SlideShare a Scribd company logo
Database Firewall with Snort
Narudom Roongsiriwong
WhoAmI
Lazy Blogger
• Japan, Security, FOSS, Politics, Christian
• http://narudomr.blogspot.com
Food Lover
• Steak, Yakiniku, BBQ
• Sushi (especially Otoro)
• All Kinds of Noodle (Spaghetti, Ramen, Udon,
Kanomjean)
Head of IT Security, Kiatnakin Bank PLC
(KKP)
Agenda
What Are Database Firewalls?
Are there Open Source DB Firewalls?
What & Why Snort?
Implementation
Concerns
Q&A
Web/Web
Services
Custom
Applications
Business
Applications
How Databases Accessed?
Direct Access via Database
Protocols
• DBAs via query tools
• Fat client applications
Three-tier applications
• Internal users via Business
applications
Web applications
• Internal & External users via
browser interfaces
Application Interfaces
• Applications via Web
Services Interfaces
Browser Browser
DBA
SQL
Data
Thin Client
3 Tier App
Thick Client
2 Tier App
Thin Client
3 Tier App
Application
Interface
What are Database Firewalls?
Application Level Firewalls that monitor
databases to identify and protect against
database specific attacks that mostly seek to
access sensitive information stored in the
databases.
Deployed either in-line with the database
server (OR) near the network gateway
Database Firewall Functions
Policy Functions Details
Whitelist
Access Control
 IP address, DB user, schedule (time)
 IP address group, DB user group
 Security policy group
Authority Control
 Control by objects (Table, View)
 SQL operation (DML,DDL ,DCL)
 SQL sentence
Profile
 Automatic security policy by self learning SQL query
 Positive security based automatic Authority policy by Authority
Profile
 Control SQL sentence form by Form Profile
Backlist
Pattern Rule  Block/detect the user defined query pattern
Column Rule  Block/detect the specific column of object
Audit
Archive &
Analysis
 Logging all the SQL query.
 Analyzing audit log & security log
Management
 Central management for a several
 Analyzing the database traffic & network traffic
 Monitoring system usage
Are there Open Source DB Firewalls?
GreenSQL
• Cross Platform
• Rapid Deployment
• Well established
• Web application independent
• The only free security solution for MySQL
• User Friendly WEB GUI/Management tool
What is Snort?
Open source, freely available software except
for rules
Support Windows, Linux and Solaris
Sensors/actuators in a network
Signature based IDS/IPS
Rules defined to take certain action after
matching (atomic or composite)
• Example:
• alert tcp $HOME_NET any -> $EXTERNAL_NET any
(content:"uk.youtube.com”;msg:"someone visited
YouTube";)‫‏‬
Snort: Capabilities
Four modes of operation
• Packet Sniffer mode
• Packet Logger mode
• Network Intrusion Detection Mode
• Network Intrusion Prevention
Inline (IPS) Mode
• Configure Snort to receive packets from iptables rather
than libpcap.
• Separate capability that must be explicitly installed.
• Adds 3 new rule types
• Drop – iptables drops packet and snort logs
• Reject – iptables rejects packet and snort logs
• Sdrop – iptables will drop packet. No logging.
Why Snort?
Open Source
Low cost hardware implementation
Ready to use Linux distribution out there
• SmoothSec
• Security Onion
Partial DB Firewall function implementation
Database Firewall Functions by Snort
Policy Functions Details
Whitelist
Access Control
 IP address, DB user, schedule (time)
 IP address group, DB user group
 Security policy group
Authority Control
 Control by objects (Table, View)
 SQL operation (DML,DDL ,DCL)
 SQL sentence
Profile
 Automatic security policy by self learning SQL query
 Positive security based automatic Authority policy by Authority
Profile
 Control SQL sentence form by Form Profile
Backlist
Pattern Rule  Block/detect the user defined query pattern
Column Rule  Block/detect the specific column of object
Audit
Archive &
Analysis
 Logging all the SQL query.
 Analyzing audit log & security log
Management
 Central management for a several
 Analyzing the database traffic & network traffic
 Monitoring system usage
Management Add-On for Snort
PulledPork: Snort Ruleset Management
Squert: Analyze Alert
