Friday, December 10, 2010

Oracle Database Firewall


Oracle Database Firewall

Cost Effective Protection for Oracle and non-Oracle Databases
Oracle Database Firewall, part of Oracle's comprehensive portfolio of database security solutions, is the first line of defense for both Oracle and non-Oracle databases. It monitors database activity on the network to help prevent unauthorized access, SQL injections, privilege or role escalation, and other external and internal attacks - all in real time. Based on innovative SQL grammar technology that can reduce millions of SQL statement into a small number of SQL characteristics, Oracle Database Firewall offers unmatched accuracy, scalability, and performance. Enforcement of positive (white lists) and negative (black lists) security models provides protection from threats without time consuming and costly false positives. Oracle Database Firewall also enables organizations to address SOX, PCI, HIPAA/HITECH, and other regulatory requirements without changes to existing applications or databases, and demonstrate compliance with over a hundred built-in customizable reports.

Oracle Database Firewall Key Features


Database Firewall for Security and Compliance

White list, black list, exception list policies

3-click security policies

Safe, scalable deployment models

Flexible reporting and alerting

Database Firewall for Security and Compliance

Traditional network firewalls are an established technology and play an important role in protecting data centers from unauthorized access from the outside. Data center attacks, however, have grown increasingly sophisticated, leveraging porous perimeters on the inside to launch attacks on the database itself.

Examining SQL traffic and enforcing security policies on the network has emerged as an important addition to the defense-in-depth security architecture. This is specially true in heterogeneous database environments where security controls can not be enforced in the database itself. Oracle Database Firewall creates a defensive perimeter around databases, monitoring and enforcing normal application behavior, helping to prevent SQL injection attacks and attempts to access sensitive application data using unauthorized SQL commands. Oracle Database Firewall:

· Monitors and blocks SQL traffic on the network with white list, black list and exception list policies

· Protects against application bypass, SQL injection and similar threats

· Reports on database activity for SOX, PCI and other regulations, choosing from over 100 out-of-the-box reports

· Protects Oracle, SQL Server and Sybase databases

White list, black list, exception list policies

Oracle Database Firewall examines the grammar of the SQL statements being sent to the database, analyzes their meaning, and determines the appropriate security policy to apply. This highly accurate approach provides a significantly higher degree of protection than first-generation database monitoring technologies that relied on recognizing the "signature" of known security threats. By enforcing normal application behavior, Oracle Database Firewall helps organizations avoid the costly and disruptive false positives and false negatives common with other approaches. Oracle Database Firewall recognizes SQL injection attacks on compromised applications and blocks them before they reach the database.

3-click security policies

Oracle Database Firewall supports white list, black list, and exception list policies. White list policies are simply the set of approved SQL commands that the firewall expects to see. These can be learned over time or imported from another Oracle Database Firewall. Black list policies are SQL commands that are not permitted to be sent to the database. Exception list polices provide additional deployment flexibility that can be used for one-off reporting or other special requirements. Policies can be enforced based on attributes including SQL category, time of day, applications, user, and IP addresses.


Oracle Database Firewall can log the SQL command in question, block the SQL command, or substitute the incoming bad SQL request with an alternative SQL statement that, for example, simply returns no data, or returns a predetermined error message such as "no records found". This flexibility, combined with advanced SQL grammar analysis, enables organizations to spend more time doing what needs to be done and less time handling false alarms.

Safe, Scalable Deployment Models

Oracle Database Firewall works on the network, transparent to database servers and applications, and can be quickly deployed. Customers can choose from several deployment models to meet their business requirements:

· Inline blocking and monitoring mode

· Inline monitoring-only mode

· Out-of-band monitoring mode

Oracle Database Firewall provides a centralized management console for monitoring multiple databases simultaneously and supports parallel devices for high availability deployments. Optional host-based agents can provide low-impact local monitoring capabilities.



Flexible reporting and alerting

Oracle Database Firewall includes over 125 prebuilt reports that can be easily customized for regulations such as PCI, HIPAA and SOX. Real-time alerts can also be setup for fast response to any policy exception. For privacy and compliance requirements, personally identifiable information contained in logged SQL can be masked.


No comments:

Post a Comment