redacteduser mycompany=> select * from employees; id | name | ssn | phone | birthday ----+--------------+-------------+------------+-------------------- 1 | Sally Sample | xxx-xx-9345 | 5081234567 | 02-FEB-02 00:00:00 1 | Jane Doe | xxx-xx-9345 | 6171234567 | 14-FEB-02 00:00:00 1 | Bill Foo | xxx-xx-9345 | 9781234567 | 14-FEB-02 00:00:00 (3 rows)
  • 16. 16 ADVANTAGES OF EDB POSTGRES ● SQL Injection Attack Prevention ● Password Profiles: Complexity rules, expiration, etc ● Auditing: DML auditing for INSERT, UPDATE, DELETE, TRUNCATE by user and database, syslog integration, etc. ⇒ Manage audit logs separately from server logs ⇐ ● Data Redaction (EPAS 11)
  • 17. 17 Conclusions ● AAA: ○ Authentication ○ Authorization ○ Auditing ● Multi-layered security measures ● Protection and security includes: ○ Physical security ○ Network security ○ Host security ○ Application security ○ Data security
  • 18. 18 RESOURCES Webinar: 5 Ways to Make Your PostgreSQL GDPR-ready Blog: Native Data Redaction Capability in EDB Postgres Advanced Server 11 Blog: EDB Postgres Secure Technology Implementation Guide Blog: Managing Roles with Password Profiles: Part 1-3