Sguil: Network Security Monitoring
Snorby: Network Security Monitoring
ELSA: Enterprise Log Search and Archive
Implementation
eth0
Fixed IP for Management
No IP, from User PCs
eth1
No IP, to Database Servers
eth2
SmoothSec
Lightweight and fully-ready IDS/IPS Linux
distribution
Based on Debian 7 (wheezy)
Available for 32 and 64 bit architecture.
Includes the latest version of Snorby, Snort,
Suricata, PulledPork and Pigsty.
Easy setup process allows to deploy a
complete IDS/IPS System within minutes
Last Update: 2014-01-28, required new Linux
kernel for new hardware (in this case LAN
cards)
SmoothSec: Installation
Scenario: Read only for Developers
Cause: Developers knows database privilege
usernames and passwords on legacy systems
Environment: UAT
Settings: Blacklist DDL, DCL and all DML
except‫“‏‬SELECT”
Explanation
DML: Data Manipulation Language
• SELECT, INSERT, UPDATE, DELETE, MERGE,
UPSERT, CALL, LOCK
DDL: Data Definition Language
• CREATE, ALTER, DROP, TRANCATE,
COMMENT, RENAME
DCL: Data Control Language
• GRANT, REVOKE
Example Ruleset: Block DDL
######### Block Create Table #########
drop tcp $UAT_NET any -> $DB_NET any (msg:"Block SQL Command:
Create Table"; flow: to_server, established;
content:"CREATE|20|"; nocase; pcre:"/CREATE.+TABLE/i";
sid:2015052205)
######### Block Create Database #########
drop tcp $UAT_NET any -> $DB_NET any (msg:"Block SQL Command:
Create Database"; flow: to_server, established;
content:"CREATE|20|"; nocase; pcre:"/CREATE.+DATABASE/i";
sid:2015052206)
######### Block Alter Table #########
drop tcp $UAT_NET any -> $DB_NET any (msg:"Block SQL Command:
ALTER"; flow: to_server, established; content:"ALTER|20|";
nocase; pcre:"/ALTER.+TABLE/i"; sid:2015052204)
Example Ruleset: Block DCL
######### Block Grant #########
drop tcp $UAT_NET any -> $DB_NET any (msg:"Block SQL Command:
Grant"; flow: to_server, established; content:"GRANT|20|";
nocase; pcre:"/GRANT.+ON/i"; sid:2015052211)
######### Block Revoke #########
drop tcp $UAT_NET any -> $DB_NET any (msg:"Block SQL Command:
Revoke"; flow: to_server, established; content:"REVOKE|20|";
nocase; pcre:"/REVOKE.+ON/i"; sid:2015052212)
Example Ruleset: Block DML
######### Block Insert Table #########
drop tcp $UAT_NET any -> $DB_NET any (msg:"Block SQL Command
Oracle: INSERT"; flow: to_server, established;
content:"INSERT|20|"; nocase; pcre:"/INSERT.+INTO/i";
sid:2015052201)
######### Block Update Table #########
drop tcp $UAT_NET any -> $DB_NET any (msg:"Block SQL Command
Oracle: UPDATE"; flow: to_server, established;
content:"UPDATE|20|"; nocase; pcre:"/UPDATE.+SET/i";
sid:2015052202)
######### Block Delete Table #########
drop tcp $UAT_NET any -> $DB_NET any (msg:"Block SQL Command
Oracle: DELETE"; flow: to_server, established;
content:"DELETE|20|"; nocase; pcre:"/DELETE.+FROM/i";
sid:2015052203)
Example Ruleset: Block Privilege Users
######### Block Privilege Users #########
drop tcp $UAT_NET any -> $DB_NET any (msg:"Drop privilege
user"; content:"USER=SYS"; nocase; sid:20150520)
Example Ruleset: Block Specific Software
########### Disallow Toad.exe #########
reject tcp $UAT_NET any -> $DB_NET any (msg:"Disallow
Toad.exe"; flow:to_server,established; content:"Toad.exe";
nocase; sid:2015062901)
Concerns: Unicode
UTF-8: No problem
UTF-16: ANSI pattern unable to match.
######### Block Create Table #########
drop tcp $UAT_NET any -> $DB_NET any (msg:"Block SQL Command:
Create Table"; flow: to_server, established;
content:"CREATE|20|"; nocase; pcre:"/CREATE.+TABLE/i";
sid:2015052205)
######### Block Create Table, UTF-16, Little Endian ########
drop tcp $UAT_NET any -> $DB_NET any (msg:"Block SQL Command
UTF-16LE: Create"; flow:to_server,established;
content:"C|00|R|00|E|00|A|00|T|00|E|00 20|"; nocase;
sid:2015052705)
Other Concerns
No return result on IPS drop, causes
disconnection on some software
Dual-Port Ethernet adapter with bypass
function may be required (with expensive cost)
Implement ruleset rotation to cover scheduling
feature.
Special Thanks
Amornsak Ruangtang
IT Security, Kiatnakin Bank PLC.
CEH, SEC+, MCITP, CCNA
Database Firewall with Snort

