DataSunrise Firewall for Amazon Redshift Database Security

Amazon Redshift firewall by DataSunrise is a must when you aim to protect databases against outside threat or inside vulnerabilities. The firewall prevents unauthorized access to database and blocks intrusion attempts. It inspects sql queries for improper content and malicious commands and alerts about suspicious database activity in real time.

Tech Info

Amazon Redshift firewall by DataSunrise is an advanced data-centric solution designed for real-time database protection. Ultimately the firewall ensures the advanced level of data security in real time and helps organizations stay compliant with regulatory requirements. The firewall secures critical data on-premises and in the cloud, protecting it from advanced persistent threats, malicious insiders, and other attacks.

The firewall monitors traffic to and from database and performs deep packet filtering on the application level. It blocks behavior that contradicts with administrator-defined security policies. Every incoming and outgoing packet is disassembled and compared against the customized rules set. In the case of a query meeting a forbidden security rule, the blocking scenario includes disconnection of a client from DB or closing of the session.

The firewall is deployed in proxy mode and resides between client and database, preventing their direct communication. Acting as an intermediary, it audits and logs queries and filters traffic blocking activity violating security policies.

redshift firewall

Amazon Redshift firewall by DataSunrise captures SQL injections in real time. Currently it blocks the following SQL Injection techniques:

  • Union Exploitation Technique
  • Boolean Exploitation Technique
  • Out of band Exploitation technique
  • Time delay Exploitation technique
  • Automated Exploitation

    Rule conditions include the following parameters:

  • type, instance and name of the target database;
  • whether queries came from a certain client application;
  • whether intercepted queries contain certain SQL statements;
  • whether queries contain signs of SQL injection (OR and UNION statements, comments, double queries, constant expression, keyword in comments);
  • whether queries are directed to certain database elements (schemas, tables, columns, stored procedures).

    Among supported features there are:

  • All user authentication methods: Kerberos, GSSAPI, SSPI, MD5, SHA256, RADIUS, Trust
  • Processing of SSL-encrypted traffic
  • Data analysis and storage of all query types, including specific replication queries and multiple queries
  • Detailed processing of prepared operations, cursors and portals
  • Full analysis and data collection on COPY operation (transferring data from PostgreSQL table to external files and otherwise). Binary and text formats are supported
  • Analysis of asynchronous queries (Pipelining)
  • Converting all PostgreSQL data types, including composite, range and enum types, from binary format to text
  • Processing of DML/DDL operations in compliance with transactions, search paths and administrator queries.

    Related Articles