Download The Complete Guide to Securing Amazon RDS

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
Document related concepts

SQL wikipedia , lookup

Serializability wikipedia , lookup

Entity–attribute–value model wikipedia , lookup

Microsoft SQL Server wikipedia , lookup

Extensible Storage Engine wikipedia , lookup

Microsoft Access wikipedia , lookup

Oracle Database wikipedia , lookup

Ingres (database) wikipedia , lookup

Open Database Connectivity wikipedia , lookup

IMDb wikipedia , lookup

Concurrency control wikipedia , lookup

Functional Database Model wikipedia , lookup

Relational model wikipedia , lookup

Database wikipedia , lookup

Microsoft Jet Database Engine wikipedia , lookup

Database model wikipedia , lookup

Clusterpoint wikipedia , lookup

ContactPoint wikipedia , lookup

Transcript 
The Complete Guide to Securing Amazon RDS Databases | HexaTier
The Complete Guide to Securing
Amazon RDS
© All rights reserved to HexaTier
1
Table of Contents
Background ........................................................................................................................................ 3
Introducing HexaTier.......................................................................................................................... 3
AWS Shared Security Responsibility Model ........................................................................................ 4
Amazon RDS Security.......................................................................................................................... 4
The Network Level ......................................................................................................................................5
The User Level ............................................................................................................................................5
The Database Level.....................................................................................................................................5
The Database Firewall ....................................................................................................................... 6
Network Isolation .......................................................................................................................................7
Monitoring ..................................................................................................................................................7
Auditing ......................................................................................................................................................8
Database Activity Monitoring .....................................................................................................................8
Sensitive Data Discovery .................................................................................................................... 9
Data Encryption ............................................................................................................................... 10
In-Transit Encryption ................................................................................................................................10
At-Rest Encryption ....................................................................................................................................11
Dynamic Data Masking .................................................................................................................... 11
Database Authentication ................................................................................................................. 13
Access Management.................................................................................................................................13
SQL Injection Attacks ....................................................................................................................... 14
Database Compliance Reports ......................................................................................................... 16
Role Management ....................................................................................................................................16
Tracking at the RDS API Level ...................................................................................................................17
Tracking Changes at the Database Level ..................................................................................................17
The Complete Guide to Securing Amazon RDS Databases | HexaTier
Background
As more companies use Amazon Web Services (AWS), it the organization's responsibility to
make sure they are keeping their sensitive data as secure as possible. According to the AWS
shared security responsibility model, “While AWS manages the security of the cloud
security in the cloud is the responsibility of the customer.” This dictates which security controls
are AWS’ responsibility and which are the customers.
Large public data breaches are usually a result of inadequate security measures at the customer
level. Organizations must understand the shared responsibility portion of working with AWS and