More Related Content

What's hot

intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
Aj Maurya
 
Registry forensics
Registry forensicsRegistry forensics
Registry forensics
Prince Boonlia
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
NishaYadav177
 
Snort
SnortSnort
Snort
Rahul Jain
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)
LJ PROJECTS
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
Papun Papun
 
DDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationDDoS Attack Preparation and Mitigation
DDoS Attack Preparation and Mitigation
Jerod Brennen
 
Module 2 Foot Printing
Module 2   Foot PrintingModule 2   Foot Printing
Module 2 Foot Printing
leminhvuong
 
All About Snort
All About SnortAll About Snort
All About Snort
28pranjal
 
Snort
SnortSnort
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for Beginners
SKMohamedKasim
 
Creating Correlation Rules in AlienVault
Creating Correlation Rules in AlienVaultCreating Correlation Rules in AlienVault
Creating Correlation Rules in AlienVault
AlienVault
 
Windows registry forensics
Windows registry forensicsWindows registry forensics
Windows registry forensics
Taha İslam YILMAZ
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Priyanka Aash
 
Hping Kullanarak TCP/IP Paketleriyle Oynama
Hping Kullanarak TCP/IP Paketleriyle OynamaHping Kullanarak TCP/IP Paketleriyle Oynama
Hping Kullanarak TCP/IP Paketleriyle Oynama
BGA Cyber Security
 
Log correlation SIEM rule examples and correlation engine performance data
Log correlation SIEM rule examples and correlation engine  performance dataLog correlation SIEM rule examples and correlation engine  performance data
Log correlation SIEM rule examples and correlation engine performance data
Ertugrul Akbas
 
Açık Kaynak Kodlu Çözümler Kullanarak SOC Yönetimi SOAR & IRM Webinar - 2020
Açık Kaynak Kodlu Çözümler Kullanarak SOC Yönetimi SOAR & IRM Webinar - 2020Açık Kaynak Kodlu Çözümler Kullanarak SOC Yönetimi SOAR & IRM Webinar - 2020
Açık Kaynak Kodlu Çözümler Kullanarak SOC Yönetimi SOAR & IRM Webinar - 2020
BGA Cyber Security
 
Open Source SOC Kurulumu
Open Source SOC KurulumuOpen Source SOC Kurulumu
Open Source SOC Kurulumu
BGA Cyber Security
 
Windows İşletim Sistemi Yetki Yükseltme Çalışmaları
Windows İşletim Sistemi Yetki Yükseltme ÇalışmalarıWindows İşletim Sistemi Yetki Yükseltme Çalışmaları
Windows İşletim Sistemi Yetki Yükseltme Çalışmaları
BGA Cyber Security
 

What's hot (20)

intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
 
Metasploit El Kitabı
Metasploit El KitabıMetasploit El Kitabı
Metasploit El Kitabı
 
Registry forensics
Registry forensicsRegistry forensics
Registry forensics
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
 
Snort
SnortSnort
Snort
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
 
DDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationDDoS Attack Preparation and Mitigation
DDoS Attack Preparation and Mitigation
 
Module 2 Foot Printing
Module 2   Foot PrintingModule 2   Foot Printing
Module 2 Foot Printing
 
All About Snort
All About SnortAll About Snort
All About Snort
 
Snort
SnortSnort
Snort
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for Beginners
 
Creating Correlation Rules in AlienVault
Creating Correlation Rules in AlienVaultCreating Correlation Rules in AlienVault
Creating Correlation Rules in AlienVault
 
Windows registry forensics
Windows registry forensicsWindows registry forensics
Windows registry forensics
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
 
Hping Kullanarak TCP/IP Paketleriyle Oynama
Hping Kullanarak TCP/IP Paketleriyle OynamaHping Kullanarak TCP/IP Paketleriyle Oynama
Hping Kullanarak TCP/IP Paketleriyle Oynama
 
Log correlation SIEM rule examples and correlation engine performance data
Log correlation SIEM rule examples and correlation engine  performance dataLog correlation SIEM rule examples and correlation engine  performance data
Log correlation SIEM rule examples and correlation engine performance data
 
Açık Kaynak Kodlu Çözümler Kullanarak SOC Yönetimi SOAR & IRM Webinar - 2020
Açık Kaynak Kodlu Çözümler Kullanarak SOC Yönetimi SOAR & IRM Webinar - 2020Açık Kaynak Kodlu Çözümler Kullanarak SOC Yönetimi SOAR & IRM Webinar - 2020
Açık Kaynak Kodlu Çözümler Kullanarak SOC Yönetimi SOAR & IRM Webinar - 2020
 
Open Source SOC Kurulumu
Open Source SOC KurulumuOpen Source SOC Kurulumu
Open Source SOC Kurulumu
 
Windows İşletim Sistemi Yetki Yükseltme Çalışmaları
Windows İşletim Sistemi Yetki Yükseltme ÇalışmalarıWindows İşletim Sistemi Yetki Yükseltme Çalışmaları
Windows İşletim Sistemi Yetki Yükseltme Çalışmaları
 

