Showing entries 1 to 8
Displaying posts with tag: firewall (reset)
Time to check Galera Cluster security?

There are plenty of articles on the Internet that tell you to setup a Galera Cluster by disabling an OS based firewall and also disabling SELinux. While we agree that this might be the fastest way to get your Galera Cluster setup, it is not necessarily good security hygiene, and we would prefer if you started 2022 with a bit more secure Galera Cluster!

What is SELinux? Is is Security-Enhanced Linux that allows administrators to allow who has more control over the system. It has permissive and enforcing mode, and is turned on by default in Red Hat Enterprise Linux and derivatives. It is important to remember that if you install Galera Cluster via a package that we provide, we have provided all the necessary contexts for it. You effectively do not have to disable SELinux to get started.

However, if you are using the rsync method for a …

[Read more]
ProxySQL 2.0.9 Introduces Firewall Whitelist Capabilities

In this blog, we will test a new security feature added in ProxySQL 2.0.9. Since a time ago, we have had the ability to block queries using mysql_query_rules table matching a group of queries using reg exp like a blacklist. Check out a previous blog for how to config “ProxySQL Firewalling” using the mysql_query_rules table.

You can improve a whitelist using the mysql_query_rules table, but it is difficult if you have hundreds of queries.

ProxySQL 2.0.9 introduces two new tables for the firewall whitelist algorithm:

Admin> SELECT name AS tables FROM main.sqlite_master WHERE type='table' AND name IN ('mysql_firewall_whitelist_rules','mysql_firewall_whitelist_users') ORDER BY name;
+--------------------------------+
| tables                         | …
[Read more]
Webinar 6/28: Securing Database Servers From External Attacks

Please join Percona’s Chief Evangelist Colin Charles on Thursday, June 28th, 2018, as he presents Securing Database Servers From External attacks at 7:00 AM PDT (UTC-7) / 10:00 AM EDT (UTC-4).

Register Now

 

A critical piece of your infrastructure is the database tier, yet people don’t pay enough attention to it judging by how many are bitten via poorly chosen defaults, or just a lack understanding of running a secure database tier. In this talk, I’ll focus on MySQL/MariaDB, PostgreSQL, and MongoDB, and cover external authentication, auditing, encryption, SSL, firewalls, replication, and more gems from over a decade of consulting in this space from Percona’s 4,000+ …

[Read more]
MySQL Security – MySQL Enterprise Firewall

In this seventh episode of the MySQL Security series, we will see how MySQL Enterprise Firewall can help you to strengthen the protection of your data, in real-time, against cyber security threats like SQL Injection attacks by monitoring, alerting, and blocking unauthorized database activity without any changes to your applications.

ProxySQL Firewalling

In this blog post, we’ll look at ProxySQL firewalling (how to use ProxySQL as a firewall).

Not long ago we had an internal discussion about security, and how to enforce a stricter set of rules to prevent malicious acts and block other undesired queries. ProxySQL came up as a possible tool that could help us in achieving what we were looking for. Last year I wrote about how to use ProxySQL to stop a single query.

That approach may be good for few queries and as a temporary solution. But what can we do when we really want to use ProxySQL as an SQL-based firewall? And more importantly, how to do it right?

First of all, let us define what “right” can be in this context. …

[Read more]
Asterisk attack

There was a lot of talk about this being the next menace after email spam. I’m not actually sure what it’s called for VoIP systems, but my Asterisk setup has started to be attacked over the last few days. Lots of entries like: [Aug 27 19:20:30] NOTICE[18826] chan_sip.c: Registration from '"742"<sip:742@a.b.c.d>' failed for '208.109.86.187' - [...]

A parallel universe

What happens when you mention Open Office and Firewall in once sentence, in public ?

People start actually building it (French Article)

Then add to that list that there's also people out there that think that running MySQL over NFS is providing them High Availability, or that using DNS Round Robin will provide them a scalable setup,

So yes .. apparently there is indeed a parallel universe out there.

And no .. I don't want to see Webmin in any Appliance .. that is a joke..., or rather a rant ..

Technorati Tags: firewall

[Read more]
FuseGuard Released - Protects your ColdFusion Apps

I am happy to announce today the release of FuseGuard Web Application Firewall for ColdFusion!

FuseGuard 2.0 is the new name for Foundeo Web Application Firewall, but we did a bit more than just change the name!

The biggest new features added to version 2 are the Web Based manager, and the database logger. The web manager main function is to provide reporting for the attacks against your server, but it also allows you to view configuration, and manage users.

Here are some screen shots:

   

    …

[Read more]
Showing entries 1 to 8