DataSunrise Database Firewall for Oracle

Oracle firewall by DataSunrise guarantees maximum level of security against SQL-injection attacks, unauthorized access and data breach attempts. The tool enables Oracle users to reveal software vulnerabilities and eliminate them in time. It constantly analyzes traffic in accordance with security policies, allows only authorized queries to Oracle database and controls access privileges.

Tech Info

Oracle database is well-known for its reliability, still its built-in security remains pretty basic. It requires a powerful Oracle-oriented solution for continuous protection.

Oracle firewall by DataSunrise is a high performance security solution for real-time data protection on premises and in the cloud. It provides continuous monitoring of incoming and outgoing traffic and accurately detects and blocks all types of unauthorized activity.

The firewall is deployed as a proxy. It resides between database and client performing the function of an inspection point, which filters traffic and intercepts communication that doesn't match security policies. When a query violates a security rule the blocking scenario includes disconnection of a client from DB or closing of the session.

proxy-01 

Continuous traffic scanning paired with threat detection and blocking mechanisms allow to capture SQL injections in real time. The firewall blocks the following SQL Injection techniques:

  • Union Exploitation Technique
  • Boolean Exploitation Technique
  • Out of band Exploitation technique
  • Time delay Exploitation technique
  • Automated Exploitation
 

The firewall determines if a query meets security rule conditions based on the following parameters:

  • type, instance and name of the target database;
  • whether queries came from a certain client application;
  • whether intercepted queries contain certain SQL statements;
  • whether queries contain signs of SQL injection (OR and UNION statements, comments, double queries, constant expression, keyword in comments);
  • whether queries are directed to certain database elements (schemas, tables, columns, stored procedures).
 

Oracle firewall by DataSunrise supports proprietary technologies used in Oracle Database and main Oracle data types. It offers:

  • operations with Large Objects (LOBs);
  • various methods of user authentication;
  • all operations with sessions (Session switching, Session migration, Proxy sessions, TAF);
  • auditing of import and export operations: Import Utility, Export Utility, direct export, direct import via SQL Loader, Datapump-powered export and import;
  • DBLink feature, including remote procedure call possibility;
  • processing of traffic generated by Advanced Queuing function;
  • deep analysis of encrypted traffic (SSL and proprietary Oracle encryption).
 

DataSunrise supports Syslog – the most widely used protocol for message logging. This enables to integrate the firewall with Security Information and Event Management solutions (SIEM) and enhance security analytics capabilities of a used SIEM solution. Integrated with SIEM system Datasunrise helps to achieve full visibility of database transactions and user activity.

 

DataSunrise Database Firewall supports the latest Oracle Database releases (10g, 11c, 12c versions) and is compatible with Windows and Linux.

Related Articles