Viewers also liked

Wireshark Basics
Wireshark BasicsWireshark Basics
Wireshark Basics
Yoram Orzach
 
Improving intrusion detection system by honeypot
Improving intrusion detection system by honeypotImproving intrusion detection system by honeypot
Improving intrusion detection system by honeypot
mmubashirkhan
 
Snort ppt
Snort pptSnort ppt
Snort ppt
aAlcantar93
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention System
Vishwanath Badiger
 
Computer and Network Security
Computer and Network SecurityComputer and Network Security
Computer and Network Security
primeteacher32
 
Snort
SnortSnort
Industrial Training - Network Intrusion Detection System Using Snort
Industrial Training - Network Intrusion Detection System Using SnortIndustrial Training - Network Intrusion Detection System Using Snort
Industrial Training - Network Intrusion Detection System Using Snort
Disha Bedi
 
Key management
Key managementKey management
Key management
Brandon Byungyong Jo
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
Riya Choudhary
 
Hcl
HclHcl
Anton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin on Honeypots
Anton Chuvakin on Honeypots
Anton Chuvakin
 
Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]
SISA Information Security Pvt.Ltd
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
Devil's Cafe
 
Futurex Secure Key Injection Solution
Futurex Secure Key Injection SolutionFuturex Secure Key Injection Solution
Futurex Secure Key Injection Solution
Greg Stone
 
Wireshark
WiresharkWireshark
Wireshark
Sourav Roy
 
Network Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortNetwork Intrusion Detection System Using Snort
Network Intrusion Detection System Using Snort
Disha Bedi
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Aparna Bhadran
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
Umesh Dhital
 
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
shraddha_b
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Akhil Kumar
 

Viewers also liked (20)

Wireshark Basics
Wireshark BasicsWireshark Basics
Wireshark Basics
 
Improving intrusion detection system by honeypot
Improving intrusion detection system by honeypotImproving intrusion detection system by honeypot
Improving intrusion detection system by honeypot
 
Snort ppt
Snort pptSnort ppt
Snort ppt
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention System
 
Computer and Network Security
Computer and Network SecurityComputer and Network Security
Computer and Network Security
 
Snort
SnortSnort
Snort
 
Industrial Training - Network Intrusion Detection System Using Snort
Industrial Training - Network Intrusion Detection System Using SnortIndustrial Training - Network Intrusion Detection System Using Snort
Industrial Training - Network Intrusion Detection System Using Snort
 
Key management
Key managementKey management
Key management
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
 
Hcl
HclHcl
Hcl
 
Anton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin on Honeypots
Anton Chuvakin on Honeypots
 
Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
 
Futurex Secure Key Injection Solution
Futurex Secure Key Injection SolutionFuturex Secure Key Injection Solution
Futurex Secure Key Injection Solution
 
Wireshark
WiresharkWireshark
Wireshark
 
Network Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortNetwork Intrusion Detection System Using Snort
Network Intrusion Detection System Using Snort
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 

Similar to Database Firewall with Snort

Attack all the layers secure 360
Attack all the layers secure 360Attack all the layers secure 360
Attack all the layers secure 360
Scott Sutherland
 
Secure360 - Attack All the Layers! Again!
Secure360 - Attack All the Layers! Again!Secure360 - Attack All the Layers! Again!
Secure360 - Attack All the Layers! Again!
Scott Sutherland
 
Penetration Testing Boot CAMP
Penetration Testing Boot CAMPPenetration Testing Boot CAMP
Security Onion
Security OnionSecurity Onion
Security Onion
johndegruyter
 
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Andrejs Prokopjevs
 
10 Tips for AIX Security
10 Tips for AIX Security10 Tips for AIX Security
10 Tips for AIX Security
HelpSystems
 
Crypt tech technical-presales
Crypt tech technical-presalesCrypt tech technical-presales
Crypt tech technical-presales
Mustafa Kuğu
 
Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1
Joel W. King
 
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Puppet
 
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
Felipe Prado
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?
Chris Sistrunk
 
Sanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticiansSanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticians
Peter Clapham
 
Flexible compute
Flexible computeFlexible compute
Flexible compute
Peter Clapham
 
CNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS VulnerabilitiesCNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS Vulnerabilities
Sam Bowne
 
Distributech_Presentation DTECH_2013
Distributech_Presentation DTECH_2013Distributech_Presentation DTECH_2013
Distributech_Presentation DTECH_2013
Dorian Hernandez
 
CNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS VulnerabilitiesCNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS Vulnerabilities
Sam Bowne
 
