smart database firewall db insight sg product introduction
DESCRIPTION
Smart Database Firewall DB INSIGHT SG Product Introduction. June – 2008 MONITORAPP Co.,Ltd. Contents. about MONITORAPP DB INSIGHT SG. Vision. Mission. about MONITORAPP. Company name : MONITORAPP Co.,Ltd. Established Date : 2005-2-22 CEO : Young KwangHoo Lee Business Regions - PowerPoint PPT PresentationTRANSCRIPT
Smart Database FirewallDB INSIGHT SG
Product Introduction
June – 2008MONITORAPP Co.,Ltd.
Contents
about MONITORAPP
DB INSIGHT SG
about MONITORAPP
Company name : MONITORAPP Co.,Ltd.
Established Date : 2005-2-22
CEO : Young KwangHoo Lee
Business RegionsApplication Delivery Technology Research & DevelopmentWeb Application Security product supplyWeb Application Acceleration product supplyDatabase Security product supplyWeb Application Security Service supply
Address306, Ace Techno Tower 1, 197-17, Guro 3-Dong, Guro-Gu, Seoul, KoreaTel.)+82-2-749-0799 / Fax.)+82-2-749-0798
Vision
Mission
• We leverage E-business by securing the entire web environment.
• Be a leading application delivery
Solution provider in the world.
Strategy Business Model
Secure & FastApplication Delivery
Solution Provider
Increase of web hacking Leakage of personal information
Secure Web Application
Fast Web Application
IT Compliance Increase of Database security
Secure Database
Web Vulnerability Analysis Web service quality Analysis
Reliable Web Application
Web response latency Web server load
Products & Technologies
ProductsFor Web Application
WEB INSIGHT SG – Web Application FirewallWEB INSIGHT AG – Web Application Accelerator
For Database ApplicationDB INSIGHT SG – Database Security & Audit
Service BusinessKT Bizmeka ServiceCollaboration with MSSP
TechnologiesAPPLICATION INSIGHT™ TechnologyAdaptive Profiling™ TechnologyInnovative Web Acceleration Technology
DB INSIGHT SG v2.0
DB Security Overview
Product Introduction
DB INSIGHT SG Characteristics
DB INSIGHT SG Features
DB Security Overview
Change of Database environment
• Increase of corporate information leakage
• Decrease of reputation & loss of finance
Protect information as important assetProtect information as important assetAccess Control for DatabaseAccess Control for Database
• Increase of outsourcing by the external
Company
• The theft of important data by internal
user : 70~80%
• Access internal network through VPN• IT Compliance requirement• Sarbanes-Oxley Act.(SOX)• PCI-DSS• HIPAA
IT Compliance & Protect PrivacyIT Compliance & Protect Privacy Increase of access path into organizationIncrease of access path into organization
DB Security Overview
Necessity of DB Security
ACCESS ACCESS CONTROLCONTROLACCESS ACCESS CONTROLCONTROL
AUTHORITY AUTHORITY CONTROLCONTROLAUTHORITY AUTHORITY CONTROLCONTROL
AUDIT & AUDIT & MONITORING MONITORING AUDIT & AUDIT & MONITORING MONITORING
Application depend on Database
Data integrity, reliability
Increase of the important information
Application depend on Database
Data integrity, reliability
Increase of the important information
Meet the IT Compliance
Increase of the information leakage
Meet the IT Compliance
Increase of the information leakage
External user
External outsourcing company
Internal user
Internal DBA / manager
External user
External outsourcing company
Internal user
Internal DBA / manager
ACCESS CONTROL
AUTHORITY CONTROL
AUDIT & MONITORING
IP address
DB URER
Schedule
OBJECT (TABLE , VIEW)
SQL (DML,DDL,DCL)
SQL Query Sentence
Detect log/monitoring
IP address / DB / user
Local connection / BEQ
Risk & Challenge Requirement
Solution
DB Security Overview
Access path to Database
IT department use various DB tools (ex. Orange/Golden/Toad & Etc)
- IT department users and outsourcing development company users connect to DB server by 2 tier type DB tool. [Security Hole]
Application Server
Working department users access to DB through other application server(3 tier type), this access method is safe than 2 tier type.
Key notes
All DB connections must be monitored, specially direct DB access by 2 tier type must be restricted.
RISK IT department [atypical]
Working department [typical]
DBMS
Product Introduction
DB INSIGHT SGSmart Database Firewall
DB INSIGHT SG delivers smart database security without impacting database performance, infrastructure and reduces cost for managing database security.
