HomeDatabase News

Oracle Debuts Database Firewall

Sean Kerner
By Sean Kerner

Databases and the content they store are among the most valuable IT assets – and the most targeted by hackers.

In an effort to help secure databases, Oracle today is launching the new Oracle Database Firewall as an approach to defend databases against SQL injection and other database attacks.

“People deploy network firewalls to analyze and monitor traffic that goes into their data center. The Oracle Database Firewall takes this one step further,” Vipin Samar, Oracle vice president of Database Security, told InternetNews.com. “We look at the the SQL that is going between the application servers and the database. We analyze the SQL to see if it is good or if it is a SQL injection attack and then we can block the statement from going to the database.”

The Oracle Database Firewall is derived from technology that Oracle acquired in May 2010 with the acquisition of database firewall vendor Secerno. Samar noted that Oracle has improved the Secerno technology and changed some of the underlying pieces. For one, the Oracle Database Firewall is now built on top of a hardened version of Oracle Enterprise Linux. And the underlying data store has moved from a PostgreSQL base to Oracle Database. Additionally, Samar noted that the Oracle Database Firewall supports IBM DB2,Sybase ASE and Microsoft SQL Server in addition to Oracle’s namesake database.

Support for Oracle’s open source MySQL database isn’t part of the initial Database Firewall release. Samar noted that the technology can be extended to other databases and likely will be at some point in the future.

The way the Oracle Database Firewall works is by learning what SQL is good, by first watching the traffic between a server and a database. Samar explained that the system creates a set of whitelist SQL statements that are allowed to run. SQL Injection attacks are discovered by virtue of the fact that attacks introduce SQL that has not yet been seen by the system.

“We’re not focusing on the way in which a malicious user is injecting the SQL since it can really be done in a lot of different ways,” Samar said. “We just say that whatever SQL is not in the whitelist is bad SQL.”

Samar added that the system logs all the SQL so an administrator can review if the SQL is in fact valid or if it is an attack.

SQL Injection attacks are often exploited due to input sanitation issues in application code. Vendors including IBM now have solutions that enable web application developers to scan their code to try and mitigate such SQL Injection attack vectors.

The Oracle Database Firewall is specifically tuned for SQL and isn’t quite the same as what a typical Web Application Firewall (WAF) delivers. Samar explained that typical WAFs are focused on HTTP traffic. In contrast he stressed that the Oracle Database Firewall is looking at the SQL data flow between an application server and the database. He added that the Database Firewall can be used as a complementary technology to a WAF, which is more focused on the web application elements.

As such, Samar noted that Oracle is not currently linking the Database Firewall with updates that Oracle issues as part of the quarterly Critical Patch Update (CPU) cycle from Oracle. He noted that CPU-based vulnerabilities can come from SQL issues as well as other application vulnerabilities.

“This is a SQL firewall and those are the most dangerous attacks,” Samar said. “We don’t have to go and protect the database against CPU attacks since in a broad sense we are protecting the database from any SQL it has not seen before. So hopefully it should do well against attacks that are listed in the CPU.”

The Oracle Database Firewall joins other Oracle technologies that are designed to help protect database security. Samar noted that Oracle has solutions for encrypting database data as well as ensuring user privileges with DatabaseVault.

“Database Firewall is a good first layer of defense for databases but it won’t protect you from everything,” Samar said. “It’s part of a defense in depth strategy which addresses the various ways that hackers can get into a system.”

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.

Sean Kerner
Sean Kerner
Previous article
Organizations Lack Urgency to Secure Critical Data
Next article
SQL Server 2008 and 2008 R2 Integration Services – Starting Local Processes

Related Articles

Get the Free Newsletter!

Subscribe to Cloud Insider for top news, trends & analysis

Latest Articles

DatabaseJournal.com publishes relevant, up-to-date and pragmatic articles on the use of database hardware and management tools and serves as a forum for professional knowledge about proprietary, open source and cloud-based databases--foundational technology for all IT systems. We publish insightful articles about new products, best practices and trends; readers help each other out on various database questions and problems. Database management systems (DBMS) and database security processes are also key areas of focus at DatabaseJournal.com.

Advertisers

Advertise with TechnologyAdvice on Database Journal and our other IT-focused platforms.

Advertise with Us

Menu

Our Brands

Property of TechnologyAdvice.
© 2022 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.