Академический Документы
Профессиональный Документы
Культура Документы
Database Firewall
Morana Kobal Butkovi
Principal Sales Consultant
Oracle Hrvatska
PREVENTIVE
DETECTIVE
ADMINISTRATIVE
Encryption
Activity Monitoring
Privilege Analysis
Database Firewall
Configuration Management
Firewall
Events
Users
Auditor
Reports
Alerts
Security
Manager
AUDIT
DATA
Policies
AUDIT VAULT
4
Operating Systems
File Systems
Directories
Custom Audit Data
AUDIT VAULT
Reports
Alerts
Policies
Consolidates all audit trails and firewall data into one secure repository
Contains out-of-the-box reports for SOX, PCI, and other regulations
Detects and alerts on suspicious activities
Provides centralized management web-console for administrators and
Collection Plugins
Interface to Native Audit Trails
Agent
Collection Framework
Collection
Plugin
Collection
Plugin
MySQL
Linux (auditd), Solaris, Windows, Active Directory, Oracle ACFS
trails:
Configuration XML file maps custom-to-canonical audit elements
8
...
10
11
Reports Overview
13
14
15
Alert Demo
16
18
Powerful Alerting
19
SQL Injection
#1 Risks on OWASP Most Critical Application Security Risks - 2013
20
Threat
Agent
Attack
Vector
EASY
Attacker sends text based attacks that exploit
the uncleansed syntax
Impact
SEVERE
Injection can result in data loss or corruption,
lack of accountability or complete host takeover
Database Firewall
First Line of Defence
21
Database Firewall
Allow
Alert
Log
Substitute
Block
Database Firewall
Flexible Deployment Models
23
Inbound
SQL Traffic
In-Line Blocking
and Monitoring
Switch
Switch
Proxy: client configured
to connect to the
DBFW proxy IP/port
24
Proxy Mode
Database Firewall
SQL Injection Protection with Positive Policing Model
SELECT * from stock
where catalog-no='PHE8131'
Applications
White List
Allow
Block
Databases
Database Firewall
Constraining Activity with Negative Policing Model
Legitimate
data access
Non-authorized
user activity
Black List
Allow
Log
Block
Databases
26
Firewall
Events
Users
Auditor
Reports
Alerts
Security
Manager
AUDIT
DATA
Policies
AUDIT VAULT
29
Operating Systems
File Systems
Directories
Custom Audit Data
Complimentary eBook
Register Now
www.mhprofessional.com/dbsec
Use Code: db12c
31