what it requires. An organization's data is only as secure as it makes it. Even if the public cloud
being used is secure, data may be exposed or risk to other internal or external attacks.
Organizations need to plan and secure their data to prevent security problems. This includes
considering hiring a third-party security solution to flush out the problem areas.
In this paper, we will discuss in detail the security controls that AWS offers as part of their
shared security responsibility model on Amazon RDS. In addition, we will explain how
HexaTier’s unified database security and compliance solution provides the perfect match for
ensuring that security in the cloud is covered, helping you protect the database and meet more
stringent compliance requirements.
Introducing HexaTier
HexaTier provides a unified database security and compliance solution for databases running on
Amazon Web Services (AWS) RDS and EC2. With a software-based approach, HexaTier offers a scalable
and agile solution that is easy to install, operate and maintain. Providing stronger security on and off
the cloud in a single solution with four key features of database security, discovery of sensitive data,
database activity monitoring and dynamic data masking.
Screenshot 1: HexaTier’s unified database security and compliance solution. Compatible for protecting AWS EC2 and RDS databases.
© All rights reserved to HexaTier
3
The Complete Guide to Securing Amazon RDS Databases | HexaTier
AWS Shared Security Responsibility Model
AWS secures the underlying infrastructure, while the customer is responsible for securing the
operating systems (OS), platforms and data. It is up to the customer to secure their passwords
and the administrative access assignments.
When referring to AWS’ managed services like Amazon’s Relational Database Service (Amazon
RDS). The shared security model falls under what they call, container services. In this model, AWS
is responsible for handling basic security tasks like the guest OS, AWS infrastructure, as well as
the AWS foundation services, security patching, firewall configuration and disaster recovery.
Figure 1: AWS Shared Security Responsibility Model
Amazon RDS Security
Data integrity, privacy, and security are of utmost importance to every large organization. So
how do you prevent others from accessing data in an unauthorized manner?
With managed services like Amazon RDS, you need to protect your AWS account credentials
with Amazon Identity and Access Management (IAM) so that you can implement segregation of
duties. Organizations should also use multi-factor authentication (MFA), requiring the use of
SSL/TLS to communicate with your AWS resources, and set up API/user activity logging with
AWS CloudTrail.
Amazon RDS has implemented multiple features that can improve the reliability and availability
of production databases, such as database security groups, permissions, SSL connections,
automated backups, database snapshots, and multi-AZ deployments. What’s more, users can
configure RDS inside VPC private subnets for increased security and data isolation.
For starters, when you create a database instance within Amazon RDS you need to ensure
that you can control the access to it.
© All rights reserved to HexaTier
4
The Complete Guide to Securing Amazon RDS Databases | HexaTier
Screenshot 2: Amazon’s RDS dashboard –The launch of database instance configuration and security and network details.
AWS provides a number of security levels - from the network and user level to the database
itself.
The Network Level
Amazon RDS is supported by AWS security groups to prevent any unauthorized connections
based on IP address ranges, or EC2 security groups, within the same and different AWS
accounts. The Amazon RDS account owner can configure requests from specific IP addresses
or security groups that are allowed access to the database. This feature has been explained in
detail under the Database Firewall’s network isolation, yet it still leaves a lot to be desired for
various situations, such as:
1. Someone gaining access to a computer within an IP range
2. Someone accidentally deleting data
The User Level
AWS provides the IAM service, which enables to securely control the Amazon RDS operations
and resources (i.e. security groups, database, and configuration parameters) based on user
defined policies. IAM allows to configure different policies, templates, users, and groups for
access management and allows you to enable multi-factor authentication (MFA) supported by
RDS. This ensures an added layer of security for authorization.
The Database Level
In databases, access to different kinds of operations and tables should be managed by
database master users. These users have associated usernames inside the database, which
are only allowed access to certain tables and database objects that are necessary to perform
respective duties. Creating an RDS by default creates an Amazon RDS database, along with one
master user and password. However, you can use database specific tools to create more
users/elements required for your application.
© All rights reserved to HexaTier
5
The Complete Guide to Securing Amazon RDS Databases | HexaTier
