Upload
greensql
View
4.057
Download
2
Tags:
Embed Size (px)
Citation preview
How to create a
query-based
white list
Create a query-based white list: 4 simple steps
1. Create a new Query Group 2. Create a new IPS/IDS rule 3. Create a new Database
Firewall rule 4. Propagate the white list
Query Group
1 Create a new Query Group
Step 1: Log on to the GreenSQL management GUI.
Step 1a: Click on the Policies icon at the top of the management screen.
Step 1b: Click on the Query Groups policy option to proceed to the query groups configuration function.
Step 1c: Click on the Create New button in order to create a new Query Group.
Step 1d: Give the new Query Group a meaningful name, e.g., "White List".
Step 1e: Choose your database type, e.g., MySQL.
Step 1f: Choose the proxy that protects your database type.
Step 1g: Choose the appropriate color for the newly created Query Group.
Step 1h: Click the Create button to finalize the configuration.
Step 1i: Check that the White List Query Group was created and displays in the Query Groups section.
2 Create a new IPS/IDS rule
Step 2 (optional): Minimize the floating notification bar for a better view of the management GUI.
Step 2a: Click on Policy to create a new IPS/IDS (intruder prevention system/intruder detection system) rule.
Step 2b: Click on the Create New button.
Step 2c: Choose the Risk Based - IPS/IDS Rule Type.
Step 2d: Select the Database that the new rule will apply to.
Step 2e: Make sure that the Mode is set to Active Protection.
Step 2f: Make sure that the SQL Injection Detection box is checked.
Step 2g: Make sure that the Action is set to Block.
Step 2h: The Blocking action has a number of options; for this example, we will choose Close SQL Connection.
Step 2i: Make sure that the Logging option is set to Intrusion Events.
Step 2j: Scroll down and click the Create button to confirm rule creation.
Step 2k: Notice that our new Blocking rule, which defends our database against SQL injections, appears before the Allow Any rule.
3 Create a new Database Firewall rule
Step 3a: To create the White List rule, click on the Create New button.
Step 3b: Choose the Database Firewall Rule Type.
Step 3c: Select the Database that the new rule will apply to.
Step 3d: Choose Query Groups as the Firewall Type. Remember, we created the White List Query Group and now we want to use it.
Step 3e: Choose the White List Query Group we created earlier for this specific rule.
Step 3f: Select Allow as the Action, to allow White List queries to access the database.
Step 3g: Click Create to finalize rule creation.
Step 3h: Your policy should now contain three policy rules, as shown in the example above.
4 Propagate the white list query group
Step 4a: Now, we need to investigate if there are legitimate queries that were blocked by the SQL Injection rule. Click on the Logs icon.
Step 4b: Click on Intrusion Logs to look for legitimate blocked queries.
Step 4c: This example shows that there was an intrusion event. Click on the event to view the event details.
Step 4d: Scroll down in the event details to look for the Pattern field.
Step 4e: Review the pattern and note that this query is legitimate. Click on the pattern to add it to our White List Query Group.
Step 4f: Choose White List from the pop-up window and click Assign.
Step 4g: See that the new Query Group contains our white-listed pattern.
The white list is configured and operational.
That’s it!