DSG SnapAudit database audit software
Next-generation database Audit solution-Oracle Database
1 core issues and requirements of Database Audit 1.1 Analysis of Main Causes of Database Security Vulnerabilities
There are three main causes of database security vulnerabilities:
1) No monitoring means
Database Administrators often act as database operators to learn how to perform operations and solve problems in the database, but cannot monitor user access and operations, it cannot prevent or handle confidential access, data theft, or malicious deletion.
2) No Management Mechanism
The Super User password of the database is shared by many people. Many people can use a single user to perform operations, but they cannot determine which person created the problem afterwards. Once you log on to the database, both core and non-core data can be accessed without notice. Non-company staff and test users can access and operate on all data, in this way, the database is completely "OPEN.
3) No Backtracking Method
If a problem is found, the status of the problem cannot be traced back, the root cause of the problem cannot be traced, and the problem cannot be terminated. Moreover, targeted solutions cannot be developed, making the enterprise very passive. Because data cannot be traced back, data cannot be repaired, resulting in the continuation and spread of errors.
1.2 core issues to be addressed in Database Audit
For existing problems, database audit should solve the following three core issues:
1) comprehensive database operation monitoring.
Whether you log on from the network or from a terminal, whether it is querying data or changing data, whether it is a common user or a Super User, whether it is an application or manual login can be effectively monitored, no dead ends.
2) audit policy customization and Management
Allows users to customize various audit policies and set different granularity monitoring policies for the users, tables, and specific data in the tables they are concerned about. When user access violates these policies, the operation will be recorded and an alarm will be triggered immediately.
3) event playback and fault repair
You can quickly query the customer's historical operation process, analyze the cause of the accident, and generate repair suggestions to restore the normal operation of the system as soon as possible.
1.3 Basic Requirements of database audit software
As a sound database audit software, the following conditions must be met:
1) it has a comprehensive array of database audit types and can obtain all kinds of database operation information comprehensively and efficiently;
2) fine-grained audit of database operations;
3) accurate and timely response to illegal operations;
4) provides comprehensive and detailed audit information and a rich and customizable report analysis system;
5) provides repair solutions for data loss and tampering;
6) little interference and impact on the business system;
7) Ease of management and maintenance;
8) it is highly secure and not vulnerable to attacks.
2 SnapAudit Database Audit Solution
Based on the analysis of database audit requirements, DSG proposes a targeted SnapAudit Database Audit solution.
2.1 SnapAudit Architecture
Shows the system structure of the SnapAudit software:
As shown in, the SnapAudit software is divided into five functional layers:
Collection layer: consists of the data analysis engine (OLFX.
The data analysis engine OLFX is mainly used to analyze online logs of Oracle databases and obtain the database operating system. The main feature of OLFX is that it can obtain database operation information in all aspects, and the analysis process is fast and efficient, with little impact on the business system. After OLFX analyzes online data logs, it automatically transmits database operation information to the filter layer for processing.
Filter Layer: consists of the SnapAudit Data Filter module.
SARF filters the information collected by OLFX according to the Audit Policy (Audit Policy), and transmits the filtered information to the storage layer for storage.
Storage layer: consists of XDTFS/SADB audit information storage management module.
All the filtered audit information is converted to the XDT format and stored in an independent XDTFS file system. The XDT format stores the database Audit information obtained according to the format of internal Oracle database operations. XDTFS creates a quick access index for each XDT data stored in it to facilitate random query. XDTFS can be stored on any UNIX/Linux File System and stored in a bucket identified by the operating system.
You can also store the filtered audit information in the SnapAuditDB data storage system. In the SADB storage system, data is easier to process, query, and collect statistics.
Business Layer: The main functions of SnapAudit are implemented through its server component SAServer. SAServer is used to develop audit policies, generate repair suggestions, create query and retrieval commands, and update automatic reports and performance monitoring. Custom audit policies, user permissions, and information on logon to SnapAudit are recorded on SAServer. SAServer supports a networked environment for centralized management of multiple database audits.
Display layer: SAClient is the graphic man-machine interaction interface of SnapAudit. It is used to display audit reports, select customers, and formulate audit policies, it also provides the performance monitoring interface, permission management interface, audit information query interface, and data repair operation interface. A SAServer supports connections of multiple saclients.