The database administrator can also enable a sole SSL connection from inside the database.
Connection and data encryption will be discussed in detail in the Database Encryption section.
The Database Firewall
Database firewalls are installed on servers that host the database in order to monitor and
audit activities and prevent unauthorized activities at the OS and database levels. The firewall
is preconfigured with common attack signatures for preventing attacks, or to alert the
database administrator/owner of an attack. It also acts as an isolating agent as it blocks off the
database from unwanted/unauthorized incoming connections.
Since Amazon RDS is a managed database service, meaning there is no physical access to the
machines or the database. Therefore, it is recommended to install a third party firewall solution
on a separate virtual machine for monitoring and blocking all SQL attacks targeting the RDS
instance.
HexaTier’s Database Security feature includes the implementation of database firewall, SQL
injection prevention, segregation of duties, and database access control tools. In effect, it
helps mitigates attacks against the database by utilizing the reverse proxy technology.
Ensuring that there is no unauthorized communication with the database server.
Furthermore, it offers enhanced SQL injection detection and prevention features and
provides database control access to selected administrative levels. Delivering a complete
solution for monitoring and controlling the flow of information.
Using HexaTier’s Database Firewall – “Protected Database”, administrators can define
granular permissions based on any combination of database user or Active Directory
Users/Groups, IP address, the client application and time of day. The database firewall
prevents information theft and enables compliance with regulations such as PCI, SOX and
HIPAA and others.
The policy can be enforced on an instance, database, table, or even by a specific query or
stored procedure. Direct access to the database system is prevented by HexaTier, stopping
any attack which attempts to exploit vulnerabilities in the operating system and third-party
applications. Problematic or suspicious requests are prevented from reaching the database.
© All rights reserved to HexaTier
6
The Complete Guide to Securing Amazon RDS Databases | HexaTier
Screenshot 3: HexaTier’s Protected Database Server feature uses a patented reverse proxy architecture for setting up
databases and proxies.
Network Isolation
For additional network access control, on the Amazon RDS control dashboard, there is a
security group link on the left-hand side. This helps to manage two different access types to
the database:
CIDR/IP Access: The database is accessible from an IP Address or the IP Address range is given
in the security group.
However, this doesn’t work well with cloud infrastructures because of the following reasons:
1. The dynamic IP address allocation to servers in the cloud.
2. A shared physical host, which gives access to other unwanted applications on the host.
EC2 Security Group: This option allows your database to become accessible to EC2 instances,
which are part of the security group. This partially solves the limitation that was previously
mentioned, but there is still the problem of integrating with other cloud infrastructures or
service providers, like Heroku, etc.
Moreover, you can also use Amazon Virtual Private Cloud (VPC) for additional network access
control. A VPC can be created to isolate an infrastructure that consists of databases from direct
access to the internet and acts as an organization level firewall. Create an RDS instance in a
private subnet along with a virtual private gateway to extend your organization’s network to
the cloud. The VPC security group and ACL should also help to control the inbound and
outbound traffic.
Monitoring
Amazon CloudWatch provides monitoring functionality for monitoring operational and
performance metrics for all AWS services. It is useful in some cases, like DDOS attacks, or other
cases when there is a sudden surge in your database usage. You can also enable notifications
for RDS Events that belong to the following source types:
© All rights reserved to HexaTier
7
The Complete Guide to Securing Amazon RDS Databases | HexaTier
 Database Instances
 Database Snapshots
 Database Security Groups
 Database Parameter Groups
Many event categories are available in the source types mentioned above. As a user, you can
subscribe to different source categories to receive notifications of relevant events. These
functionalities are available through the command line interface (CLI), so users can create
custom scripts for taking automated actions on notifications. It is recommended that users
also set up CloudWatch alarms to get notifications for any performance changes in the
database.
Auditing
Amazon CloudTrail enables an auditing functionality for all AWS services. This is done by
enabling users to get their API call history and related events for their AWS accounts. The
image below gives a comprehensive understanding of how the CloudTrail service works inside
AWS.
CloudTrail provides us with the following functionalities that are required to comply with most
