Shulou(Shulou.com)05/31 Report--

In this issue, the editor will bring you about how to understand the functions of the database firewall. The article is rich in content and analyzes and narrates it from a professional point of view. I hope you can get something after reading this article.

In the Internet era, there are more and more security incidents caused by database. Database firewall is an indispensable defense means of database security protection, and it has been paid more and more attention by enterprises.

So, in order to establish an indestructible security line for enterprise data assets, what functions should the database firewall have? As an important participant in the national data firewall standard, Meichang Technology has led the formulation of the database firewall standard. Combined with the strong technical accumulation and product experience of mature database firewall products in this field, a series of key functions of this product are summarized.

1. High availability and high performance of database firewall

The database carries the core business of the enterprise, and its importance is self-evident. Because the database firewall is a security device connected to the database and application server, the normal use of the business system should not be affected by the deployment of the security equipment. The database firewall itself requires high availability and high-speed concurrent processing capabilities:

When the security equipment is unavailable due to downtime, the main program of the system itself is unavailable, and the memory is continuously occupied, it is automatically switched to another security device to run, so that the high availability of the equipment can be achieved. avoid downtime caused by daily maintenance operations (planned) and sudden system crashes (unplanned), affect production business, and improve the high availability of systems and applications.

Due to the high concurrent access of the business system, the database needs to access the database directly. The SQL processing rate of 1 millisecond is basically the same as that of direct access to the database, in order to avoid the normal use of the business system due to the deployment of the database firewall.

two。 Admission control

Just like people need to have an ID card, access to the database also requires authorized identity to access, according to different identity factors for multi-dimensional identification to ensure the authenticity and reliability of identity.

Multi-factor identity: database user name, application system user, IP address, MAC address, client program name, login time and other factors.

Application anti-counterfeiting: it can identify the application, identify the authenticity of the application, and prevent the application from being simulated, resulting in illegal use of the application.

3. Intrusion protection function

Every day, the database firewall needs to face various attacks from the external environment. On the basis of identifying real people, we also need to detect their visiting behavior and characteristics, and resist dangerous behavior. The main defense functions should be:

SQL injection security defense, build SQL injection feature library, realize SQL feature recognition of injection attacks, and combine SQL whitelist mechanism to block real-time attacks.

Vulnerability attack defense due to the difficult premise of database upgrade, it is necessary to scan and identify database vulnerabilities and make virtual patches to prevent hackers from attacking through these vulnerabilities.

Sensitive SQL defense, that is, sensitive information carried by SQL, these SQL need to be managed separately, only authorized to the identities that can be accessed, and unauthorized identities are denied access.

4. access control

Many applications often have access control vulnerabilities that fail to control certain illegal access and high-risk operations, such as access to unified and top secret data. These potential risk behaviors need to be managed and controlled:

Anti-collision library, when the number of password input reaches the preset threshold, lock the attack terminal

Dangerous operations are blocked. When the application performs high-risk behaviors such as complete deletions and modifications, these behaviors need to be blocked.

Sensitive information access desensitization, according to the competent department of visitors, when the competent department is sufficient to see the real data, when the competent department is insufficient to return desensitized data, return different data to avoid divulging sensitive information

Access return row control can manage access results and avoid illegally exporting a large number of databases at one time, resulting in a large amount of data loss.

5. SQL whitelist

SQL whitelist is to create the SQL whitelist database of the application, release these secure SQL and block the dangerous SQL. SQL whitelist can only identify the features of the trusted SQL, but we can consider it to be an unknown or high-risk SQL, and block or alarm it.

6. Risk monitoring

In general, database firewalls usually manage multiple databases. When the number of databases reaches a certain number, it is difficult to monitor the overall human security of the database. Therefore, the monitoring platform needs to perform unified security monitoring:

Monitor the overall security of the database firewall and quickly locate the currently attacked databases and clients when there is a risk.

Visual display, intuitive, global, clear grasp of database security.

7. Alarm

Identification and real-time alarm of any unknown new faces and operations is an essential part of database security protection, including: newly discovered IP addresses, applications, database accounts, application accounts, access objects, access operations, SQL statements.

The system can ensure the real-time alarm through various alarms such as SMS, email and animation.

8. Risk analysis and tracking

Under the temptation of interest, business people often access sensitive information through the functions provided by the business system, which leads to the risk of data leakage. Therefore, detailed risk acquisition records must be provided to facilitate risk analysis and problem tracking. Detailed risk analysis and tracking should include the following basic elements:

-Real database account, host name, operating system account and other real identities; What?

-what object data was accessed, what actions were performed, and what security policies were triggered; When?

When?- specific time of occurrence of each event

Where? -the source and purpose of the event, including IP address, MAC address, etc.

Which applications or third-party tools are used by How?-.

Zhong an Visa: protect core data and safeguard network security

The above is the editor for you to share how to understand the functions of the database firewall, if you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.