The database firewall seems to be a new security device that has emerged in recent years, but in fact it has a long history. In 2010, Oracle Corporation acquired Secerno Corporation and officially released its database firewall product in February 2011, which has been on the market for many years. Because the word "database firewall" is easy to understand and is consistent with mainstream security products such as firewalls, Web firewalls, and next-generation firewalls, many companies also name their data security products as database firewalls. Each company has different definitions for database firewalls, with different emphasis. In other words, although everyone is talking about database firewalls, it is very likely that they are two completely different data (library) security devices.
As the name implies, a database firewall is a data (secure) security device. It can be seen from the word firewall that its main role is to do dangerous isolation from the outside. In other words, the database firewall should block the intrusion before it reaches the database, at least during the intrusion.
1. How to define external?
As for how to define external threats, it is necessary to clearly define the boundaries of the database, and the definition of this database boundary is variegated. The first definition, from the extreme point of view, is that all access from outside the database can be defined as external because of the blurring of the current network boundary. If this is the definition, the tasks carried by the firewall are very heavy and may not be what a security device can afford. The second definition is that the data center and operation and maintenance network can be defined as internal access, and other access is defined as external access, so that the firewall does not need to carry internal operation and maintenance security and employee safety, and thus better work.
In a comprehensive view, we adopt the second definition. The database firewall mainly carries data (libraries) outside the data center and operation and maintenance networks.
2. How to define a database firewall?
Once the exact definition of what is external, what is a database firewall is more clear. Access outside the operation and maintenance network can be defined as business access.
A database firewall is a security device or product that protects and eliminates data (library) security issues that result from application business logic vulnerabilities or defects. The database firewall is generally deployed between the application server and the database server and is completed by using database protocol resolution. However, this is not the only way to achieve this. You can deploy it outside the database without using protocol resolution. From this definition, it can be seen that the essential goal of the database firewall is to patch business applications to avoid data (database) security impact due to application business logic loopholes or defects.
Common application business logic vulnerabilities and defects:
SQL injection attack
Cc attack
Unexpected large amount of data returned
Sensitive data is not desensitized
Frequent similar operations
Super sensitive operation control
Identity theft and crash attacks
Verify detours and session hijacking
Business logic is chaotic
3. Common Application Scenarios of Database Firewall
(1) SQL injection attack
SQL injection attacks are the core application scenarios of database firewalls. It can even be said that database firewalls exist to prevent SQL injection attacks. SQL injection attacks are very old methods of attack, especially after the popularity of the Internet, has always been a mainstream security attack. It is important to note that SQL injection attacks are not caused by database vulnerabilities but due to application vulnerabilities and bugs, but the database is damaged and affected. Our business applications are written by companies and engineers with varying levels of quality. The code quality will be far less than that of Oracle, Microsoft and other big companies. SQL injection and other possible vulnerabilities and defects exist. It can even be argued that SQL injection vulnerabilities exist in any business application that exceeds a certain degree of complexity.
The main reason why SQL injection attacks are difficult to defend is that their attacks are initiated through business applications. All security measures traditionally deployed are basically ineffective for SQL injection attacks, making it easy to reach inside the core database of an enterprise.
(2) cc attack
Even an application without any defects can simply initiate cc attacks. Each application will have some operations with extremely high resource consumption. An intruder can simultaneously dispatch these high resource-consuming operations and cause the database server to become unresponsive.
(3) Unexpected large amount of data returned
Due to a bug in the application, a large amount of data outside of the plan was returned in some operations. Returning large amounts of data can easily cause security problems.
(4) Sensitive data is not desensitized
Due to historical reasons, existing applications rarely display sensitive data for desensitization. In order to comply with the new security regulations and rules, and in order to better protect customers and companies, in many cases we need to desensitize the application to return data.
(5) Frequent similar operations
Frequent acquisition of sensitive information through the application program is one of the main channels for leakage of sensitive information. The database firewall can reduce the risk of such data leakage through delay, notification and other response methods.
(6) Super-sensitive operation control
Many applications often have privilege control loopholes and cannot control certain sensitive operations. For example, the authorities, such as the acquisition of top secret information and so on.
(7) Identity theft and crash attacks
Hitting a library attack is one of the Internet's greatest security risks. Most of the database attacks are for identity theft.
(8) Verify detour and session hijacking
Due to the application defect, the verification security mechanism does not take effect, such as the verification code, or the session is hijacked, resulting in the business application being illegally controlled.