regulations and laws:
Controlled Access to Log Files: Users can leverage the IAM service and S3 bucket policies to
manage and control access to logs files.
Alerts for Log File Creation and Misconfiguration: Users can leverage the SNS service for
real-time notifications regarding the creation of new logs or misconfiguration of logs which
may result in improper logging.
Manage Changes to AWS Resource and Log Files: CloudTrail produces log data on system
change events to enable monitoring of events and for an effective post-mortem of any
operational issue.
Log File Storage: Log files can be stored for any period of time in compliance with a user’s IT
policy. Additional cost savings can be performed by moving logs to cold storage archives, like
Amazon Glacier.
Generate Customized Reports for Log Data: CloudTrail generates custom logs with over 25
different fields for further analysis. Users can also use database logs that are available via RDS
APIs or the RDS console. Logs can be used for diagnosing, troubleshooting, and fixing database
configuration and performance issues.
Database Activity Monitoring
Database Activity Monitoring consists of auditing, analyzing and monitoring database access
and activities to prevent unauthorized access or loss of data integrity. Database activity
monitoring is independent of the actual database and doesn’t rely on the database for auditing
or logs. Installation of database activity monitoring software on Amazon RDS instances is not
possible because users don’t have access to underlying EC2 instances. To perform this activity,
© All rights reserved to HexaTier
8
The Complete Guide to Securing Amazon RDS Databases | HexaTier
you may need third party applications, such as HexaTier.
With HexaTier’s reverse proxy technology each and every query is inspected and
audited, every administrative access and/or access up to a column level are recorded
according to the policy. It also alerts on unauthorized activities. A complete audit of all
sensitive tables, including a "before and after" view of all changes made to the table or
column, and an indication as to who made them is provided by the Advanced Activity
Monitoring option.
This ensures that companies comply with key industry and government regulations, such
as SOX, HIPAA, PCI DSS, and others. HexaTier's activity monitoring policy is granular,
allowing the setting of activity monitoring rules at the column level. Activity monitoring is
also sometimes referred to as auditing.
Screenshot 4: HexaTier’s dashboard shows granular monitoring of rules up to the column level.
Sensitive Data Discovery
It is important that sensitive data is managed properly. Companies and organizations should
know where their sensitive data is and control how it is stored. Although, the AWS
cloud
infrastructure is designed to meet these requirements as it is compliant with regulations, such
as PCI-DSS, HIPAA, SOC1, 2, 3, etc. On the AWS customer’s side, a proactive approach is required.
Primarily, it is recommended that organizations regularly run software scans on their
databases to automatically identify sensitive fields, enabling a one-click activation for auditing
and data-masking features in those fields. Once sensitive data is identified, you must decide
whether to leave it in its secured location, move it, or delete it. Also, it is important to
continuously and automatically run discovery tools to maintain control of the sensitive
regulated data fields (i.e. SSN, credit card numbers, e-mails, passwords) based on regulations.
HexaTier’s discovery of sensitive data feature is the perfect fit for this situation. The
© All rights reserved to HexaTier
9
The Complete Guide to Securing Amazon RDS Databases | HexaTier
technology randomly scans a thousand rows from a database and analyzes the schema
structure as well as the raw data retrieved (however, the data retrieved is not stored
anywhere). The key purpose of this scan is to quickly determine which location is considered
"sensitive". In addition, it is possible for IT and security teams to generate all the auditing
and masking rules manually. Scanning can be performed in accordance with regulatory
requirements and analyzed in compliance with SOX, HIPAA, PCI DSS, etc. Furthermore,
specific customized sensitive definitions can be added by writing regular expressions.
Scheduled scans of the content can be implemented according to date (once a day, once a
week or once a month) or upon any schema change and any database changes that are
detected will automate a scan.
Screenshot 5: Demonstrates HexaTier’s discovery of sensitive data feature set in compliance with database regulatory requirements.
Data Encryption
Data encryption is of utmost importance in the cloud. To maintain privacy and security of user
data being exposed to malicious attacks, you should encrypt all data, whether it be in-transit or
at-rest.
In-Transit Encryption
To access AWS, users should always use secure HTTP (HTTPS) connections. All AWS services,
including RDS, provide support for HTTPS connections. Users can also disable unsecured
connections to their databases from inside the database. This functionality is supported in the
following databases:

