- from Baidu Encyclopedia Database Firewall system, in tandem deployment in the database server, to solve the database application side and operational side of the problem, is a database protocol analysis and control technology based database security protection system. Dbfirewall based on active defense mechanism, it realizes access behavior control of database, blocking of dangerous operation and auditing of suspicious behavior.
Database security technology, database security technology mainly includes: database leakage, database encryption, database firewall, data desensitization, database security audit system. Database security risks include: Brush library, drag library, crash library. The methods of database security attack include: SQL injection attack. Introduction Database firewall technology is a kind of database security active defense technology, which is based on the requirement of relational database protection, and database firewall is deployed between application server and database.the user must pass the system to access or manage the database. The active defense technology adopted by the database firewall can proactively monitor, identify, alarm, block the external data attack that bypasses the protection of Enterprise network boundary (FireWall, ids\ips, etc.), and data stealing and destroying from the internal high-privileged user (DBA, developer, third-party outsourcing service provider). , corruption, and so on, from the technical level of granular control of database SQL statements, provides an active security defense, and, combined with database-independent security access control rules, helps users respond to data security threats from both internal and external. Core functions
- Block direct access to the database channel: Database firewall deployment between the database server and application server, shielding the direct access to the channel, to prevent the database hidden channel against the database attack.
- Two authentication: Based on the original "connection six-tuple" machine fingerprint (non-forgery), IP address, MAC address, user, application, time period "" "Authorization unit, the application access to the database, must pass through the database firewall and the database itself two levels of identity authentication.
- Attack protection: Real-time detection of user-to-database SQL injection and buffer overflow attacks. and alarm or block the attack behavior, while the detailed audit of the attack operation occurred time, source IP, login database user name, attack code and other details.
- Connection monitoring: Real-time monitoring of all connection information to the database, number of operations, number of violations, etc. The administrator can disconnect the specified connection.
- Security Audit: The system can audit access to the database server. This includes information such as user name, program name, IP address, requested database, time of connection establishment, time of disconnection, traffic size, execution result, and so on. and provides the flexible replay log query analysis function, and can survive the report.
- Audit probe: As a database firewall, the system can also be used as the data acquisition engine of database audit system and send the communication content to the audit system.
- Granular permission control: Includes Select, Insert, Update, Delete, object owner, and permission control based on table, view object, column, according to SQL operation type
- Precision SQL Syntax Analysis: high-performance SQL Semantic analysis engine, the database of SQL statement operations, real-time capture, identification, classification
- Automatic SQL Learning: A risk control model based on self-learning mechanism that proactively monitors database activity to prevent unauthorized database access, SQL injection, permissions or role escalation, and illegal access to sensitive data.
- Transparent deployment: No need to change network structure, application deployment, application internal logic, front-end user habits, etc.
Protection against the threat of external hacker attacks: Hackers use Web application vulnerabilities for SQL injection, or Web application server as a springboard to exploit database vulnerabilities and exploits.
Protection: Capturing and blocking vulnerability attacks through virtual patching techniques, capturing and blocking SQL injection behavior through SQL injection feature libraries.
Prevent internal high-risk operations
Threats: System maintenance personnel, outsourcing personnel, developers, etc., have direct access to the database permissions, unintentional high-risk operations on the data caused damage.
Protection: Avoid large-scale losses by restricting the updating and deletion of affected rows, qualifying no-where updates and deletions, qualifying drop, truncate, and other high-risk operations.
Prevent sensitive data leaks
Threats: Hackers, developers can download sensitive data in bulk, and internal maintenance personnel export sensitive data remotely or locally.
Protection: Limit the number of data queries and downloads, the users, places, and times that restrict access to sensitive data.
Audit trail of illegal conduct
Threats: Business personnel, in the interests of the temptation, through the functions provided by the business system to complete the access to sensitive information, information sales and data tampering.
Protection: Provide a record of all data access behavior, the risk behavior of syslog, mail, SMS and other means of alarm, provide post-mortem analysis tools. More information can be seen on Oracle's dbfirewall:http://www.oracle.com/technetwork/cn/community/developer-day/3- Firewall-technology-exchange-1879657-zhs.pdf
Database Firewall--Implementation of database access behavior control, dangerous operation interruption, suspicious behavior audit
