-
Notifications
You must be signed in to change notification settings - Fork 252
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docs/poc/securityhub #6084
base: develop
Are you sure you want to change the base?
Docs/poc/securityhub #6084
Conversation
Signed-off-by: Dj Walker-Morgan <[email protected]>
Signed-off-by: Dj Walker-Morgan <[email protected]>
Signed-off-by: Dj Walker-Morgan <[email protected]>
Signed-off-by: Dj Walker-Morgan <[email protected]>
Signed-off-by: Dj Walker-Morgan <[email protected]>
Signed-off-by: Dj Walker-Morgan <[email protected]>
e1456ea
to
1251bf4
Compare
Use the following advanced strategies to secure PostgreSQL in high-stakes environments. | ||
|
||
## Security Technical Implementation Guides (STIGs) | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't this give an indication as to where to find Stigs? And note there's Stigs for Postgresql and for EDB Postgres Advanced Server (at least)
|
||
TDE encrypts the entire database at the file level. While not natively supported in PostgreSQL, tools like pgcrypto and external software can implement TDE. | ||
|
||
- **Use pgTDE.** You can use the pgTDE extension to encrypt entire databases or specific tablespaces. Data is encrypted transparently as it's written to disk. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's pgTDE? It sounds like a predecessor of the TDE extensions in PGE and EPAS? pg_tde is an experimental percona extension while pgtde seems to be a VMware propietary extension. pgcrypto is not TDE though, it's column level encryption.
TDE transparently encrypts the entire database at the file level. While not natively supported in PostgreSQL, EDB Postgres Extended Server and EDB Postgres Advanced Server both support TDE. For PostgreSQL itself, extensions are available which can implement TDE.
Signed-off-by: Dj Walker-Morgan <[email protected]>
Signed-off-by: Dj Walker-Morgan [email protected]
What Changed?
POC for new Security Hub to enable future security content cross cutting and integration with formal security offerings.