MySQL: Users can only restrict connections to SSL from the MySQL console.

SQL Server: SQL Servers support SSL connections in all AWS regions.

PostgreSQL: PostgreSQL also supports SSL connections in all regions.
© All rights reserved to HexaTier
10
The Complete Guide to Securing Amazon RDS Databases | HexaTier

Oracle: Oracle RDS uses Oracle native network encryption. Users add native network options to
their relevant database option’s group to enable this feature.
SSL is used to encrypt data while in transit, however, it is not used for database authentication.
SSL connections do have an added cost when encrypting and decrypting data, which is
increased latency within all operations.
At-Rest Encryption
A Transparent Data Encryption (TDE) facility is available on Amazon RDS for the following
database engines:
Oracle: The Oracle Advanced Security option can be leveraged for the TDE and Native Network
Encryption features. In TDE, data is encrypted before it is written to the database and
decrypted just before it is returned.
SQL Server: The SQL Server supports TDE for encrypting data-at-rest. This feature is available
at no extra cost apart from what you pay for the MS SQL Server on Amazon RDS.
The encryption module creates data and encryption keys to encrypt the database. The
encryption keys are encrypted, as well, by a periodically rotated 256-bit AES master key. This
master key is unique to RDS and is stored separately under AWS’ control.
Apart from Transparent Data Encryption, there is no way to support encryption-at-rest other
than encrypting data at the application level before writing data to the database. Users can
selectively encrypt database fields using any standard encryption library (i.e. OpenSSL, Bouncy
Castle). This kind of encryption disables range query on selected fields.
Dynamic Data Masking
Dynamic data masking means to make data selectively available based on a user’s
authorization level, along with the level of confidentiality of data that is being displayed. In case
users are not authorized to see data, we can mask data using random characters or data. We
may use other techniques like obfuscation and scrambling of sensitive information to prevent
unauthorized access to data.
Typically, dynamic data masking is not supported at the database level since it is used to
prevent unauthorized usage based on user/application authorization.
Dynamic data masking techniques include:
 Substitution
 Shuffling
 Number and date variance
 Encryption
 Nulling out or deletion
 Masking out
With HexaTier’s dynamic data masking developers, testers, and administrators can access
production and non-production databases, without being exposed to sensitive data. The
© All rights reserved to HexaTier
11
The Complete Guide to Securing Amazon RDS Databases | HexaTier
dynamic data masking feature is performed at runtime, dynamically, and in real-time so
there is no need for a second data source. Enabling organizations to mask or randomize any
sensitive information such as Personally Identifiable Information (PII) accessed from
application screens, reports, development and DBA tools, by dynamically masking
information based on masking policies. No changes at the database or application layer are
required.
Dynamic Data Masking works in two ways:
1. Request Based Masking: The query is received from the application and is rewritten with
masking actions before forwarded to the database in real time. As the database receives the
query it includes masking actions that the database is required to perform.
2. Response Based Masking: With the use of the reverse proxy, a request is sent to the
database as is and the data is received and masked in real time by HexaTier.
Figure 2: Shows how HexaTier's Dynamic Data Masking feature works.
© All rights reserved to HexaTier
12
The Complete Guide to Securing Amazon RDS Databases | HexaTier
Screenshot 6: Dynamically masking sensitive data with HexaTier
Database Authentication
Database authentication is the act of authenticating users that are trying to access the
database. This ensures that the user can only perform actions that he or she is authorized to
do. We will discuss two parts to authentication below:
Access Management
Database access management can be performed at the network level using a firewall, access
to the database at the user level, and in-database access management. Inside database access
management is the most important part of database authentication. This feature relies on the
underlying database engine and its capabilities to manage access to different database
objects. This feature of Amazon RDS has been discussed in detail under Database Access
Management. The AWS account owner can also create users and set policies using Amazon
IAM to provide users with varied access like to modify the configuration, backup,
launch/terminate database instances and so on.
HexaTier offers enterprises the option to move to DBaaS while maintaining their organizational
policies. With the Database Authentication Proxy feature, users can configure the database
© All rights reserved to HexaTier
13
The Complete Guide to Securing Amazon RDS Databases | HexaTier
