DataSunrise Security for Oracle
DataSunrise Database Firewall for Oracle security guarantees maximum protection level against SQL-injection attacks, unauthorized access and data breach attempts. The tool enables Oracle users to reveal software vulnerabilities and eliminate them in time. It constantly analyzes traffic in accordance with security policies, allows only authorized queries to Oracle database and controls access privileges.
DataSunrise Database Firewall for Oracle protects databases from both outside attacks and inside threats. It performs deep traffic filtering on application level. Every incoming and outgoing packet is analyzed for compliance with the customized rules set. In case of meeting a forbidden security rule the blocking scenario includes disconnection of a client from DB or closing of the session.Proxy mode deployment prevents direct communication between client and database. The firewall acts as an intermediary between client and server, it audits and logs queries or blocks execution of the ones violating firewall's security policies.Smart SQL analysis algorithms provide continuous monitoring of database activity. During initial traffic processing DataSunrise disassembles user queries, database output etc. Then the queries undergo careful analysis and the firewall determines target database objects, schemas, tables names and other important information. Then the firewall logs queries, blocks their execution or obfuscates database output according to predefined security policies. Scanning of traffic along with detection and blocking mechanisms allows to capture SQL injections in real time. The firewall blocks the following SQL Injection techniques:
- Union Exploitation Technique
- Boolean Exploitation Technique
- Out of band Exploitation technique
- Time delay Exploitation technique
- Automated Exploitation
- type, instance and name of the target database;
- whether queries came from a certain client application;
- whether intercepted queries contain certain SQL statements;
- whether queries contain signs of SQL injection (OR and UNION statements, comments, double queries, constant expression, keyword in comments);
- whether queries are directed to certain database elements (schemas, tables, columns, stored procedures).
- operations with Large Objects (LOBs);
- various methods of user authentication;
- all operations with sessions (Session switching, Session migration, Proxy sessions, TAF);
- auditing of import and export operations: Import Utility, Export Utility, direct export, direct import via SQL Loader, Datapump-powered export and import;
- DBLink feature, including remote procedure call possibility;
- processing of traffic generated by Advanced Queuing function;
- deep analysis of encrypted traffic (SSL and proprietary Oracle encryption).