Big Data Approaches to Cloud Security
Big Data Approaches to Cloud SecurityBig Data Approaches to Cloud Security
Big Data Approaches to Cloud Security
Paul Morse
 
Intro to firewalls
Intro to firewallsIntro to firewalls
Intro to firewalls
Joshua Johnston
 
Ch 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesCh 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS Vulnerabilites
Sam Bowne
 
Machine Learning , Analytics & Cyber Security the Next Level Threat Analytics...
Machine Learning , Analytics & Cyber Security the Next Level Threat Analytics...Machine Learning , Analytics & Cyber Security the Next Level Threat Analytics...
Machine Learning , Analytics & Cyber Security the Next Level Threat Analytics...
PranavPatil822557
 

Similar to Database Firewall with Snort (20)

Attack all the layers secure 360
Attack all the layers secure 360Attack all the layers secure 360
Attack all the layers secure 360
 
Secure360 - Attack All the Layers! Again!
Secure360 - Attack All the Layers! Again!Secure360 - Attack All the Layers! Again!
Secure360 - Attack All the Layers! Again!
 
Penetration Testing Boot CAMP
Penetration Testing Boot CAMPPenetration Testing Boot CAMP
Penetration Testing Boot CAMP
 
Security Onion
Security OnionSecurity Onion
Security Onion
 
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
 
10 Tips for AIX Security
10 Tips for AIX Security10 Tips for AIX Security
10 Tips for AIX Security
 
Crypt tech technical-presales
Crypt tech technical-presalesCrypt tech technical-presales
Crypt tech technical-presales
 
Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1
 
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
 
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?
 
Sanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticiansSanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticians
 
Flexible compute
Flexible computeFlexible compute
Flexible compute
 
CNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS VulnerabilitiesCNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS Vulnerabilities
 
Distributech_Presentation DTECH_2013
Distributech_Presentation DTECH_2013Distributech_Presentation DTECH_2013
Distributech_Presentation DTECH_2013
 
CNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS VulnerabilitiesCNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS Vulnerabilities
 
Big Data Approaches to Cloud Security
Big Data Approaches to Cloud SecurityBig Data Approaches to Cloud Security
Big Data Approaches to Cloud Security
 
Intro to firewalls
Intro to firewallsIntro to firewalls
Intro to firewalls
 
Ch 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesCh 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS Vulnerabilites
 
Machine Learning , Analytics & Cyber Security the Next Level Threat Analytics...
Machine Learning , Analytics & Cyber Security the Next Level Threat Analytics...Machine Learning , Analytics & Cyber Security the Next Level Threat Analytics...
Machine Learning , Analytics & Cyber Security the Next Level Threat Analytics...
 

More from Narudom Roongsiriwong, CISSP

Biometric Authentication.pdf
Biometric Authentication.pdfBiometric Authentication.pdf
Biometric Authentication.pdf
Narudom Roongsiriwong, CISSP
 
Security Shift Leftmost - Secure Architecture.pdf
Security Shift Leftmost - Secure Architecture.pdfSecurity Shift Leftmost - Secure Architecture.pdf
Security Shift Leftmost - Secure Architecture.pdf
Narudom Roongsiriwong, CISSP
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat Modeling
Narudom Roongsiriwong, CISSP
 
Security Patterns for Software Development
Security Patterns for Software DevelopmentSecurity Patterns for Software Development
Security Patterns for Software Development
Narudom Roongsiriwong, CISSP
 
How Good Security Architecture Saves Corporate Workers from COVID-19
How Good Security Architecture Saves Corporate Workers from COVID-19How Good Security Architecture Saves Corporate Workers from COVID-19
How Good Security Architecture Saves Corporate Workers from COVID-19
Narudom Roongsiriwong, CISSP
 
Secure Software Design for Data Privacy
Secure Software Design for Data PrivacySecure Software Design for Data Privacy
Secure Software Design for Data Privacy
Narudom Roongsiriwong, CISSP
 
Blockchain and Cryptocurrency for Dummies
Blockchain and Cryptocurrency for DummiesBlockchain and Cryptocurrency for Dummies
Blockchain and Cryptocurrency for Dummies
Narudom Roongsiriwong, CISSP
 
DevSecOps 101
DevSecOps 101DevSecOps 101
National Digital ID Platform Technical Forum
National Digital ID Platform Technical ForumNational Digital ID Platform Technical Forum
National Digital ID Platform Technical Forum
Narudom Roongsiriwong, CISSP
 
IoT Security
IoT SecurityIoT Security
Embedded System Security: Learning from Banking and Payment Industry
Embedded System Security: Learning from Banking and Payment IndustryEmbedded System Security: Learning from Banking and Payment Industry
Embedded System Security: Learning from Banking and Payment Industry
Narudom Roongsiriwong, CISSP
 
