Exploits that take advantage of SQL Injection (SQLi) vulnerabilities in software are among the most dangerous and prevalent attacks on the Internet today.
In a SQLi attack, hackers typically take advantage of security flaws in web application software to pass malicious commands to a database back-end. A SQLi vulnerability can potentially enable an attacker to take control of an entire database, exposing confidential information and leaving businesses and users at risk.
Protecting against SQLi attacks takes a multi-pronged effort. Auditing and remediation of exploitable software vulnerabilities is key, but enterprises can also employ additional layers of defenses.
Among the ways that enterprises can protect themselves against SQLi attacks is by way of the Oracle Database Firewall, which was updated with a new release today. The firewall helps protect against SQLi exploits by identifying and blocking unauthorized database transactions on the network.
"We have extended the scope of the databases that we support in terms of being able to understand their networking protocols and their SQL dialect," Vipin Samar, Vice President, Database Security at Oracle, told InternetNews.com. "The firewall looks at the traffic that is going to the database, and then based on customer set policies they can log, audit, monitor, and block the offending SQL statements."
The Oracle Database Firewall is typically installed on dedicated server hardware running Oracle Enterprise Linux. The technology behind the firewall was acquired by Oracle in 2010 and released under the Oracle name in February 2011.
Previously, the Oracle Database Firewall included support for Oracle Database 11g, IBM DB2, Microsoft SQL Server, Sybase Adaptive Server Enterprise (ASE), and Sybase SQL Anywhere. Support is now being extended to include the MySQL database which is also part of the Oracle product portfolio. Oracle acquired MySQL as part of the acquisition of Sun Microsystems in 2010.
Samar noted that there is a difference between the default defensive capabilities of Oracle Database and MySQL.
"There are not many preventive mechanisms on the MySQL database itself like the way we have it on the Oracle database," Samar said. "On the Oracle database, we have support for encryption, more access control and more auditing, so there are multiple layers of defense."
The database firewall helps to mitigate the risk of some but not all possible attack vectors, which is why having multiple layers of security is important.
"If someone set up MySQL on a screwed up box and an attacker gets to that screwed up box you have an issue," Roxana Bradescu, Senior Director, Security Product Management at Oracle, told InternetNews.com.
The Oracle Database Firewall is concerned only with the database SQL traffic. The way the system works is by way of SQL grammar analysis techniques that help to indentify potentially malicious traffic.
"The grammar analysis analyzes all of the SQL statements in a fixed time," Bradescu explained.
From a deployment perspective, the new version of the Oracle Database Firewall also provides a new proxy deployment mode. Samar explained that there are multiple ways that the database firewall can be connected on a network. One is by way of hooking into a server port, making a copy of the traffic to forward to the firewall. In that deployment mode, the firewall is not inline with the traffic and performs more of a monitoring function. Another deployment mode is by placing the database firewall inline behind a router and in front of the database on the network. The inline mode requires network configuration changes to make sure that traffic is routed through the proper box.
The new proxy mode is intended to further simplify the deployment of the database firewall.
"So you go to your client and instead of sending traffic directly to the database, it sends it to the database firewall," Samar said. "The firewall then goes and forwards that traffic to the database server."
On the database server itself, an administrator can specify that all traffic must come first through the database firewall and not by way of any other connection. Routing all the traffic through the database firewall also means that the software appliance needs to be able to handle all the traffic.
"Scalability is such a key issue, so the scalability is there with the ability to deal with the volume of traffic," Samar said.