How to construct the Financial industry database defense system in depth

"This is the best of times, it is the worst of times, it is the age of wisdom, this is the age of stupidity." This line of Dickens seems to be more prescient in the present. The rapid development of cloud computing today, to bring great convenience to human life at the same time, security issues, followed by a protracted battle against the core data defense, one after another. and the financial information security leaks, the occurrence of many security incidents, undoubtedly makes it a data security hardest hit. As to the security of enterprise and personal core assets, we can not evade the storage media database of core data, how to build the defense of core security data in depth, and become the security focus.

The Verizon data breach survey reports that the threat of a database is a major cause of data leakage events, accounting for up to 90% of the total Information system security, which accounts for 74% of the importance of data security. The extent to which core data security is recognized, especially in the financial sector, involves corporate credibility and credibility, and once leaks, the financial industry faces key risk challenges.

At present, the problem of database security in financial industry is multi-dimensional and multi-functional:

first, the financial database "security base" is not unified , the financial industry generally hundreds of business systems corresponding to hundreds of database support, lack of automated means to gain insight into the database itself vulnerable points. Take Oracle database as an example, its own 4000+ configuration items, security configuration is uneven, resulting in the security line is not strong;

Second, the financial industry is facing a complex internal and external environment , due to the value of financial data, internal and external interests driven by the high frequency of security incidents, new payment channels, such as online banking, electronic payment, mobile banking and other new business brings new risks;

Thirdly, the development of new finance , such as peer to financial, business development needs and speed far beyond the safe operation and maintenance speed, Fortress machine, KVM for database security management has limitations, database access behavior can not be effectively recorded and control, operation and maintenance personnel and several jobs, there is a hidden danger of misoperation;

Four, with the financial industry on the pace of the cloud, the security problems appear on the cloud, the database is concentrated, the database plaintext storage, the core data is not secure and so on.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/76/C5/wKiom1ZcCryy-N_VAAENYRGBM2Y521.jpg "title=" 20151117-jrzsfy.jpg "alt=" Wkiom1zccryy-n_vaaenyrgbm2y521.jpg "/>

Therefore, Anwarking put forward to construct the security defense system of financial database. The whole information system, the database is the most core storage system, through the database set up three security line of defense mechanism, fundamentally defend the internal and external to the database core data theft intrusion and bad operation.

every line of defense: Threat analysis against the database , use of professional automation tools for risk assessment, to find database security weaknesses, prevent in the bud; Access behavior monitoring to identify database security risks, An Huaqin and provide database security hardening recommendations based on database weaknesses and risks.

second line of defense: active defense against internal and external access to the database . The use of virtual patching technology to prevent external vulnerability attacks, through the control of internal personnel access rights to prevent financial misuse and non-authorized behavior, through the threshold control, to prevent large-scale data bulk leaks.

The third line of defense, that is, the defense of the bottom line of financial data , data encryption and desensitization. Through the core data encryption in the library to prevent the leakage of financial sensitive information, the core data is de-sensitized by static and dynamic desensitization technology.

Through three checkpoints set up, to ensure that the outside of the entrance, the inside of not to go, and effectively protect the financial credibility and credibility, enhance the financial industry competitiveness and business operations of technical strength. These three lines of defense from the source of the database to achieve the protection of the financial core data, from the outside to the defense in depth, covering all aspects of the DBMS, access path, core data.

To cite a true case of peer-to-peer finance, as of November 2014, nearly 165 peer platforms have been crippled by hacking attacks, malicious tampering with data, and the looting of funds. Anwarking's financial industry Cloud Database security solution is to deploy the database firewall (dbfirewall) in front of the database server for attacks from outside people and for internal personnel to operate in error. The database firewall can control the operation behavior of the database for batch deletion or batch download, and realize 100% Application User Association, and also prevent external attacks on database vulnerabilities and SQL injection, brush library and other behaviors by precise protocol parsing of SQL syntax/morphology. At the same time, in the cloud environment, in order to prevent the database storage file loss, causes the whole library to leak, An Huaqin and the Database Safe (Dbcoffer) through to the database sensitive field encryption, prevents because the data plaintext storage causes the sensitive information inside the library to leak, prevents the drag library behavior to occur.

This article is from the Database security blog, so be sure to keep this source http://schina.blog.51cto.com/9734953/1718241

How to construct the Financial industry database defense system in depth