Database three-tier architecture audit decryption

1 , what is a three-tier architecture ?

The so-called three-tier architecture is the addition of a " middle tier ", also called a component layer, between the client and the database. The three-tier architecture isolates two areas, and the client-to-component layer is called the application-tier zone, and the component-to-database is called the database-tier zone. Here the three-layer system, not refers to the physical three layer, not simply placed three machines is three-layer architecture, also not only b/S application is the three-tier architecture, three layer refers to the logic of the three layer, that is, the three layers placed on a machine.

The three-tier application puts business rules, data access, legitimacy checks, etc. into the middle tier for processing. Typically, the client does not interact directly with the database, but instead establishes a connection with the middle tier through com/dcom Communication, and then interacts with the database through the middle tier.

2 , what is the three-tier audit ?

The three-tier audit is one of the industry's problems in database audit field.

The so-called three-layer audit is to combine the audit data of the application layer area with the audit data of the database layer to carry out the " Correlation analysis ", which can accurately correspond the operation of the application layer to the database layer. When a security event occurs, the log information of the associated audit record can be used to quickly locate the responsible person in the network. Therefore, the three-tier audit enables an effective association of the application with the database and is traced to the end-user.

Under normal circumstances, the application layer is the URL behavior, in the database layer is the database command, the performance of the two different forms, but with " correlation analysis ", you can technically penetrate two regions, This associates the Access resource account with the associated database operation, which can be traced to a real visitor.

3 , the difficulty of the three-tier audit ?

The difficulty of three-layer audit is the choice of audit technology.

The industry's traditional approach is to adopt "Fuzzy matching " method to achieve " Association analysis ", namely: Audit system first audit out browser to Web server,Web Server-to-database server events, which are HTTP events, which are SQL events, then need to correlate these two events for a time series " Fuzzy match " This associates the Access resource account with the associated database operation.

The advantages and disadvantages of this traditional approach are:

Advantages: can be applied to any three-tier architecture audit ;

Disadvantages: when high concurrency is a disaster, there is a 20% distortion rate that causes business users to correlate with SQL statement errors.

In order to avoid this shortcoming,IBM has also tried for several years to try to solve, but has not found a good solution, many domestic data security manufacturers are still helpless.

4 , three-tier audit really no solution?

Ang Kai technology from the beginning to do database audit system This product, continue to study for the " Three layer audit " The best solution, has been the first to make a major breakthrough: to take "com/dcom/com+" and other components of the three-tier architecture system, Ang Kai Technology original component penetration technology, can avoid time series of interference, in any case can be accurate audit, positioning to people, innovative solutions to " three layer +com component Audit " This troubled customers and many friends of the industry for many years, and in BUCM Hospital has been the actual application of testing.

Of course, the complexity of the three-tier architecture system determines that we have only achieved a phased " victory", to achieve a full " victory ", but also need to continue efforts.

Database three-tier architecture audit decryption