By Server General
MySQL And COTS OS – A Dangerous Mix
Commercial off-the-shelf (COTS) operating systems, which are used by most cloud providers to offer virtual servers or containers to their customers, pose their own set of challenges. Operating systems, meaning not only the kernel, but also all the associated libraries, services, and so on, are designed to cater to the widest possible range of applications and users. In order to appeal to the less-sophisticated users, they ship with most services enabled, and security options turned off by default. Then there is code that is normally loaded that offers no benefit to the main application running on the machine. As with extraneous applications, the existence of more OS services than necessary increases exposure of the system. Managing and securing all operating system components is a daunting task, and the necessary skills are generally beyond what is available in a small enterprise IT department.
On top of an insecure server we add applications that consist of a complex set of components developed by many programmers over many years. Applications such as MySQL or MongoDB or PostgreSQL have evolved not only because of customer requests, but also because newer processor technology has made it possible to add complex functionality. Complexity is always at odds with security and large applications are no exception. Moreover, it is only recently that application designers have started paying attention to defensive, security aware programming, and it will be years before security bugs stop emerging. Simply adding cryptography, even if feasible, does not solve the problem of application insecurity.
The application must have access to the unencrypted data in order to process it, and therefore any application vulnerabilities may lead to data disclosure. Moreover, other applications that may be running on the same machine (for example, the mail server, system servers, and so on) need not and should not have access to the data that the database server is managing. Such fine-grained access control is not usually available from the underlying operating system.
On top of all this general-purpose COTS operating systems, just like every large system, are in frequent need of updates and patches as problems are discovered and fixed. Occasionally, such fixes may break existing applications (for example, when Application Programming Interfaces (APIs) change to accommodate security fixes, or when the application developers had used undocumented features that no longer work). Frequently, patches may be completely irrelevant to applications and environment that a particular machine is running, but IT staff may not know what is important and what is not, and they may want to err on the side of caution. Conversely, because there is always the fear that a patch may break an existing application, machines are frequently left unpatched, inviting disaster. It is thus important to avoid using a server running a general-purpose COTS operating system for your mission critical applications if other options are available. This is precisely why we offer dedicated virtual appliances that are designed to run a single mission-critical application in a secure manner. These appliances are designed to anticipate problems discussed above and still prevent a successful attack.
To mitigate the above mentioned issues we deliver a complete bundle that consists of a secure operating environment along with a MySQL server plus our security software. Thus there is no need to install software or harden the system, it’s all done in advance by our security experts. This approach eliminates complexities and costs associated with software installation, integration, operating system hardening, patching and looking for point solutions for encrypting data and managing keys.
SG-TDE-MySQL is a secure and CIS Benchmarck compliant MySQL server that makes it easy to secure sensitive information on Google Cloud platform. The solution includes a chiseled down OS that is necessary to run only the MySQL server plus a full featured security package that includes transparent data encryption, key management and protection against a malicious “root” user. To avoid log tampering we store the logging information related to the SG-TDE-MySQL operations at four different locations, three of these locations are outside of the administrative domain of our customer.
It usually takes less than 5 minutes to install our solution. Our solution allows our customers to take concrete step towards achieving regulatory compliance with HIPAA/HITECH, FISMA, GLBA, SOX, FERPA, EU Privacy Law and the PCI DSS mandates.