Database Journal
MS SQL Oracle DB2 Access MySQL PostgreSQL Sybase PHP SQL Etc SQL Scripts & Samples Links Database Forum

» Database Journal Home
» Database Articles
» Database Tutorials
MS SQL
Oracle
DB2
MS Access
MySQL
» RESOURCES
Database Tools
SQL Scripts & Samples
Links
» Database Forum
» Sitemap
Free Newsletters:
DatabaseDaily  
News Via RSS Feed


follow us on Twitter
Database Journal |DBA Support |SQLCourse |SQLCourse2
 

Featured Database Articles

Oracle

Posted Feb 14, 2011

Oracle Debuts Database Firewall

By Sean Michael Kerner

Databases and the content they store are among the most valuable IT assets – and the most targeted by hackers.

In an effort to help secure databases, Oracle today is launching the new Oracle Database Firewall as an approach to defend databases against SQL injection and other database attacks.

"People deploy network firewalls to analyze and monitor traffic that goes into their data center. The Oracle Database Firewall takes this one step further," Vipin Samar, Oracle vice president of Database Security, told InternetNews.com. "We look at the the SQL that is going between the application servers and the database. We analyze the SQL to see if it is good or if it is a SQL injection attack and then we can block the statement from going to the database."

The Oracle Database Firewall is derived from technology that Oracle acquired in May 2010 with the acquisition of database firewall vendor Secerno. Samar noted that Oracle has improved the Secerno technology and changed some of the underlying pieces. For one, the Oracle Database Firewall is now built on top of a hardened version of Oracle Enterprise Linux. And the underlying data store has moved from a PostgreSQL base to Oracle Database. Additionally, Samar noted that the Oracle Database Firewall supports IBM DB2,Sybase ASE and Microsoft SQL Server in addition to Oracle's namesake database.

Support for Oracle's open source MySQL database isn't part of the initial Database Firewall release. Samar noted that the technology can be extended to other databases and likely will be at some point in the future.

The way the Oracle Database Firewall works is by learning what SQL is good, by first watching the traffic between a server and a database. Samar explained that the system creates a set of whitelist SQL statements that are allowed to run. SQL Injection attacks are discovered by virtue of the fact that attacks introduce SQL that has not yet been seen by the system.

"We're not focusing on the way in which a malicious user is injecting the SQL since it can really be done in a lot of different ways," Samar said. "We just say that whatever SQL is not in the whitelist is bad SQL."

Samar added that the system logs all the SQL so an administrator can review if the SQL is in fact valid or if it is an attack.

SQL Injection attacks are often exploited due to input sanitation issues in application code. Vendors including IBM now have solutions that enable web application developers to scan their code to try and mitigate such SQL Injection attack vectors.

The Oracle Database Firewall is specifically tuned for SQL and isn't quite the same as what a typical Web Application Firewall (WAF) delivers. Samar explained that typical WAFs are focused on HTTP traffic. In contrast he stressed that the Oracle Database Firewall is looking at the SQL data flow between an application server and the database. He added that the Database Firewall can be used as a complementary technology to a WAF, which is more focused on the web application elements.

As such, Samar noted that Oracle is not currently linking the Database Firewall with updates that Oracle issues as part of the quarterly Critical Patch Update (CPU) cycle from Oracle. He noted that CPU-based vulnerabilities can come from SQL issues as well as other application vulnerabilities.

"This is a SQL firewall and those are the most dangerous attacks," Samar said. "We don't have to go and protect the database against CPU attacks since in a broad sense we are protecting the database from any SQL it has not seen before. So hopefully it should do well against attacks that are listed in the CPU."

The Oracle Database Firewall joins other Oracle technologies that are designed to help protect database security. Samar noted that Oracle has solutions for encrypting database data as well as ensuring user privileges with DatabaseVault.

"Database Firewall is a good first layer of defense for databases but it won't protect you from everything," Samar said. "It's part of a defense in depth strategy which addresses the various ways that hackers can get into a system."

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.



Oracle Archives

Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 




Latest Forum Threads
Oracle Forum
Topic By Replies Updated
Oracle Data Mining: Classification jan.hasller 0 July 5th, 07:19 AM
Find duplicates - Unique IDs Lava 5 July 2nd, 08:30 AM
no matching unique or primary key rcanter 1 April 25th, 12:32 PM
Update values of one table based on condition of values in other table using Trigger Gladiator 3 February 29th, 06:01 PM


















Thanks for your registration, follow us on our social networks to keep up-to-date