Embed Size (px)
Citation preview
Database as a networked server
• DB at the centre of the network• Network Access Map for DB environment• Tracking of tools and apps• Remove unnecessary network libraries– SQL, DB2, Oracle networking layers– Implement using TCP/IP only
• Secure services from known network attacks• Use of Firewalls
Db at the core
• Avoid direct exposure of DB to Internet• Databases must reside in Data centers• DMZ architecture – consists of 2 firewalls
between DB and Internet• Use DB firewall or VPN for client access from
outside the Corporate network
Network access map
• Communication essential between Networking group and Database group
• Review data access diagram for new access patterns
• Following are shown in data access diagrams– Database access endpoints– Clients accessing each database – Apps used to access DB and type of access
Tracking of tools and apps• Knowledge of tools and versions– Address points of vulnerabilities– Compliance with IT governance– Alert on questionable changes
• Get client information including host from – Monitoring Database Access (MDA) in Sybase– System Global Area (SGA) in Oracle 10g• E.g select machine, terminal, program, username,
logon_time from v$session
• Monitoring sys tables by polling /from TCP/IP packets going to DB
Remove unnecessary network libraries
• SQL, DB2, Oracle networking layers– Support for multiple protocols – TCP/IP, named
pipes etc.– OCI, SQLLIB, SQLNET, OPI (Oracle Program
interface)– Oracle Net Config, Assistant
• Implement using TCP/IP only– Disable all other protocols
Port scanners
• Use port scanners to list all services and corresponding ports– E.g. Database 1521, Listener 1522-1540
• netstat• nmap
Secure services from known network attacks
• SQL Slammer – Jan. 2003 – this worm infected 120,000 SQL server machines
• More than 120K packets/second• Uses buffer overflow error in SQL Server’s
Resolution service• The service runs on UDP port 1434• Watch for vulnerabilities that can exploit the
network
Use of Firewalls
• Limit access to DB• Conventional or specialized SQL firewall– IP address and port filtering– SQL firewall helps to set policy based on SQL
commands, DB users, app types and Db objects
• Oracle re-direction pitfall• Protocols.ora or sqlnet.ora– TCP_INVITED_NODES=<client IP addresses>– TCP_EXCLUDED_NODES=<client IP addresses>