Positive Security Model
Profile based automatic security policyUser defined positive security policy
High Performance Network applianceSupport Gigabit Performance
Physical Independent ImpactFail open (LAN Bypass)Fail over (Active – Standby High Availability)
Product Introduction
DB INSIGHT SG Architecture
Session multiplexing
Memory buffer recyclingpolling
Protocol Parsing [High Performance Technology]
DB INSIGHT Inspection Engine
• Audit Log• Detect Log
Access & Authority Control
Alert
Audit
Security
Policy
Client
Oracle
MS SQL
Sybase
Product Introduction
DB INSIGHT Agent Architecture
DB-Insight Agent
•Audit Log
DB Server Audit & Log local access
Client
FTP
Telnet
SSH
RDBMS
Oracle
Product Introduction
Key FunctionsPolicy Functions Details
Positive
Access Control
IP address, DB user, schedule (time) IP address group, DB user group Security policy group
Authority Control
Control by objects (Table, View) SQL operation (DML,DDL ,DCL) SQL sentence
Profile
Automatic security policy by self learning SQL query Positive security based automatic Authority policy by Authority Profile Control SQL sentence form by Form Profile
Negative Pattern Rule Block/detect the user defined query pattern
Column Rule Block/detect the specific column of object
Audit Archive & Analysis Logging all the SQL query. Analyzing audit log & security log
Management
Central management for a several Analyzing the database traffic & network traffic Monitoring system usage
Product Introduction
DB INSIGHT SG Looks
DISG-530 DISG-1030 DISG-2030 DISG-4060
View
Spec.
1U Rack mountableCore 2 Duo CPU2GB Memory 1GB CFM Single Power Supply 10/100/1000M x 8 (3pairs GBE Bypass)
2U Rack mountableXeon 3.6GHz * 22GB Memory1GB CFM10/100/1000M x 4 (2Pairs GBE Bypass)Fiber 1G x 4 (1Pair Fiber Bypass)10/100M * 1Redundant Power Supply
2U Rack mountableDual Core CPU x 2 2GB Memory 1GB CFM 10/100/1000 x 6 (2Pairs GBE Bypass) Fiber 1G x 2 (1Pair Fiber Bypass)Redundant Power Supply
2U Rack mountableQuad Core CPU x 2 4GB Memory 1GB CFM 10/100/1000 x 10 (4Pairs GBE Bypass) Fiber 1G x 4 (2 Pairs Fiber Bypass)Redundant Power Supply
DB INSIGHT SG Characteristics
Adaptive Profiling Technology
DB INSIGHT SG Inspection Engine
DB INSIGHT SGCheck abnormal query based on Profile DB
Profiling DML & Form by learning normal SQL queries
Self Learning Engine
Drop
Database Database• DML Profiling
• Form Profiling
• Audit Log• Detect Log
DB INSIGHT SG Characteristics
Adaptive Profiling TechnologyTechnology for automatic database security policy
Self learning request SQL queriesDefine automatic database security policy.Reduce security administrator’s work.Protect database security threat.
Self Learning methodQuery type (Authority Profile) & Query form (Form Profile)Authority Profile makes the automatic authority control policy.Form Profile makes the acceptable SQL sentence policy by common SQL sentence without value.
DB INSIGHT SG Characteristics
Simple DeploymentProxy Gateway Network Deployment
Proxy Gateway In-line or One armed mode Bridge mode without IP address No changes to existing infrastructure Access & Authority Control Useful for the authority control
Sniffing Gateway
Mirror based In-line or One-armed mode Bridge mode without IP address No changes to existing infrastructure Block by session reset. Limited Access & Authority Control Useful for the audit logging
Difference
Proxy Mode Sniffing Mode
Strong security Low performance than sniffing
mode for Access & Authority Control
Limited security High performance than Proxy mo
de about 3 times for audit logging
In the physical configuration,DB INSIGHT SG is the smart DB Firewall
appliance without FOD (Fail open device) and Tap switch.
<In-line mode> <One armed mode>
BridgeL4 redirect or mirror
DB INSIGHT SG Characteristics
Various Deployment
Bridge Mode Active - Active HA Mode` One_Armed Mode
In-line on network No changes to existing
infrastructure Support LAN bypass on failure
Active – Standby HA Mode Health Check (Daemon, NIC, Link,
System) Support Fail-over on failure
By L4 switch supporting port redirection, one-armed mode configuration (Proxy & sniffing mode) can be used.
By L2 switch supporting port mirroring, one-armed mode configuration (Sniffing mode only) can be used.