Secure Your Encryption with HSM
Secure Your Encryption with HSMSecure Your Encryption with HSM
Secure Your Encryption with HSM
Narudom Roongsiriwong, CISSP
 
Application Security Verification Standard Project
Application Security Verification Standard ProjectApplication Security Verification Standard Project
Application Security Verification Standard Project
Narudom Roongsiriwong, CISSP
 
Coding Security: Code Mania 101
Coding Security: Code Mania 101Coding Security: Code Mania 101
Coding Security: Code Mania 101
Narudom Roongsiriwong, CISSP
 
Top 10 Bad Coding Practices Lead to Security Problems
Top 10 Bad Coding Practices Lead to Security ProblemsTop 10 Bad Coding Practices Lead to Security Problems
Top 10 Bad Coding Practices Lead to Security Problems
Narudom Roongsiriwong, CISSP
 
OWASP Top 10 Proactive Control 2016 (C5-C10)
OWASP Top 10 Proactive Control 2016 (C5-C10)OWASP Top 10 Proactive Control 2016 (C5-C10)
OWASP Top 10 Proactive Control 2016 (C5-C10)
Narudom Roongsiriwong, CISSP
 
Securing the Internet from Cyber Criminals
Securing the Internet from Cyber CriminalsSecuring the Internet from Cyber Criminals
Securing the Internet from Cyber Criminals
Narudom Roongsiriwong, CISSP
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101
Narudom Roongsiriwong, CISSP
 
Secure Software Development Adoption Strategy
Secure Software Development Adoption StrategySecure Software Development Adoption Strategy
Secure Software Development Adoption Strategy
Narudom Roongsiriwong, CISSP
 
Secure PHP Coding
Secure PHP CodingSecure PHP Coding
Secure PHP Coding
Narudom Roongsiriwong, CISSP
 

More from Narudom Roongsiriwong, CISSP (20)

Biometric Authentication.pdf
Biometric Authentication.pdfBiometric Authentication.pdf
Biometric Authentication.pdf
 
Security Shift Leftmost - Secure Architecture.pdf
Security Shift Leftmost - Secure Architecture.pdfSecurity Shift Leftmost - Secure Architecture.pdf
Security Shift Leftmost - Secure Architecture.pdf
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat Modeling
 
Security Patterns for Software Development
Security Patterns for Software DevelopmentSecurity Patterns for Software Development
Security Patterns for Software Development
 
How Good Security Architecture Saves Corporate Workers from COVID-19
How Good Security Architecture Saves Corporate Workers from COVID-19How Good Security Architecture Saves Corporate Workers from COVID-19
How Good Security Architecture Saves Corporate Workers from COVID-19
 
Secure Software Design for Data Privacy
Secure Software Design for Data PrivacySecure Software Design for Data Privacy
Secure Software Design for Data Privacy
 
Blockchain and Cryptocurrency for Dummies
Blockchain and Cryptocurrency for DummiesBlockchain and Cryptocurrency for Dummies
Blockchain and Cryptocurrency for Dummies
 
DevSecOps 101
DevSecOps 101DevSecOps 101
DevSecOps 101
 
National Digital ID Platform Technical Forum
National Digital ID Platform Technical ForumNational Digital ID Platform Technical Forum
National Digital ID Platform Technical Forum
 
IoT Security
IoT SecurityIoT Security
IoT Security
 
Embedded System Security: Learning from Banking and Payment Industry
Embedded System Security: Learning from Banking and Payment IndustryEmbedded System Security: Learning from Banking and Payment Industry
Embedded System Security: Learning from Banking and Payment Industry
 
Secure Your Encryption with HSM
Secure Your Encryption with HSMSecure Your Encryption with HSM
Secure Your Encryption with HSM
 
Application Security Verification Standard Project
Application Security Verification Standard ProjectApplication Security Verification Standard Project
Application Security Verification Standard Project
 
Coding Security: Code Mania 101
Coding Security: Code Mania 101Coding Security: Code Mania 101
Coding Security: Code Mania 101
 
Top 10 Bad Coding Practices Lead to Security Problems
Top 10 Bad Coding Practices Lead to Security ProblemsTop 10 Bad Coding Practices Lead to Security Problems
Top 10 Bad Coding Practices Lead to Security Problems
 
OWASP Top 10 Proactive Control 2016 (C5-C10)
OWASP Top 10 Proactive Control 2016 (C5-C10)OWASP Top 10 Proactive Control 2016 (C5-C10)
OWASP Top 10 Proactive Control 2016 (C5-C10)
 
Securing the Internet from Cyber Criminals
Securing the Internet from Cyber CriminalsSecuring the Internet from Cyber Criminals
Securing the Internet from Cyber Criminals
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101
 
