Saturday, December 22, 2012

Database: Protecting your database using Database Firewall App.!

As Systems Architect I am responsible and involved in all security aspects of the system I am Architecting, and any other integrated systems or components.

When Architecting a financial products and also being related to government, then the security becomes a crucial part. One of the most important parts of protection is to protect data that resides in database.

In old days I did it manually by coding, hashing, encrypting, preventing any SQL-injection, vulnerabilities, logging, auditing ….etc. lot of time consuming and exposed to be hacked.

Nowadays, one of the amazing product I am using, to do all of the above for me beside another tremendous features is "Oracle Audit Vault and Database Firewall".

Well, what is "Oracle Audit Vault and Database Firewall" then?

Oracle Audit Vault and Database Firewall provide a first line of defense for databases and consolidate audit data from databases, operating systems, and directories.

A highly accurate SQL grammar-based technology monitors and blocks unauthorized SQL traffic before it reaches the database. Information from the network is combined with detailed audit information for easy compliance reporting and alerting.

With Oracle Audit Vault and Database Firewall, monitoring controls can be easily tailored to meet enterprise security requirements.

It secures databases by monitoring and blocking SQL statements according to the policies you define as well as collecting and reporting various configurable database audit data.

It contains many features and tools that provide ease of administration, monitoring and scaling.


The Database Firewall for Activity Monitoring and Blocking
-------------------------------------------------------------------------
Oracle Database Firewall provides a sophisticated next-generation SQL grammar analysis engine that inspects SQL statements going to the database and determines with high accuracy whether to allow, log, alert, substitute, or block the SQL.

Oracle Database Firewall supports white list, black list, and exception list based polices.

A white list is simply the set of approved SQL statements that the database firewall expects to see. These can be learned over time or developed in a test environment.

A black list includes SQL statements from specific users, IP addresses, or specific types that are not permitted for the database.

Exception list-based policies provide additional deployment flexibility to override the white list or black list policies.

Policies can be enforced based upon attributes, including SQL category, time of day, application, user, and IP address. This flexibility, combined with highly accurate SQL grammar analysis, enables organizations to minimize false alerts, and only collect data that is important.

Firewall events are logged to the Audit Vault Server enabling reports to span information observed on the network alongside audit data.


Fine Grained, Customizable Reporting and Alerting
-----------------------------------------------------------------
Dozens of out-of-the-box reports provide easy, customized reporting for regulations such as SOX (Sarbanes-Oxley Act), PCI DSS (Payment Card Industry), GLBA (German-Leach-Bliley Act ), DPA (Data Protection Act), and HIPAA (Health Insurance Portability and Accountability Act).

The reports aggregate both the network events and audit data from the monitored systems. Report data can be easily filtered, enabling quick analysis of specific systems or events.

Security Managers can define threshold based alert conditions on activities that may indicate attempts to gain unauthorized access and/or abuse system privileges.

Fine grained authorizations enable the Security Manager to restrict auditors and other users to information from specific sources, allowing a single repository to be deployed for an entire enterprise spanning multiple organizations.


Enterprise Audit Data Consolidation and Lifecycle Management
-----------------------------------------------------------------------------
Native audit data provides a complete view of database activity along with full execution context irrespective of whether the statement was executed directly, through dynamic SQL, or through stored procedures.

In addition to consolidating audit data from databases, operating systems, and directories, the Audit Collection Plugin can be used to collect audit data from application tables or XML files, and transfer them to the Audit Vault Server.

Audit data from databases is automatically purged after it has been moved to the Audit Vault Server.

Audit Vault Server supports data retention policies spanning days, weeks, or years on a per source basis, making it possible to meet internal or external compliance requirements.


Deployment Flexibility and Scalability
--------------------------------------------------
Security controls can be customized with in-line monitoring and blocking on some databases and monitoring only on other databases. The Database Firewall can be deployed in-line, out-of-band, or in proxy mode to work with the available network configurations.

For monitoring remote servers, the Audit Vault Agent on the database server can forward the network traffic to the Database Firewall. Delivered as a soft appliance, a single Audit Vault Server can consolidate audit logs and firewall events from thousands of databases. Both Audit Vault Server and the Database Firewall can be configured in a HA mode for fault tolerance.


These are main components of the products, for more information visit product home page.

References:
---------------
1- Oracle Product Help.
2- All images from oracle web site.