Database firewall technology application
The database firewall seems to be a new security device that has emerged in recent years, but in fact the history is very long. In 2010, Oracle acquired Secerno and officially released its database firewall in February 2011, which has been on the market for many years. Because the term database firewall is easy to understand and is in line with mainstream security products such as firewalls, Web firewalls, and next-generation firewalls, many companies have named their own data (database) security products as database firewalls. Each company has different definitions of database firewalls, and the focus is different. That is to say, although everyone is talking about database firewalls, it is very likely that there are two completely different data (library) security devices.
Database firewall, as its name implies, is a data (library) security device. As can be seen from the word firewall, its main role is to do dangerous isolation from the outside. In other words, the database firewall should block the intrusion before it reaches the database, at least to block it during the intrusion.
1. How to define the outside?
As for how to define external threats, a clear definition of database boundaries is needed, and the definition of this database boundary is versatile. The first definition, from a limiting point of view, is that all access from outside the database can be defined as external due to the ambiguity of the current network boundaries. If this definition is used, the task carried by the firewall is very heavy and may not be borne by a security device. The second definition is that data centers and operation and maintenance networks can be defined as internal access, and other accesses are defined as external access, so that the firewall does not need to carry internal operation and maintenance security and employee security to work better.
In summary, we adopt the second definition. The database firewall mainly carries data (database) security work outside the data center and operation and maintenance network.
2. How to define a database firewall?
Once you have accurately defined what is external, what is a database firewall is clearer. Access outside the operation and maintenance network can be defined as business access.
A database firewall is a security device or product that protects against and eliminates data (library) security issues caused by application business logic vulnerabilities or defects. The database firewall is generally deployed between the application server and the database server, and is implemented by means of database protocol parsing. But this is not the only implementation, you can deploy outside the database, you can not use protocol parsing. As can be seen from this definition, the essential goal of database firewalls is to patch business applications to avoid data (library) security due to application business logic vulnerabilities or defects.
Common application business logic vulnerabilities and defects:
SQL injection attack
Cc attack
Unexpectedly large amount of data returned
Sensitive data is not desensitized
Frequent similar operations
Super sensitive operation control
Identity theft and collision attack
Verify bypass and session hijacking
Business logic confusion
3. Common application scenarios of the database firewall
(1) SQL injection attack
SQL injection attacks are the core application scenarios of database firewalls. It can even be said that database firewalls exist to protect against SQL injection attacks. SQL injection attacks are very old-fashioned attacks, especially after the popularity of the Internet, which has been the mainstream security attack. It is important to note that SQL injection attacks occur not because of database vulnerabilities, but because of application vulnerabilities and defects, but the database is affected and affected. Our business applications are written by companies and engineers with varying levels of quality, and their code quality will be far less than the inevitable events of Oracle, Microsoft and other big-name companies, SQL injection and other possible vulnerabilities and defects. It can even be argued that SQL injection vulnerabilities exist in any business application that exceeds a certain level of complexity.
The main reason why SQL injection attacks are difficult to defend is that their attacks are initiated by business applications. All the security measures traditionally deployed are basically ineffective for SQL injection attacks, making it easy to reach the core database of the enterprise.
(2) cc attack
Even an application without any flaws can simply launch a cc attack. Each application has some operations that are particularly resource intensive. As long as the intruder schedules these high-resource operations, the database server will lose its response.
(3) Unexpected large amount of data return
Due to application defects, a large amount of data outside the plan was returned in some operations. A large amount of data return can easily cause security problems.
(4) Sensitive data is not desensitized
For historical reasons, existing applications rarely desensitize sensitive data. In order to comply with new security regulations and rules, in order to better protect customers and companies, in many cases we need to desensitize the application return data.
(5) Frequent similar operations
Continuous and frequent access to sensitive information through applications is one of the main channels for sensitive information disclosure. Database firewalls can reduce such data leakage risks through delays, notifications, and other response methods.
(6) Super sensitive operation control
Many applications often have permission control vulnerabilities and cannot control certain sensitive operations. For example, the unified party, such as the acquisition of top secret information and so on.
(7) Identity theft and collision attack
The collision library attack is one of the biggest security risks of the Internet. Most of the collision attacks are for identity theft.
(8) Verify bypass and session hijacking
The authentication security mechanism does not take effect due to an application defect, such as a verification code, etc., or the session is hijacked, causing the business application to be illegally controlled.
(9) Business logic confusion
Business logic is confusing due to application vulnerabilities, such as not checking the existence and compliance of the pre-process in the approval process, directly triggering the next process.