Secure Software Development Adoption Strategy
Secure Software Development Adoption StrategySecure Software Development Adoption Strategy
Secure Software Development Adoption Strategy
 
Secure PHP Coding
Secure PHP CodingSecure PHP Coding
Secure PHP Coding
 

Recently uploaded

Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptxDublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Kunal Gupta
 
The Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF GuideThe Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF Guide
Shiv Technolabs
 
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptxIntroduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
313mohammedarshad
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc
 
Mastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for SuccessMastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for Success
David Wilson
 
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
sunilverma7884
 
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
bellared2
 
July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
Ivanti
 
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
shanihomely
 
Feature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptxFeature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptx
ssuser1915fe1
 
What's new in android: jetpack compose 2024
What's new in android: jetpack compose 2024What's new in android: jetpack compose 2024
What's new in android: jetpack compose 2024
Toru Wonyoung Choi
 
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
Priyanka Aash
 
Tailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer InsightsTailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer Insights
SynapseIndia
 
Computer HARDWARE presenattion by CWD students class 10
Computer HARDWARE presenattion by CWD students class 10Computer HARDWARE presenattion by CWD students class 10
Computer HARDWARE presenattion by CWD students class 10
ankush9927
 
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdfAcumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
BrainSell Technologies
 
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfBT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
Neo4j
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
Priyanka Aash
 
Integrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecaseIntegrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecase
shyamraj55
 
Data Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining DataData Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining Data
Safe Software
 
Acumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptxAcumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptx
BrainSell Technologies
 

Recently uploaded (20)

Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptxDublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
 
The Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF GuideThe Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF Guide
 
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptxIntroduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
 
Mastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for SuccessMastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for Success
 
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
 
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
 
July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
 
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
 
Feature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptxFeature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptx
 
What's new in android: jetpack compose 2024
What's new in android: jetpack compose 2024What's new in android: jetpack compose 2024
What's new in android: jetpack compose 2024
 
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
 
Tailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer InsightsTailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer Insights
 
Computer HARDWARE presenattion by CWD students class 10
Computer HARDWARE presenattion by CWD students class 10Computer HARDWARE presenattion by CWD students class 10
Computer HARDWARE presenattion by CWD students class 10
 
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdfAcumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
 
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfBT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
 
Integrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecaseIntegrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecase
 
Data Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining DataData Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining Data
 
Acumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptxAcumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptx
 

