Oracle's first database firewall has its origins in work done by Senerco, a company taken over by Oracle in mid-2010. The company says the firewall protects not only Oracle's own database, but also IBM's DB2 (LUW), Microsoft's SQL Server (2000, 2005 and 2008), and Sybase's ASE (12.5.4 and 15) or SQL Anywhere V10.
The product uses white lists and black lists containing permitted and prohibited SQL commands. Statements that are not included in the white list can be blocked, substituted or simply logged by the firewall. In a white paperPDF, Oracle suggests using substitutions as the default operation as this will provide attackers with as little information as possible. For example, instead of SELECT * FROM table the firewall could execute SELECT * FROM table WHERE 'a'='b' which doesn't return any records. Similarly, instead of DROP TABLE table, if the command SELECT * FROM xxx was used it would make the database attempt to access a non-existent table and trigger an error message. All policies can be configured to allow specific statements based on factors such as IP address or time of day.
Reports about illegal SQL statements can be generated in various formats to comply with the SOX (Sarbanes-Oxley) or the credit card industry's PCI DSS regulations. The firewall can also detect database user privilege changes and analyse stored procedures.
Return to linux news headlines
View Linux News Archive