instance (DBaaS or out of your AD network) with a simple static and secure username and
password, while HexaTier confirms the identity of any user trying to log on to the organizations
AD/LDAP.
When using HexaTier’s patented Database Reverse Proxy technology, a transparent Database
Authentication Proxy layer is created to authenticate domain users with the local AD/LDAP. This
creates a (transparent) connection and uses the provided username and password to connect to
the external database.
Figure 3 shows how HexaTier’s Database Reverse Proxy system authenticates the Domain Users via the local Active
Directory/LDAP, and transparently creates a connection with cloud-hosted or DBaaS platforms using a static username
and password.
SQL Injection Attacks
SQL injections are the insertion of unwanted code by malicious parties in an application’s SQL
statement. They are used to leak or compromise data that is stored in SQL databases. These
kinds of attacks constitute a major portion of database attacks.
Since Amazon RDS is a managed database service, SQL Injection prevention falls under the
responsibility of the end user. The list below outlines several steps that need to be taken in
order to avoid SQL injection.
Secure Access: Use proper authentication and authorization to access RDS databases.
Application Level: Use prepared statements with databases instead of normal queries.
Access Management: Access management related audits are published in Amazon S3 using
Amazon CloudTrails. Looking at Amazon IAM, one can do audits related to access granted to
individuals.
© All rights reserved to HexaTier
14
The Complete Guide to Securing Amazon RDS Databases | HexaTier
Data Encryption (At-Rest and In-Transit): Only the intended audience should read data.
Users need to encrypt data at all times (i.e. at-rest or in-transit) in order to ensure that no one,
apart from the intended audience, reads the unencrypted data.
Auditing: Auditing of all different kinds of events is done by Amazon CloudTrails. These logs
are saved securely in Amazon S3.
Back Up: An automatic backup facility is available for general use without extra charge in
Amazon RDS. Back-ups are saved in Amazon S3 for a user-defined retention period of up to 35
days. A user-initiated backup facility, or snapshot facility, is also available, which can be
leveraged to maintain a highly available cross-region system.
Disaster Recovery: In the worst-case scenario of disaster, the data back-ups stored in Amazon
S3 can be used for disaster recovery. Amazon S3 is a highly available system that maintains
replicas on multiple devices and in multiple facilities across the Amazon S3 region.
Third Party Tools: We can use popular tools such as HexaTier to avoid SQL injection.
Amazon CloudTrail logs can be used to generate customized reports. This task can be
automated using Amazon OpsWorks.
For additional protection, HexaTier’s reverse proxy filters all traffic in and out of the database.
This enables the identification and prevention of malicious attacks. Therefore, suspicious or
dangerous queries never reach the database. Moreover, the SQL Injection Prevention
hubristic mechanism searches for suspicious combinations of abnormal characters that
appear within the query. This mechanism ranks in the risk level of the query, and if the risk is
higher than the predefined threshold, it will automatically be blocked and quarantined for the
specific query and not the entire connection.
Screenshot 7: HexaTier’s dashboard shows a detailed "intrusion log" and date, action, risk result, rule id, and query pattern, etc.
© All rights reserved to HexaTier
15
The Complete Guide to Securing Amazon RDS Databases | HexaTier
Database Compliance Reports
Regulations like HIPAA, PCI-DSS, and other laws require parties collecting sensitive information
to perform audits and generate compliance reports for data access over a period of time. Since
AWS is a public cloud provider, it is very important that it enforces all mandatory checks and
controls to meet the data security and compliance of all clients. It should not only protect the
secure data but create a system to avoid any kind of unauthorized access, data leaks, and
data disruption or destruction.
According to AWS compliance, it provides assurance related to the underlying AWS
infrastructure while the AWS customer is responsible for the compliance initiatives related to
anything placed on the infrastructure. The AWS cloud infrastructure has been designed and
managed in alignment with regulations, standards, and best-practices.
Role Management
Every user has his or her database username that is used to log into the system. This
username is associated with a role inside the database which details its respective rights. A
user is allowed to perform any of the operations in the database that are permitted within the
limitations of his or her rights.
When generating a new EC2 instance in the database, a master user is created for database
access and role management. This database user has all of the rights required for database
administration and can create other users for access and role management.

