Friday, July 22, 2011

Oracle Database Firewall - What is it?


It all started with acquisition of Secerno, a database firewall vendor, in 2010. Secerno's product “DataWall” helped analyze how databases are accessed so that DBA’s can set up policies to control the access.
The database firewall has the ability to analyze SQL statements sent from database clients and determine whether to pass, block, log, alert, or substitute SQL statements, based on a defined policy. Users can set whitelist and blacklist policies to control the firewall. It can detect injected SQL’s and block them.  According to Oracle, the database firewall can do the following -
  • Monitors and blocks SQL traffic on the network with white list, black list and exception list policies
  • Protects against application bypass, SQL injection and similar threats
  • Reports on database activity for SOX, PCI, HIPAA and other regulations, choosing from dozens of out-of-the-box reports
  • Supports other Databases as well - MS SQL Server, IBM DB2 , and Sybase
The Database Firewall joins other database-security products offered by Oracle such as Oracle Advanced Security, Audit Vault, Database Vault, Secure backup etc.
Oracle Database firewall comes in 2 components:-
Database Firewall:
  • Record and analyze SQL transaction requests and responses from one or more Oracle, Microsoft SQL Server, or Sybase databases, and Sybase SQL Anywhere.
  • Categorizes SQL transactions
  • Enforces data policies
  • Enables real-time alerting and event propagation
Database Firewall Management Server:
  • Aggregates SQL data from one or more Database Firewalls
  • Serves as a reporting platform for business reports
  • Centralizes the distribution of data control policies, but still enables the use of different policies for specific databases
  • Stores and manages log files, including archiving and restoring the log files
  • Remotely manages all Database Firewalls to which it connects
  • Integrates with third-party applications, such as Crystal Reports
However there are some key issues that it does not address and hence would need use of other security options such as Audit Vault, VPD etc. For example, Privileged users can login to the OS directly and make local connections to the database. This bypasses the database firewall.
Pricing
The two components are priced separately.  The Database Firewall comes at a cost of $5,000 per processor and Database Firewall Management Server component is priced at $57,500 per processor. 

No comments: