The electric power industry according to the two times system security protection overall scheme to achieve the "security zoning, network-specific, horizontal isolation, longitudinal certification", effectively ensure the power of real-time closed-loop monitoring system and dispatching data network security, to prevent this led to a system accident or a large area blackout, and two system crashes or paralysis. Through the internal and external network isolation scheme, especially the database forward and backward isolation device effectively protect the power system from the Internet attack.
However, in the overall security scheme, for the protection of sensitive information of power system, the anti-tampering work of power business data has not always been the focus; in the management information Management information region, the large amount of sensitive information in the database is stored and the business data is closely related to the interests of the Power users. There are a large number of maintenance personnel and outsourced workers in the management area, which poses a great risk to the leakage and alteration of power management data, and indirectly threatens the safe operation of the power production system.
The overall goal of hierarchical protection is to ensure the security of the core database itself, to ensure that the database will not be attacked and cause the business system to be paralyzed; second, in the process of using the database to detect security problems in time, in order to repair the proposed security reinforcement; third, to ensure the confidentiality and integrity of data , to protect the sensitive data in the core database, ensure that the key data is not compromised and is not tampered with.
Through the analysis of the security threat of sensitive information leakage in power industry, the whole design and planning of database security is carried out, and the whole series of database security products work together to form an overall protection system, covering the pre-diagnosis, control and post-analysis of database security protection.
1. Existing Power security architecture
650) this.width=650; "title=" 0.png "src=" Http://s3.51cto.com/wyfs02/M02/5B/66/wKiom1UH3WSgTVtpAAEwlpJ0kRo358.jpg " alt= "Wkiom1uh3wsgtvtpaaewlpj0kro358.jpg"/>
Power system two times protection overall
the existing power safety protection system mainly includes three aspects:
A, partition isolation, network-specific
According to the requirements of the normal operation of the power grid, the grid is divided into different levels of the system, divided into four large regions, four large regions to achieve isolation. The main purpose of this mechanism is to ensure the reliability and stability of the system, to prevent low-level, offensive, harmful code and programs into the system of higher security level.
B, internal and external network isolation
Management information region and the Internet using a one-way isolation device and database isolation device to achieve internal and external network isolation; All the databases are placed in the intranet, all Web application systems that need Internet access are put on the net, and the database isolation device ensures that only the database communication protocol can access the intranet database through the isolation device. Isolation device through the analysis and control of the database protocol, the external system to protect the attack behavior of the database.
C, to achieve grade protection and safety transformation
The core production system and control system of power system belong to the Class 2 system, EMS system and SCADA system reach level 4, some management system reaches 3 level, the remaining systems are above 2 level.
2, the existing system has a serious risk of sensitive information leakage and tampering
The existing two times security protection scheme of power system is very good to isolate the illegal access between the outside network, the management information region and the production control area. However, in the management information region, accumulated a large number of power sensitive data, such as financial data, marketing data, human resources data, market information, production management and so on, these data from different application systems are stored in the database. Internal personnel, third-party operators, DBAs of Oracle Database systems, program developers of new modules require frequent access to data in the database, many people and excessive permissions cause the risk of leakage in the power-sensitive data set, and the operational data is at risk of being tampered with.
3. The idea of database security protection according to the requirement of equal warranty
The sensitive data in the electric power is mainly stored in the database, and the security protection measures of the database are the weak link of the current security system, and the database protection ideas corresponding to the security requirements are as follows:
650) this.width=650; "title=" 1.png "src=" Http://s3.51cto.com/wyfs02/M02/5B/61/wKioL1UH30yi--VtAALudjVmiq8120.jpg " alt= "Wkiol1uh30yi--vtaaludjvmiq8120.jpg"/>
4. Database Security Overall Planning
Through the analysis of the security threat of sensitive information leakage in power industry, the whole design and planning of database security is carried out, and the whole series of database security products work together to form an overall protection system, covering the pre-diagnosis, control and post-analysis of database security protection.
650) this.width=650; "Width=" "height=" 1058 "title=" 2.jpg "style=" WIDTH:507PX;HEIGHT:449PX; "src="/HTTP/ S3.51cto.com/wyfs02/m02/5b/61/wkiol1uh35zwrf5waahyuu_zvto668.jpg "alt=" Wkiol1uh35zwrf5waahyuu_zvto668.jpg "/>
Pre-diagnosis: Through the database leak-scan products, effectively detect the database known vulnerabilities, and effectively repair.
