Network listening is the best way to audit database security (1)

As one of the three basic software, database systems were not generated at the same time when computers were born. With the development of information technology, traditional file systems cannot meet people's needs. In 1961, GE has successfully developed the world's first database system (IDS), laying the foundation for databases. After decades of development and practical application, the technology is becoming more and more mature and perfect, representative products include Oracle, IBM DB2, Microsoft MS-SQL Server and so on.

Today, database systems have been widely used in enterprise management and other fields, such as ERP systems, billing systems, and sub-systems. As the core of the application system, the database system carries the key data of enterprise operations and is one of the core IT assets of enterprises.

Therefore, for a long time, while ensuring business continuity and performance, ensuring database security to the maximum extent has always been the security goal pursued by database administrators and security management personnel.

Database security risks are mostly internal violations.

Database security involves intrusion prevention, account management, access control, security audit, anti-virus, assessment and reinforcement, etc, common security products, such as UTM, intrusion detection, and vulnerability scanning, play an important role in ensuring the normal operation of database systems. However, through the handling and analysis of many security incidents, the investigators found that violations caused by internal personnel of the enterprise accounted for a large proportion.

The main reason is that these violations are different from traditional attacks, and internal violations cannot be analyzed using attack mechanisms and vulnerability mechanisms, this makes those products that resist external intrusion useless. Therefore, to prevent internal violations, we need to build an internal audit system to analyze operational behaviors to timely respond to and trace violations.

According to the Verizon 2009 survey report (based on the analysis of 0.2 billion million cumulative destructive behavior data), data destruction 1 shows:

Figure 1 Verizon data destruction Survey

As shown in figure 1, we can see that the attempts to corrupt the database system account for the highest proportion, around 75%. Why?

The main reason is that, on the one hand, database systems often carry key business data, which involves all aspects of enterprise information and has important political and economic values; on the other hand, because the database system is usually complex and has high requirements on continuity and stability, security management personnel lack relevant knowledge, the database security management lags behind the fulfillment of business requirements.

In fact, database system security events have emerged one after another, and the trend is getting worse: there are cases where the two-color ball lottery database in a city is tampered with and the 33.05 million yuan prize insurance is under fraud; more recently, an example of data theft of HSBC Account 24 thousand ...... In this regard, relevant national departments have attached great importance to such policies as the technical requirements for classified protection of information systems involving State secrets and the basic requirements for classified protection of information system security, there are also clear requirements for the audit system:

Rules and regulations and measures should be formulated to ensure the correct implementation of system security audit policies

Audit Access to important servers

The date, time, type, subject ID, Object ID, and result of the event should be included.

Audit records should be reviewed and analyzed on a regular basis, corresponding measures should be taken for suspicious behaviors and violations, and timely reporting

It can be seen that ensuring database security and stability has become an important task in the information age. So what technical methods are used to implement database security protection?

Introduction to four types of database security audit technology

The following describes the database security audit technology.