HIPAA

SOC 1/SSAE 16/ISAE 3402 (formerly SAS70)

SOC 2

SOC 3

PCI DSS Level 1

ISO 27001

FedRAMP(SM)

DIACAP and FISMA

ITAR

FIPS 140-2

CSA

MPAA

Compliance Reports
Amazon RDS is compliant with PCI-DSS-LEVEL-1, SOC, as well ISO 27001 certified. An
organization can request the reports and certifications that are produced by AWS third-party
auditors who attest to the design and operating effectiveness of the AWS environment.
In addition, organizations will need to provide a periodic report of their database
administrators and their respective privileges, password rotation and policies, access, and
actions taken.
© All rights reserved to HexaTier
16
The Complete Guide to Securing Amazon RDS Databases | HexaTier
Tracking at the RDS API Level
AWS provides CloudTrail as a complimentary service for tracking all kinds of user access and
activities performed through RDS APIs. These logs are saved in pre-configured S3 buckets,
which again can be protected at 2 levels: the IAM and S3 bucket level. These logs come in the
form of JSON with over 25 fields that provide every relevant detail about the logged activity.
Users can further utilize these logs for generating customized compliance reports by writing
scripts to parse or filter the logs.
Tracking Changes at the Database Level
AWS CloudTrail logs events for Amazon RDS API calls only. If an organization wants to audit
actions taken on the database which is not part of the Amazon RDS API, such as users
connecting to a database, or changes within the database schema, the organization needs to
use the monitoring capability of the database engine. The organization can use the log file
generated by each database engine to get information about changes made to the database
(i.e. if the organization is using MySQL, they can use the MySQL general query log to get user
connection and statements received from clients or use Binary Log to get the statements that
changed the data).
To help organizations meet more stringent compliance requirements for anything placed on
the infrastructure. HexaTier offers Database Activity Monitoring – as mentioned above as well
as generates compliance reports that presents information to database users with
administrative privileges about users who did not update their passwords for "x" days, users
who have not accessed the database for "x" days, recent administrator actions, and reports of
any time a user's privileges were modified. These reports provide a list of security threats plus
insight into all database activity and can also be customized.
Screenshot 8: HexaTier’s dashboard showing detailed compliance reports with a list of all the database security threats and activity.
© All rights reserved to HexaTier
17
The Complete Guide to Securing Amazon RDS Databases | HexaTier
Contact us at: [email protected]
Headquarters
U.S. Offices (West Coast)
U.S. Offices (East Coast)
HexaTier Ltd.
HexaTier Inc.
HexaTier Inc.
21 BarCochva,
9891 Irvine Center Drive,
745 Atlantic Ave,
BneiBerak, 5126018 Israel
Suite 200 Irvine, California, 92618 United
Boston, MA 02111 United States
Phone: +972-3-688-8090
States
Phone: +1 617-459-4607
Phone: +1-949-398-8242
Toll - Free: (800) 617-0276
© All rights reserved to HexaTier
18
Related documents
Vocabulary Quiz-Thursday
Vocabulary Quiz-Thursday
Document
Document
World Geography Chapter 12 Study Question Answers
World Geography Chapter 12 Study Question Answers
Mid-term Presentation
Mid-term Presentation
MySQL on Amazon RDS - Calgary Oracle Users Group
MySQL on Amazon RDS - Calgary Oracle Users Group
Unit 7 The Americas TechBook /112 Directions
Unit 7 The Americas TechBook /112 Directions
Los Angeles Phenology (LAP)
Los Angeles Phenology (LAP)
Schwab PowerPoint template
Schwab PowerPoint template
The Five Themes of Geography Reading
The Five Themes of Geography Reading
Machine Learning
Machine Learning
AWS presentation_20160822
AWS presentation_20160822
CIS4930/6930 – Data Science: Large
CIS4930/6930 – Data Science: Large
US Air Force
US Air Force