Database security solutions for Internet industry
Industry pain points and needs

In June this year, AC fun barrage video network (commonly known as station a) announced that the website was attacked by hackers, and nearly 10 million user data were leaked, including user ID, user nickname, encrypted stored password and other information. According to the announcement on user data leakage caused by hacker attack on AC fun published on the official website of station a, station a upgraded the user account system on July 7, 2017. However, if the user has not logged in to the website after this time, or the password encryption strength is not enough, the account will still be at risk of disclosure.


In recent years, data leakage incidents have emerged one after another. From the disclosure of Yahoo's 3 billion users' information in 2017, the theft of Uber's 57 million user accounts, to the disclosure of employee information of the U.S. Department of homeland security at the beginning of the new year in 2018, it can be described as wave after wave. This time, even the second world can not be spared. Looking at these data leakage events, most of them point to a highly confrontational field in Information Security: Web application security and database security behind it.



In May this year, Verizon just released the 2018 data leakage investigation report, which is also the 11th data leakage investigation report continuously released by Verizon. In this year's report, the Verizon team analyzed a total of 53000 incidents and 2216 confirmed data leakage incidents, and analyzed in detail the common attack methods in data leakage incidents. The report points out that in these leaks, most attacks point to web applications: for example, in the information industry, 45 of the 49 leaks were achieved through attacks on Web applications, accounting for more than 90%. It can be seen that web application security has been the forefront of data leakage events. A large number of penetration injection, detection, database collision and information theft occur between web servers and databases. The Internet of mutual funds, social networking, games and entertainment travel has been involved in every corner of our daily life. For these enterprises, the registered user data, as the core information asset of the website owner, involves the substantive business of the website and related information systems. Once leaked, it will not only cause losses in economic interests, There will also be a huge crisis of condemnation and trust.



First of all, the application of database is very complex and difficult to master. Many database administrators are busy managing complex systems and neglect the inspection of security risks and improper configuration, such as the control of database access rights, shared accounts, access with privileged accounts SA and system, and command execution. This is because the traditional security system largely ignores the topic of database security, and database administrators usually do not take security as their primary task.


Secondly, the increasing importance of data has also led to attacks on the database by some illegal personnel. Attackers usually attack them through SQL injection, apt and other attack methods. These vulnerabilities often do not exist at the database level. On the middleware, traditional WAF and data cleaning have their own limitations in dealing with such flexible attack methods, Can't be 100% safe.



Our programme

At present, the mainstream relational databases in the world, such as Oracle, Sybase, Microsoft SQL server and IBM DB2 / Informix, have the following characteristics: user account and password, verification system, priority model and special permission of control database, built-in commands (stored procedures, triggers, etc.), unique script and programming language (e.g. PL / SQL, transaction SQL, OEMC, etc.) , middleware, network protocol, powerful database management utilities and development tools. Security measures in the database field usually include: identity identification and authentication, independent access control and mandatory access control, secure transmission, system audit, database storage encryption, etc. only by integrating all aspects of security can a highly secure system be ensured.



Palladium next generation database application security defense system (ngdap) It is a new generation of data protection system developed by Hangzhou Palladium Network Technology Co., Ltd. ngdap collects, analyzes and identifies the data flow accessing the database. It monitors the operation status of the database in real time, records a variety of database access behaviors, finds abnormal access to the database and blocks it in time.



Network firewall



The database network firewall is mainly based on the control of network behavior and is realized based on TCP quintuple. It carries out policy control according to the source address, target address, source port, target port and transport layer protocol in the quintuple.



Access firewall



Solidify access access rules through self-learning of white list (automatically learn the five elements of database access behavior - access source address exception, access source host name exception, access source user name exception, access tool name exception, login account name exception, solidify security rules) , the unmatched database access behavior will carry out real-time early warning and block the session. Without affecting the performance and modifying the database, it will continuously track all database operations to identify unauthorized or suspicious activities and block them in time, so as to avoid network attacks on the database and fundamentally solve the threat of malicious access to the database.



Behavior firewall



It can accurately track the user's SQL statement commands, control the source, target database, target table and specified behavior, and prevent high-risk illegal operations and misoperations.


Service firewall


In the learning phase, it will record, analyze and count the query requests sent by all applications, and automatically add them to the white list. Users can confirm and adjust the contents of the white list. After switching to the active defense mode, the database firewall will first standardize the request data, and then send the processed data to the pattern matching engine to match the white name Compare the data in the order. If it matches the relevant rules, it is considered a legal request, and the data will be passed to the real database for query and finally returned to the application; if it does not match the relevant rules, it will give an alarm or block the response to completely solve SQL injection, apt and other attacks.



Customer Benefits

1. Identify unauthorized or suspicious activities by continuously tracking all database operations without affecting performance and modifying the database, and block them in time to avoid network attacks on the database;


2. Improve the user's convenience of database security management, and also improve the user's risk control and compliance ability;


3. Ensure the security and integrity of enterprise business system data;


4. Set up a defense line around the database, so as to "resist the enemy outside the country" and support the "umbrella" for enterprise business security.


Classic cases
  • 斗鱼科技
  • 一嗨租车
  • 途家网
  • 连连支付
  • 东方有线
Copyright © 2019 All Rights Reserved Designed
Hangzhou pldsec Network Technology Co