WAS / Middleware
DBMS
DB INSIGHT SG
WAS / Middleware
L2
DBMS
DB INSIGHT SG WAS / Middleware
DBMS
DB INSIGHT SG
L4 redirect or Mirroring
DB INSIGHT SG Features
Access Rule
Access Control of database subject
Allow the specific client IP address & DB User.
Block any other users.
Access Control of database subject
Allow the specific client IP address & DB User.
Block any other users.
Policy per Database Policy per Database
Control DB users Control DB users
Control IP address Control IP address
Control schedule Control schedule
DB INSIGHT SG Features
Authority Role
DB Client (IP address, DB User)
Objects + Operation (Operator, Owner, Object (table, view)
Allow the specific client IP address & DB User.
Block any other users.
DB Client (IP address, DB User)
Objects + Operation (Operator, Owner, Object (table, view)
Allow the specific client IP address & DB User.
Block any other users.
Operator, Owner, object Operator, Owner, object
Client IP address, userClient IP address, user
Control schedule Control schedule
DB INSIGHT SG Features
Authority Profile
Profiling for the specific Client (IP address & DB Users)
Profiling information - Operator (select, delete …) - Owner - object (table, view)
Block any other SQL
Profiling for the specific Client (IP address & DB Users)
Profiling information - Operator (select, delete …) - Owner - object (table, view)
Block any other SQL
Profiling about operator/owner / object from SQLfor the specific client
Profiling about operator/owner / object from SQLfor the specific client
Profiling for the specific IP address & DB Users
Profiling for the specific IP address & DB Users
DB INSIGHT SG Features
Form Profile
Profiling SQL query form
Normalizing value.
Block mismatching SQL sentence with learned profile DB.
Profiling SQL query form
Normalizing value.
Block mismatching SQL sentence with learned profile DB.
Each profile can be enableor disable
Each profile can be enableor disable
Detail query Detail query
DB INSIGHT SG Features
Pattern Rule
User defined the specific keyword
Block / detect the various attacks.
User defined the specific keyword
Block / detect the various attacks.
Each pattern rule can be enable or disable
Each pattern rule can be enable or disable
Type the specific keyword Type the specific keyword
DB INSIGHT SG Features
Column Rule
Restrict the important column (ex. Personal information)
Negative policy for the specific column
Restrict the important column (ex. Personal information)
Negative policy for the specific column
check the important columncheck the important column
DB INSIGHT SG Features
Audit & Analysis
Logging all SQL queries
Quick Search by filtering
Top 10 Chart Analysis - DB server - DB Users - Application - Client IP - Time
Logging all SQL queries
Quick Search by filtering
Top 10 Chart Analysis - DB server - DB Users - Application - Client IP - Time
DB INSIGHT SG Features
Authentication
2 factors authentication - DB INSIGHT ID/password - DB user/password
The authenticated client can only access DB Server.
Tracing the client IP address & MAC address
Tracing the access history
2 factors authentication - DB INSIGHT ID/password - DB user/password
The authenticated client can only access DB Server.
Tracing the client IP address & MAC address
Tracing the access history
DBMS1. Log in DB INSIGHT Manager by DB INSIGHT Client Program
3. Allow only authenticated
client
2. Send authentication requirement message to client
DB INSIGHT SG Features
Approval
Tool independent SQL Approval function
Managing client, deciding officer and group
Policy based on the Authority Role level - Client IP address - Authenticated user - DB user - Operator / Owner / object
Tool independent SQL Approval function
Managing client, deciding officer and group
Policy based on the Authority Role level - Client IP address - Authenticated user - DB user - Operator / Owner / object
DBMS
1. SQL Request
4-2. Send a block message to client
Client
Deciding officer
2. Summit an approval 3. Approval
or disapproval
4-1. Send SQL Request5. Send SQL Response
DB INSIGHT SG Features
Central Management
Central Management manage multiple DB INSIGHT SG
Log & System monitoring - Detect log - Network / DB traffic - System usage
Central Management manage multiple DB INSIGHT SG
Log & System monitoring - Detect log - Network / DB traffic - System usage
DB INSIGHT SG Features
Log view
Search detect/block logs - 14 options for filtering - detail / simple view
Chart Analysis - Top 5 or 10 view - Chart type : 11 categories
Search detect/block logs - 14 options for filtering - detail / simple view
Chart Analysis - Top 5 or 10 view - Chart type : 11 categories
Thank You
MONITORAPP Co.,Ltd.
306, Ace Techno Tower1, 197-17, Guro3-Dong, Guro-Gu, Seoul, Korea
Tel : +82-2-749-0799, Fax) +82-2-749-0798
E-Mail : [email protected]
Website : www.monitorapp.com