Infrastructure at your Service

Category

Security

Steven Naudet

SQL Server connectivity issue – troubleshoot TLS configuration

By | Database Administration & Monitoring, Security, SQL Server | One Comment

In the blog post, I will share a case of troubleshooting a connectivity issue with SQL Server. The problem occurred in a migration context. The SQL Server databases (in version 2008 to 2014) from multiple applications were consolidated on a new server with SQL Server 2019. Application servers were also migrated to new VMs. The new servers are hosted on a brand new infrastructure managed by a third-party provider which my customer has very little…

Read More
Joël Cattin

Automating Linux patching with Ansible

By | Ansible, DevOps, Operation systems, Security | No Comments

Since the beginning of the year, several vulnerabilities have been discovered in the Linux Kernel as well as in others important and widely-used packages. Among them, there was the famous CVE-2021-3156 affecting the sudo package and allowing any unprivileged user to gain root privileges. This one had a base score of 7.8, which is considered as high. This kind of events demonstrate the importance of having a strong patching strategy to ensure up-to-date softwares and…

Read More
Dominique Althuser

Swiss Cyber Security Days (SCSD)

By | Security | No Comments

The Swiss Cyber Security Days (SCSD) took place on March 10 and 11, 2021 The largest event in Switzerland entirely dedicated to cyber security took place on March 10 and 11, in a 100% digital form. Despite the health measures related to the coronavirus pandemic, the third edition of the Swiss Cyber Security Days was maintained. Indeed, cyber threats do not know any break.   One of the conferences I was able to attend, presented…

Read More
Mouhamadou Diaw

Oracle 21c Security : Mandatory Profile

By | Database Administration & Monitoring, Database management, Oracle, Security | No Comments

With Oracle 21c, it is now possible to enforce a password policy (length, number of digits…) for all pluggable databases or for specific pluggable databases via profiles. This is done by creating a mandatory profile in the root CDB and this profile will be attached to corresponding PDBs. The mandatory profile is a generic profile that can only have a single parameter, the PASSWORD_VERIFY_FUNCTION. The password complexity verification function of the mandatory profile is checked…

Read More
Mouhamadou Diaw

Oracle 21c Security : Gradual Database Password Rollover

By | Database Administration & Monitoring, Database management, Oracle, Security | 5 Comments

Starting with Oracle 21c, a password of an application can be changed without having to schedule a downtime. This can be done by using the new profile parameter PASSWORD_ROLLOVER_TIME This will set a rollover period of time where the application can log in using either the old password or the new password. With this enhancement, an administrator does not need any more to take the application down when the application database password is being rotated….

Read More
Mouhamadou Diaw

Oracle 21c Security : ORA_STIG_PROFILE and ORA_CIS_PROFILE

By | Database Administration & Monitoring, Database management, Oracle, Security | No Comments

In my previous blog I was testing the creation of a new Oracle 21c database. In this blog I am talking about two changes about the security. In each new release Oracle strengthens security. That’s why since Oracle 12.2, to meet Security Technical Implementation Guides (STIG) compliance, Oracle Database provided the profile ORA_STIG_PROFILE With Oracle 21c the profile ORA_STIG_PROFILE was updated and Oracle has provided a new profile to meet CIS standard : the profile…

Read More
Burgert Daniel

Increase your PostgreSQL databases security by checking a few settings Part 2

By | Database Administration & Monitoring, Postgres, Security | No Comments

Continuing from my first blog we will check some more access and authentication configurations. Focusing on removing unnecessary database privileges. After that we will configure the backend parameters correctly to have more robust PostgreSQL server/client sessions. And at last SSL encryption for these sessions will be configured.

Read More
Furkan Suv

SELinux for beginners

By | Operation systems, Security | No Comments

Do you know the following situation: You are following a step by step tutorial on the web and on your environment does not work as expected because of SELinux. Your looking on search engines command how you can disable the SELinux… Does that sound familiar? On this Blog I will explain what SELinux are, where and how to use is. Let’s start! What is SELinux and why should I not disable it? SE stands for…

Read More
Elisa Usai

The evolution of MySQL authentication mechanism

By | Database Administration & Monitoring, Database management, MySQL, Security | No Comments

The authentication, the first level of security for each IT system, is the stage to verify the user identity through the basic username and password scheme. It is crucial to have a mechanism to protect and secure password storing and transmitting over network. In MySQL, there is plenty of different authentication methods available, and last versions improved the security of this concept.

Read More