 |
|
 |
|
|
Preventing External Attacks 預防外部網路攻擊 |
|
|
Guardium’s technology helps prevent outsider attacks such as SQL injection in several ways, all of which can be used simultaneously to provide a layered defense.? This is accomplished by creating and enforcing real-time, proactive policies such as:
| ˙ |
Access policies that identify anomalous behavior by continuously comparing all database activity to a baseline of normal behavior. For example, an SQL injection attack will typically exhibit patterns of database access that are uncharacteristic of your standard line-of-business applications |
| ˙ |
Exception policies based on definable thresholds, such as an excessive number of failed logins or SQL errors. SQL errors can indicate that an attacker is “looking around” for names of key tables by experimenting with SQL commands using different arguments—such as “Credit_Card_Num” or “CC_Num"—until he finds a valid table name that does not result in a database error |
| ˙ |
Exception policies based on specific SQL error codes from the database, such as “ORA-00903: Invalid table name” or “ORA-00942: Table or view does not exist.” Such error codes may indicate hacking behavior |
| ˙ |
Extrusion policies that examine data leaving the database for specific data value patterns such as credit card numbers, or a high volume of returned records that might indicate a breach |
| ˙ |
Pre-configured policy signatures that identify attempts to exploit unpatched vulnerabilities or system functions. Guardium’s vulnerability and threat management module provides an extensive library of pre-configured signatures to protect against these types of attacks, along with a subscription service to keep them up-to-date. For example, it allows you to protect against attempts to: |
| |
| ˙ |
Invoke system stored procedures that have known vulnerabilities |
| ˙ |
Exploit configuration vulnerabilities such as default system accounts that have not been disabled (e.g., SCOTT/TIGER in Oracle) |
| ˙ |
Access system objects (e.g., views, standard functions, packaged subroutines) by non-privileged users |
|
In the Guardium system, responses to policy violations are fully customizable and can include: |
| ˙ |
SNMP and SMTP real-time alerts |
| ˙ |
Automated terminations, such as account logouts from the database system or VPN connection shut-downs |
| ˙ |
Blocking via host-based agents or TCP Reset when the appliance is deployed in passive mode, or by deploying the database as an in-line firewall |
|
|
|
|
 |
