Meade is in the process of developing a white list and a black list
of various types of SQL statements. “Anything that is on the white
list gets through, and everything on the black list is blocked,” he
explains. “The database firewall analyzes SQL traffic. Based on poli-
cies we establish, it chooses to block, substitute, log, or send an alert
about each suspicious statement.”
In addition to evaluating the legitimacy of SQL statements, Oracle
Database Firewall can consider factors such as the requester’s IP
address, time, and program name. TransUnion Interactive can choose
to deploy it in blocking mode as a database policy enforcement system
as well as for supplemental auditing and compliance purposes.
A COMPREHENSIVE VIEW
Martin Kuppinger, founder and principal analyst at KuppingerCole, a
leading analyst company for identity-focused information security,
explains the importance of this type of defense. “While a network
firewall controls access to I T resources at the IP level, it looks at
packets, so it doesn’t have a very deep understanding of what
happens at the SQL level. Database firewalls provide in-depth pro-
tection for communication to databases by monitoring and enforcing
normal application behavior. They prevent SQL injection attacks and
unauthorized SQL commands.”
Kuppinger sees database encryption and database firewalls as
an important part of a complete database security strategy. Other
essential technologies include data masking for test environments
and controlling access to databases. “It’s important to have solutions
for every aspect, starting with strong authentication and granular
access control to databases, ensuring that operators and database
administrators can’t abuse their privileges,” Kuppinger concludes. “If
you trust only one database security solution, you will fail to address
all of these different aspects. Leaving some doors open doesn’t really
solve your enterprise security issues.”
David Baum ( david@dbaumcomm.com) is a freelance business writer.
NEXT STEPS
READ more about
database security
“Effective Data Leak Prevention Programs: Start by Protecting Data at the
Source—Your Databases”
oracle.com/us/products/database/039434.pdf
Oracle Database Security
oracle.com/us/products/database/security/overview
Oracle Storage Networking, Powered by QLogic, Optimized with Oracle Linux
THE QLOGIC AND ORACLE alliance extends over 17 years of collaboration to
deliver a stable, reliable, and highly responsive environment for your critical business
needs. Oracle-branded storage networking products, powered by QLogic, offer the
performance as well as the confidence that comes with knowing this platform has
been fully tested and optimized for Oracle Linux including the latest version of Oracle
Linux 6. As a component of Oracle’s Validated Configurations, the Storage Tek 8 Gb
FC PCIe HBAs and Sun Storage 10 GbE FCoE CNAs are also integral to the Oracle
Linux validated enterprise solutions. Together, Oracle Linux and QLogic enable
organizations to confidently deploy these solutions knowing that they will achieve the
high performance, scalability, and reliability they have been seeking.
To find out more about Oracle’s Storage Tek 8 Gb FC
PCIe HBAs and Sun Storage 10 GbE FCoE CNAs,
powered by QLogic, and our partnership with Oracle
Linux visit us at www.qlogic.com/go/oracle.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks
of their respective owners.