4. Database vulnerability detection defense and database firewall
You can observe that many database firewalls have the functions of database vulnerability detection and virtual pudding, and even turn the database vulnerability detection defense into the core function of the database firewall. This is a typical misunderstanding of database firewalls. The core of database firewalls is to detect and defend against business application vulnerabilities rather than database vulnerabilities.
Of course, database firewall deployment database vulnerability detection also has its logical basis: when intruders invade the database through business application vulnerabilities, especially SQL injection attacks, intruders often use database vulnerabilities to further attack in order to obtain greater intrusion revenue. From the perspective of the tight process, in many cases, database vulnerability attacks can be seen as a link in the SQL injection attack, an expansion of results.
Third, the database firewall and Web firewall1. Web firewall
Many people may ask, the Web firewall can also defend against SQL injection attacks. Why should I deploy a database firewall? First let's take a look at what WAF can do:
SQL injection attack
XSS attack
CSRF attack
SSRF attack
Webshell backdoor
Weak password
Deserialization attack
Command/code execution
Command/code injection
Local/remote files contain attacks
File upload attack
Sensitive information disclosure
XML entity injection
XPATH injection
LDAP injection
other
From this list, it is obvious that the difference between the target of the Web firewall and the database firewall is relatively large. The SQL injection attack attack is only a few intersections of two different firewalls.
2. Database firewall is the ultimate solution for SQL injection defense
The difference between the deployment location of the database firewall and the Web firewall determines that the defense strategies and effects of the two different products for SQL injection attacks will be very different.
Deployment location: The Web firewall acts between the browser and the application, and the database firewall acts between the application server and the database server.
Function Protocol: The Web firewall acts on the Http protocol. The database firewall generally acts on database protocols, such as Oracle SQL*Net, MSSQL TDS, and so on.
The Web firewall acts between the browser and the application, so that he can only see the relevant information submitted by the user, and the user submits the information is often only a fragment of the database SQL statement, lacking a global understanding of the database SQL, not to mention The context of the SQL statement is gone. The Web firewall can only do some recognition and filtering based on the characteristics of the regular anomalies and the features that have appeared. The effectiveness of the SQL injection attack defense of the Web firewall depends on the level and creativity of the attacker. As long as the attacker has certain creativity, the Web firewall is difficult. Defense against SQL injection attacks.
The database firewall acts between the application server and the database server. It sees the complete SQL statement generated after the complex business logic processing, that is, the final performance of the attacker, which has torn a lot of camouflage. Because it sees the final form of lack of change, the database firewall can compare the Web firewall with a more aggressive defense strategy, such as the spoofing black policy for abnormal SQL behavior detection, 100% defense against SQL injection attacks. Even if the blacklist strategy similar to the Web firewall is simply adopted, the defense effect will naturally be better because the information that is seen makes the complete final information and the defense difficulty is greatly reduced compared to the Web firewall.
3. More access channels
Accessing the database through the http service application is only a channel and service in the database access, and there is a large amount of business access and http independent. These http-independent services naturally cannot deploy the web firewall, and can only rely on the database firewall to complete.
Fourth, summary1. The database firewall is mainly used to protect against external intrusion risks and needs to be properly separated from internal security controls.
2. The main focus of the database firewall is to reduce or eliminate data (library) security risks by fixing application business logic vulnerabilities and defects. SQL injection attacks are at their core defense risk, while database vulnerability detection and prevention are not required.
3. Due to the companion nature of SQL injection attacks and database exploits, database firewalls often have database vulnerability detection and prevention capabilities.
4. Web firewall can not replace database firewall, Web firewall is the first line of defense for SQL injection attacks, database firewall is the ultimate solution for SQL injection attacks.
| About Bare Copper Wire |
Good conductivity; Strong anticorrosion; Long service life; Lowest price; Easy installation
Bare Copper Wire is used as flexible connector in electric transmission and distribution appliance(such as volt transformer, electric
stove),electronic equipment and thyristor. Underground Electrical Wire also could be used for grounding wire in electric working.
Also, it can be manufactured accordingto customer's drawings and demands.
| 1. | Professional Operation Experience |
| 2. | The Sizes All Can Be Customised |
| 3. | Sample For Your Reference Available |
| 4. | Low MOQ, Low Price |
| 5. | Safe Packing & Prompt Delivery |
| 6. | Quality Guaranted: ISO9001:2008, All Kinds of Test |
Bare Copper Wire,Bare Copper Wire Solid,Copper Wire Bare Copper Wire,Pure Copper Wire Bare Copper
HENAN HUAYANG ELECTRICAL TECHNOLOGY GROUP CO.,LTD , https://www.huaonwire.com