PostgreSQL Security: Defending Against External Attacks | Citus Con: An Event for Postgres 2023

Video of a conference talk about the ways external attackers can target PostgreSQL deployments and how to defend against these security threats, delivered at Citus Con: An Event for Postgres 2023 by Taras Kloba. This talk covers authentication security, protecting queries and data from network snooping, and preventing session interception—as well as best practices for securing backups and preventing server theft. Provides practical tips and techniques for ensuring the security of your PostgreSQL deployment and protecting against external attacks. This talk will give you a deeper understanding of the vulnerabilities that can affect PostgreSQL and how to mitigate them.

Taras Kloba has more than 12 years of technical experience in the IT sector in banking, online advertising, and gambling—helping organizations to make effective business decisions based on ever-growing data. Taras is a founder of the PostgreSQL Ukraine community and also drives the Big Data Community Ukraine meetings. He was nominated Best Software Architect of Ukraine in 2019 by Ukrainian IT Awards and is a Microsoft Certified Trainer 2022-2023.

► Video bookmarks:
⏩ 00:00 Introduction
⏩ 01:45 How to identify Publicly available PostgreSQL deployments
⏩ 04:11 Penetration testing using Hydra
⏩ 07:37 Common vulnerabilities
⏩ 09:41 DOS attack
⏩ 13:14 “Trust” authentication in pg_hba.conf
⏩ 16:58 Enforcing SSL connections
⏩ 19:05 Using certificates
⏩ 21:05 SCRAM-SHA-256 for password security
⏩ 26:27 Data protection
⏩ 28:05 Transparent data encryption

✅ Learn more:
Watch more Citus Con 2023 talks: https://aka.ms/cituscon-playlist

📕 Everything you need to know about Citus Con: An Event for Postgres can be found at: https://aka.ms/cituscon

📌 Let’s connect:  
Twitter – @CitusCon,   / cituscon  

#CitusCon #PostgreSQL #Database