The main database type of the power industry is Oracle, and in the important application system also uses the domestic database to dream and Gold warehouse. In some network province companies exist a large number of software development and operations personnel left the database account, because the password in the database is encrypted storage, these accounts are weak port is also not known, especially the domestic database weak password scanning currently only Anwarking database leakage can support. This plan uses the database vulnerability scanning system which can support the security detection of the domestic database, carries on the comprehensive security flaw detection to the important database in the current system, effectively exposes the security problem of the current database system, and puts forward the suggestion of the bug fixing, which can improve the security of the database system as a whole.
The database security check is carried out periodically through database leakage, the comprehensive evaluation of database safety risk is carried out, and the security status of database in the management domain is comprehensively detected. Security vulnerabilities include: weak password, default password, weak security policy, broad permissions, sensitive data discovery, privilege elevation vulnerability, patch escalation, etc., to assess whether there are security vulnerabilities and provide remediation recommendations, to provide a valid reference for system security Configuration promotion.
In-Thing control: Resolved through database firewalls and database encryption.
At present, the power industry has some systems such as ERP is to be open through the Internet for the public, the database if placed in the intranet, will affect the normal access of the database. But in the external network, there are hackers to the application of the server as a springboard to the database server attack risk. The logic strong isolation device and database isolation device for Internet security protection in power industry are deficient in the identification of the OCI connection access statement in Oracle database, although the power industry requires that the database access of each application system be converted into e language and then through the isolation device, But the complex application system is difficult to realize the transformation of the E-language of database access, and the transaction mechanism (ACID) of relational database cannot be implemented by E language.
Database firewall-protects data from the source of access, monitors database access, prevents unauthorized access, SQL injection, unauthorized elevation of permissions or roles, and illegal access to sensitive data. Highly accurate analysis of SQL-based syntax to avoid false positives; Flexible SQL-level policy settings based on black and white lists, support for bypass and proxy and hybrid deployment models, support for high availability, maximum adaptability to enterprise requirements, virtual patching technology avoids malicious access to the database due to the inability to patch upgrade.
The core system, such as three levels above, can prevent the DBA, third-party outsourcing personnel and program developers from unauthorized access to sensitive information by encrypting and storing sensitive information in the database, preventing it from being parsed into plaintext, and introducing security administrators and audit administrators to implement separation security management by independent of database control system. Combined with the dynamic password card and the SQL-level API to bind to the application system, it solves the problem of bypassing the application illegally accessing the database.
Post-mortem analysis: Through the database audit technology to solve.
Many business-related operations in the power industry, such as marketing and metering data modification, bulk customer information and query of human capital and production data, need to be linked to specific business personnel to conduct database operations audits to enable effective accountability in case of security incidents.
Database audit by setting the port image on the core routing device or using shunt monitoring, so that the security audit can listen to all users through the routing device and the database to communicate the operation, and the database operation of the protocol restore and analysis, meticulous database operations audit and user audit, and has a wealth of query retrieval and reporting functions, The maintenance is simple, has the professional audit function, saves the manpower, reduces the maintenance expense.
5. Summary
Electric power industry in accordance with the electric power two times system safety protection overall plan to implement the production control region and management information region of the border protection, through the isolation device, a good realization of the power of many application system security zoning, control large areas, management region, the security of the Internet between the isolation. However, the management information region stores a large number of database information in each application, while the power system is in the side construction and side use phase, third-party program developers, operations personnel, DBA Authority users have full access to the data, and security administrators are not aware of their access to the database operations, This poses a risk to the disclosure and tampering of sensitive data in the database. Based on Anwarking's database Security series, this scheme puts forward the security reinforcement scheme of database protection and active defense, and the database security technology adopted in this scheme will break through the defects of traditional security products, realize the comprehensive security protection of data, and completely solve the problem of prevention and control of sensitive information from the root.
For a full version of the Power Industry Database security solution, please
Click to download
This article is from the Database security blog, so be sure to keep this source http://schina.blog.51cto.com/9734953/1621499
Total solution of database security for power information system