(9) Chaos in business logic
Because application loopholes cause business logic to be confusing, such as not checking the presence and compliance of the pre-process during approval, the next process is triggered directly.
4. Database vulnerability detection defense and database firewall
We can observe that many database firewalls have database vulnerability detection and virtual pudding functions, and even turn database vulnerability detection defense into the core function of the database firewall. This is a typical misunderstanding for database firewalls. The core of database firewalls is to detect and prevent business application vulnerabilities rather than database vulnerabilities.
Of course, database firewall deployment database vulnerability detection also has its logical basis: When intruders invade the database through business application vulnerabilities, especially SQL injection attacks, intruders often use database vulnerabilities to further attack in order to obtain greater intrusion revenue. From the point of view of close processes, in many occasions, database vulnerability attacks can be regarded as a part of SQL injection attacks, and an outcome is expanded.
Third, the database firewall and Web firewall1. Web firewall
Many people may ask, Web firewalls are also able to defend against SQL injection attacks. Why should I deploy a database firewall? First let's take a look at what the WAF can do:
SQL injection attack
XSS attack
CSRF attack
SSRF attack
Webshell back door
Weak password
Deserialization attack
Command/code execution
Command/code injection
Local/Remote Files Include Attacks
File upload attack
Sensitive information leaked
XML entity injection
XPATH injection
LDAP injection
other
From this list, it is clear that the difference between the targets carried by the Web firewall and the database firewall is relatively large, and the SQL injection attack is only one of the few crossing points of the two different firewalls.
2. Database Firewall is the Ultimate Solution for SQL Injection Prevention
The different deployment positions of database firewalls and Web firewalls determine the defense strategies and effects of two different products for SQL injection attacks.
Deployment location: The Web firewall acts between the browser and the application. The database firewall acts between the application server and the database server.
The role of agreement: Web firewall acts on the HTTP protocol, the database firewall generally acts on the database protocol, such as Oracle SQL*Net, MSSQL TDS.
Web firewall acts between the browser and the application, so that he can only see the user submitted the relevant information, and the user submits information is often just a fragment of the database SQL statement, lack of global knowledge of the database SQL, not to mention The context of the SQL statement. Web firewalls can only identify and filter based on common anomaly features and features that have occurred. The effectiveness of the Web firewall's SQL injection attack defense depends on the level and creativity of the attacker. As long as the attacker has a certain degree of creativity, Web firewall is difficult Defense against SQL injection attacks.
The database firewall acts between the application server and the database server. It sees the complete SQL statement that was generated after the complex business logic processing. That is to say, the attacker's final form of expression has already taken a lot of disguise. Since we see the lack of change in the final form, the database firewall can use more aggressive defense strategies than the Web firewall. For example, the Defend Against Black Strategy performs abnormal SQL behavior detection and 100% defense against SQL injection attacks. Even if a blacklist policy similar to Web firewalls is simply adopted, the information obtained will make the final information more complete, making it much more difficult to defend against a comparable Web firewall, and the defense effect will naturally be better.
3. More access channels
Accessing a database through a http service application is only a channel and service in database access. There is a large amount of service access and nothing to do with http. These http unrelated services cannot be deployed on a web firewall and can only be completed by relying on a database firewall.
Fourth, summary1. The database firewall is mainly used to defend against external intrusion risks and needs to be properly separated from internal security controls.
2. The main focus of database firewalls is to reduce or eliminate data (library) security risks by fixing application business logic vulnerabilities and defects. SQL injection attack is its core defense risk, and database vulnerability detection and defense is not necessary.
3. Due to the associated nature of SQL injection attacks and database vulnerability attacks, database firewalls often have database vulnerability detection and prevention capabilities.
4. Web firewalls cannot replace database firewalls. Web firewalls are the first line of defense against SQL injection attacks. Database firewalls are the ultimate solution for SQL injection attacks.
Our wire and cable requires for product quality certification documents from the supplier, The wiring shall have the factory quality certificate documents, including: certificate of quality (the certificate has the production license number and the "CCC" certification mark), test report and the "CCC" certification certificate; he quality certificate of electric wire shall be the original, if it is a copy, the copy shall be consistent with the original content, with the official seal of the original storage unit affixed, indicating the place where the original is stored, and the signature and time of the handler; The manufacturer shall have the business license of enterprise legal person.
Automotive Wire Connectors,Waterproof Wire Connectors,Wire Connectors,Wire Harness Connectors
Dongguan YAC Electric Co,. LTD. , https://www.yacentercn.com