The Data Security component protects target databases against unauthorized queries and SQL injection attacks. Data protection functionality is available in the Proxy mode only. Deployed as an intermediary between users and databases, DataSunrise intercepts all incoming and outcoming queries. With the help of advanced SQL analysis algorithms, it detects unauthorized access attempts, SQL injection attacks and any kind of suspicious activity that violates existing security policies.
In case of an attack attempt or excessive privilege abuse, apart from blocking malicious queries, DataSunrise notifies about the malicious activity. Hence, database administrators can timely react to incidents and take measures to prevent targeted attacks.
Data protection algorithms are controlled by means of dedicated Security Rules. The rules are highly adjustable for various business needs. You can create and edit Data Security Rules in the Security section of the DataSunrise’s Web Console.
In this article, we demonstrate how to configure a Data Security Rule to prevent unauthorized modification of table’s columns.
Creating a Security Rule
Let’s assume that we’ve already created the target database profile. To prevent modification of the test table’s columns, it is necessary to create and configure a Security Rule. Here what we do:
- We navigate to Security → Rules. Then we click Add Rule to create a new Rule.
- We configure the Security Rule to block all attempts to modify the customers table (see notes below).
The target database is specified in the Main section.
”Block” action is already set (by default) in the Action subsection to block all queries that meet the current rule’s conditions. Note that the Log Event in Storage check box is checked so we will be able to see Security events captured by DataSunrise.
Since the current scenario requires to prevent user attempts to modify certain columns, the Object Group filter is selected in the Filter Statements subsection: INSERT, UPDATE and DELETE check boxes are checked. Thus, when the Rule is triggered, DataSunrise will block all queries aimed at table modification.
The Filtering settings also include the “customers” table, “FirstName” and “LastName” columns specified (Process Query to Databases, Schemas, Tables, Columns). Thus, the Rule can be triggered only by the queries directed to the selected columns. All actions aimed at other tables or columns will be ignored.
This stage includes demonstration of DataSunrise’s Data Security results. The Data Security Rule created earlier is configured to be triggered by any attempts to modify the “FirstName” and “LastName” columns of the “customers” table (i.e. it is triggered by queries which contain INSERT, UPDATE and DELETE statements).
- Let’s query the database with PGAdmin. The query is aimed to change one entry of the “LastName” column from “Wade”
- As a result, the query is blocked. The blocking is performed in the form of a SQL error (“ERROR: The query is blocked”).
To view Data Security events and event details, we navigate to Security → Events. In the list of captured events, we locate the event of interest and open it:
The event details include basic and session information, the query’s SQL and database objects involved in the query.