2. Fo4s Framework

CONTENTS

1. DB Security Software

1. DB Security Software

Features

▫ The world’s first open source license distribution Official open source project site : dev.naver.com/dbshield

▫ Domestic & Global standard symmetric key algorithm implementation

▫ Cryptographic hash algorithms “SHA2” implementation▫ Oracle & open source database Mysql's plug-in support

▫ JAVA/PHP API method support▫ DB Column-level encryption

▫ Interworked with log server & reporting connection-condition

- SEED, AES encryption algorithm applied - cipher modes of operation support : ECB, CBC - Security reinforcement by Initial Vectors, Salt support

Funct ion

1. DB Security Software

Masking : Card number, banking account etc.

High speed processing of encryption-decryption by memory loading

Key zeroization, back-up, restoration

Web-based UI : Policy & key configuration

Session level DB access logging

Access Control

Policy-based control : Registered IP & DB User based access controlBehavior-based control : Threshold based access control

Exception of behavior-based control when security manager permitted

Log reporting

DB secur i ty sof tware concept

p o l i c y s e r v e r

D B s e r v e r

k e y s e r v e r

W e b s e r v e r

Cryptographic policy management

Access control management key management

Cryptographic algorithmCipher modes of operation

Initial vectorPartial encryption

Masking

Policy based controlBehavior based control

Key creationKey distribution

Key back-up

Cryptographic APIKey, Policy Uploader DB encryption Plug-inKey, Policy Uploader

Upload key & policy to memory by requesting key

to server & decryption

EncryptionDecryption

Access controlInspection logging

EncryptionDecryption

Access controlInspection logging

Upload key & policy to memory by requesting key to server & decryption

Web application JAVA,PHP

API method

Examples of Software composition

API code addition to user program Changes of column size for table back-up & encryption

Batch encryptionRecommend of table rebuilding etc.

SELECT Decrypt{jumin} FROM A;

DB Server

WEB Server

DBA(Console/Management Server etc.)

Web applicationJAVA,PHP

API(encryption/decryption)

Plug-in(encryption/decryption)

TABLE A

Coded text

p o l i c y k e y s e r v e r

[memory]

Cryptographic PolicyAccess control PolicyKeyWork control

DB Plug-In method

Plain text

SELECT jumin FROM A;INSERT A;UPDATE FROM A;

DB Server

WEB Server

DBA(Console/Management Server etc.)

Plug-in(encryption/decryption)

A_CIPHERVIEW ATRIGGER

SELECT jumin FROM A; INSERT A; UPDATE FROM A;

Web applicationJAVA,PHP

p o l i c y k e y s e r v e r

[memory]

Cryptographic PolicyAccess control PolicyKeyWork control

No user program changesExisting table back-up & cipher table Creation

Drop or rename of existing table Creation view & trigger in DB

S y s t e m

2. Fo4s Framework (Free software,Open source For Security)

Fo4s Framework Concept

M a n a g e m e n t

S e r v i c e

Install &Operation Guide S/W Upgrade Rule Config Detect &Analyze Inspection

ConsultingVulnerability scan ImplemetationSupport

SecurityOperation Support Accident analysis

Cryptographic Plug-in

User DB Server

Strong Po in t

* S/W type solution’s strong point than H/W type solution

Minimizing of down time in set-up : H/W type occur all connected IT system’s down time Narrow scope of disability Cost effective : Just upgrade charge, specially no charge in open source No network changes, no traffic effect

2. Fo4s Framework (Free software,Open source For Security)

Strong Po in t

System Layer Management Layer Service Layer

* 3 layers enable addition & combination by user request

Open solution for user request in web application vulnerability

scanner, web application firewall, DB encryption, access control,

server based firewall, log server, reporting, monitoring, certification

server, OS hardening etc.

Install & operation guide, technical document,

threat detection & analysis, inspection, technical Q&A

by community etc.

vulnerability scan, consulting,

education & training, implementation support, accident response etc.

Strong Po in t

75%

99%

2010 2016

Government encourages open source based highly effective technology and numerous company now introduce and apply

Up to 2016, 99% of IT company will use open source (Gartner, 2013)

Open source based technologies lead the IT industry in web, mobile, big data and cloud area

No supplier lock-in effect

JIMANT TECHNOLOGY’S technical skills can overcome weakness of open source

Individual User Model

Software Rule

Open source Respository Fo4s

Respository

User Server

INTERNET

General security solution model for user server in all physical position & size

Install/Operation toolManual/GuideCommunity(Fo4s.com)

& Customized Service

Vulnerability ScanTraining

Technical support etc.

Serv ice Concept

INTERNET

Open source Respository

IDC

Fo4s Respository

IDC Applied Model

Applied in IDC model for client’s total care service (Direct & fast response to any problem in information security)

In requesting hosting & co-location, Config by prior requesting

User Server

Install/Operation toolManual/GuideCommunity(Fo4s.com)

IDC Technical support center

& Customized ServiceVulnerability Scan

ConsultingTraining

Security ControlTechnical support etc.

support@jimant.co.kr

02-3144-8740

© mountainstudio.kr 2015