PGCon2018 - 2.5

PGCon 2018
The PostgreSQL Conference

Speakers
Joe Conway
Schedule
Day Talks - Day 2: Friday - 2018-06-01
Room DMS 1110
Start time 13:00
Duration 00:45
Info
ID 1172
Event type Lecture
Track DBA
Language used for presentation English

Securing PostgreSQL

Exploring PostgreSQL Features, Extensions, and Guides

There are many aspects and considerations when securing PostgreSQL. This talk will cover some examples of the dangers associated with typical default installations, along with built-in features and extensions available to mitigate them. It will cover an overview of security features related to PostgreSQL and available extensions, and focus on the recently published PostgreSQL security guidelines: the DISA STIG and the Center for Internet Security Benchmark.

There are many aspects and considerations when securing PostgreSQL. This talk will cover some examples of the dangers associated with typical default installations, along with built-in features and extensions available to mitigate them. It will cover an overview of security features related to PostgreSQL and available extensions, and focus on the recently published PostgreSQL security guidelines: the DISA STIG and the Center for Internet Security Benchmark. Specifically, we will cover:

A. PostgreSQL and Ecosystem: Security Features

1. International Certifications
2. Security Features
    i. Perimeter
    ii. Internal
    iii. Chronological

B. Security Guidelines

1. Security Technical Implementation Guide (STIG)
    i. Overview
    ii. PostgreSQL STIG
    iii. Example Control
2. CIS Benchmark
    i. Overview
    ii. PostgreSQL Benchmark
    iii. Example

C. Settings

1. postgresql.conf
2. pg_hba.conf rules

The audience is anyone interested in security within a relational database.

Learning Objectives:

* Identify security considerations when deploying PostgreSQL.
* Understand the features available in PostgreSQL and/or closely related open source technologies which address the identified security considerations.
* How security guides are utilized to provide significantly enhanced security in PostgreSQL.