Dec
28
2009
Database security, Database Firewall? Why should I use GreenSQL ?
Posted by David Maman on Mon 28 Dec 2009 14:02 UTC
Tags:

Since the early days of GreenSQL, many people have written us asking why exactly they should implement a database security solution if they have already hardened their web application and are using a web application firewall, like mod_security, or even a professional closed source web application firewall such as Imperva, Breach, or F5.

The answer is not as simple as you may think, and I’m not going to preach to you about the great advantages using GreenSQL in front of your MySQL or PostgreSQL Database.

I’m going to highlight a few obvious current situations which will help you see the full picture of your Database security needs.

What is the core of the company?

When you come right down to it, the Database, eventually, is the core of your company or organization. All the information that the company is built upon is located in the Database. Without it, your company or organization cannot exist and it doesn’t matter if it’s an Enterprise, Large, Medium, or Small or even just an e-commerce business. The Database is the core of your company.

Today the market is leading us to the beauty of SaaS (Software as a Service) solutions to provide most of our needs. With SaaS, all of our information is located on some SaaS’s Database.

Who is using the Database?

The Database is used by many sources that can be divided into two main categories:

Automated connections, which mostly include:
- Backup and replications
- ETL: Extract, transform, load, a common data warehousing process
- Interconnect
- Testing
- Data Load / Data Unload
- Application Integration
- Reporting services
- Etc.

And User Connections, which mostly include:
- Developers
- Administrators
- Application users (Web applications and other applications)
- Monitoring
- Casual users
- IT Personnel
- Etc.

As you can see for yourself, there are many sources connecting to the Databases, automated or user–based, and all them must be verified, inspected and controlled.

SQL Injection

Without a doubt, among the current biggest security threats is SQL Injection. It’s caused a major Buzz for a while now. SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. Using a direct connection to the web application provides the option of running commands over the Database itself. We’ve all heard about the latest SQL injection attacks on websites belonging to Symantec, President Barack Obama, Wall street journal and many others as well.

As time passes, we see the level of SQL injection sophistication increasing and becoming even more threatening, SQL injections are now part of the automated Worms and Trojans arena. The latest large scale SQL injection attack has injected a malicious iframe on tens of thousands of susceptible websites. After some research we’ve noticed that this specific attack was preformed mostly on Microsoft IIS:

The image above shows that the vulnerable injected frame was found mostly on dynamic asp websites (available on Microsoft IIS).

The Web application frontier

The web application frontier is among the most threatening to our Databases, but it’s not the only one.

The web application may be secured using a closed or open source web application firewall. Unfortunately, as time passes, major companies and organizations that implemented a web application firewall, for some reason, mis-configured it, or missed updating it, or were successfully attacked using SQL Injections simply because the solution was inadequate.

Many people are sure that coding securely is the only solution required, but almost every application uses legacy code, and sometimes just a few faulty lines can lead to a successful SQL Injection attack.

Among the major problems of a web-based SQL Injection attack is the option to continue the attack to additional servers. If someone has successfully attacked your Database using SQL injection, by using CMD_Shell and other commands, he can gain control of your server, and from this specific server, gain control over your entire network.

There are many attack tools which automate this process of gaining control of the Database server, such as the  SQL Ninja and others, which also provide a video demo that show’s how easy it is taking control of your Database server.

Achieving Sarbanes-Oxley compliance requires visibility and control over business applications and databases – including monitoring the actions of privileged database users.

Database Firewall and the GreenSQL approach

The GreenSQL solution is a secured SQL reverse proxy solution, which during the reverse proxy process provides you the option of enforcing database security. GreenSQL helps you prevent SQL-based attacks, whether they are Web application based or not. And it’s easily implemented.

After setting up and implementing the GreenSQL Firewall, none of your connections, automated or not, should connect to the Database directly. You can easily Implement the GreenSQL solution in a DMZ zone on your Firewall, and allow traffic to the Database from the GreenSQL machine only. From then on, you can be sure that no other source will connect to your Database without inspection and control by the GreenSQL solution.

GreenSQL provides you the option of installing the GreenSQL Database firewall on the Database itself, or on a dedicated server (virtual or physical), so you are not limited.As time passes we’ve witnessed that more and more web sites adopts GreenSQL to defend against any SQL based attacks.

For example you can check out http://fak3r.com which also wrote a real nice article about GreenSQL and why he decided to use it.

We have published an article titled 10 reasons why you should use GreenSQL, check it out.

Information security is an on going process, not a specific product or solution.
Now, with GreenSQL your Database can be part of this process.