Databases Reference
In-Depth Information
Once you have a baseline, you can choose to block database access that
does not match the baseline. Let's revisit the case in which hackers steal the
database username and password from a clear text configuration file on the
application server and then connect to the database from their own
machines. In this case the attack will come from an IP that is not part of the
baseline. You can block this type of attack by limiting access to your data-
base to certain IP addresses. This can be done using database capabilities or
firewalls. For example, in Section 3.7
you learned how to configure Oracle
to limit access to a limited set of IP addresses.
The more functional option is to use a firewall, as shown in Figure 5.3.
Here too you have two main options: (1) use a standard firewall, which will
allow you to block access based on IP addresses and ports only, or (2) use a
SQL firewall, which will allow you to build rules that are based not only on
IP addresses but also on database usernames, source programs, and even
database objects. It will allow you to define precisely which source programs
running on which hosts can access the database using the login name. This
takes the report shown in Figure 5.2 and converts it not only to a baseline,
but to an enforced security policy.
If you choose to employ this type of protection, you may want to cou-
ple it with a real-time notification on any policy violation. Hackers may
try to connect to the database from their machines. When this fails
because of a SQL firewall, they may guess that you're employing some
kind of IP-sensitive protective layer and go back to the application server
host to launch the attack. Hackers can also spoof the IP address of the
application server and still launch the attack from their own machines.
However, in both cases the first attempt was initiated naïvely from their
machines, and the attack refinement process takes time; if you get an alert
in time, you can stop the attack before hackers can figure out how to
bypass your security measures.
Figure 5.3
Using a firewall
between
applications and
the database.
Search WWH ::
Custom Search