Database Firewall with Snort

  • 1. Database Firewall with Snort Narudom Roongsiriwong
  • 2. WhoAmI Lazy Blogger • Japan, Security, FOSS, Politics, Christian • http://narudomr.blogspot.com Food Lover • Steak, Yakiniku, BBQ • Sushi (especially Otoro) • All Kinds of Noodle (Spaghetti, Ramen, Udon, Kanomjean) Head of IT Security, Kiatnakin Bank PLC (KKP)
  • 3. Agenda What Are Database Firewalls? Are there Open Source DB Firewalls? What & Why Snort? Implementation Concerns Q&A
  • 4. Web/Web Services Custom Applications Business Applications How Databases Accessed? Direct Access via Database Protocols • DBAs via query tools • Fat client applications Three-tier applications • Internal users via Business applications Web applications • Internal & External users via browser interfaces Application Interfaces • Applications via Web Services Interfaces Browser Browser DBA SQL Data Thin Client 3 Tier App Thick Client 2 Tier App Thin Client 3 Tier App Application Interface
  • 5. What are Database Firewalls? Application Level Firewalls that monitor databases to identify and protect against database specific attacks that mostly seek to access sensitive information stored in the databases. Deployed either in-line with the database server (OR) near the network gateway
  • 6. Database Firewall Functions Policy Functions Details Whitelist Access Control  IP address, DB user, schedule (time)  IP address group, DB user group  Security policy group Authority Control  Control by objects (Table, View)  SQL operation (DML,DDL ,DCL)  SQL sentence Profile  Automatic security policy by self learning SQL query  Positive security based automatic Authority policy by Authority Profile  Control SQL sentence form by Form Profile Backlist Pattern Rule  Block/detect the user defined query pattern Column Rule  Block/detect the specific column of object Audit Archive & Analysis  Logging all the SQL query.  Analyzing audit log & security log Management  Central management for a several  Analyzing the database traffic & network traffic  Monitoring system usage
  • 7. Are there Open Source DB Firewalls? GreenSQL • Cross Platform • Rapid Deployment • Well established • Web application independent • The only free security solution for MySQL • User Friendly WEB GUI/Management tool
  • 8. What is Snort? Open source, freely available software except for rules Support Windows, Linux and Solaris Sensors/actuators in a network Signature based IDS/IPS Rules defined to take certain action after matching (atomic or composite) • Example: • alert tcp $HOME_NET any -> $EXTERNAL_NET any (content:"uk.youtube.com”;msg:"someone visited YouTube";)‫‏‬
  • 9. Snort: Capabilities Four modes of operation • Packet Sniffer mode • Packet Logger mode • Network Intrusion Detection Mode • Network Intrusion Prevention Inline (IPS) Mode • Configure Snort to receive packets from iptables rather than libpcap. • Separate capability that must be explicitly installed. • Adds 3 new rule types • Drop – iptables drops packet and snort logs • Reject – iptables rejects packet and snort logs • Sdrop – iptables will drop packet. No logging.
  • 10. Why Snort? Open Source Low cost hardware implementation Ready to use Linux distribution out there • SmoothSec • Security Onion Partial DB Firewall function implementation
  • 11. Database Firewall Functions by Snort Policy Functions Details Whitelist Access Control  IP address, DB user, schedule (time)  IP address group, DB user group  Security policy group Authority Control  Control by objects (Table, View)  SQL operation (DML,DDL ,DCL)  SQL sentence Profile  Automatic security policy by self learning SQL query  Positive security based automatic Authority policy by Authority Profile  Control SQL sentence form by Form Profile Backlist Pattern Rule  Block/detect the user defined query pattern Column Rule  Block/detect the specific column of object Audit Archive & Analysis  Logging all the SQL query.  Analyzing audit log & security log Management  Central management for a several  Analyzing the database traffic & network traffic  Monitoring system usage
  • 12. Management Add-On for Snort PulledPork: Snort Ruleset Management Squert: Analyze Alert Sguil: Network Security Monitoring Snorby: Network Security Monitoring ELSA: Enterprise Log Search and Archive
  • 13. Implementation eth0 Fixed IP for Management No IP, from User PCs eth1 No IP, to Database Servers eth2
  • 14. SmoothSec Lightweight and fully-ready IDS/IPS Linux distribution Based on Debian 7 (wheezy) Available for 32 and 64 bit architecture. Includes the latest version of Snorby, Snort, Suricata, PulledPork and Pigsty. Easy setup process allows to deploy a complete IDS/IPS System within minutes Last Update: 2014-01-28, required new Linux kernel for new hardware (in this case LAN cards)
  • 16. Scenario: Read only for Developers Cause: Developers knows database privilege usernames and passwords on legacy systems Environment: UAT Settings: Blacklist DDL, DCL and all DML except‫“‏‬SELECT”
  • 17. Explanation DML: Data Manipulation Language • SELECT, INSERT, UPDATE, DELETE, MERGE, UPSERT, CALL, LOCK DDL: Data Definition Language • CREATE, ALTER, DROP, TRANCATE, COMMENT, RENAME DCL: Data Control Language • GRANT, REVOKE
  • 18. Example Ruleset: Block DDL ######### Block Create Table ######### drop tcp $UAT_NET any -> $DB_NET any (msg:"Block SQL Command: Create Table"; flow: to_server, established; content:"CREATE|20|"; nocase; pcre:"/CREATE.+TABLE/i"; sid:2015052205) ######### Block Create Database ######### drop tcp $UAT_NET any -> $DB_NET any (msg:"Block SQL Command: Create Database"; flow: to_server, established; content:"CREATE|20|"; nocase; pcre:"/CREATE.+DATABASE/i"; sid:2015052206) ######### Block Alter Table ######### drop tcp $UAT_NET any -> $DB_NET any (msg:"Block SQL Command: ALTER"; flow: to_server, established; content:"ALTER|20|"; nocase; pcre:"/ALTER.+TABLE/i"; sid:2015052204)
  • 19. Example Ruleset: Block DCL ######### Block Grant ######### drop tcp $UAT_NET any -> $DB_NET any (msg:"Block SQL Command: Grant"; flow: to_server, established; content:"GRANT|20|"; nocase; pcre:"/GRANT.+ON/i"; sid:2015052211) ######### Block Revoke ######### drop tcp $UAT_NET any -> $DB_NET any (msg:"Block SQL Command: Revoke"; flow: to_server, established; content:"REVOKE|20|"; nocase; pcre:"/REVOKE.+ON/i"; sid:2015052212)
  • 20. Example Ruleset: Block DML ######### Block Insert Table ######### drop tcp $UAT_NET any -> $DB_NET any (msg:"Block SQL Command Oracle: INSERT"; flow: to_server, established; content:"INSERT|20|"; nocase; pcre:"/INSERT.+INTO/i"; sid:2015052201) ######### Block Update Table ######### drop tcp $UAT_NET any -> $DB_NET any (msg:"Block SQL Command Oracle: UPDATE"; flow: to_server, established; content:"UPDATE|20|"; nocase; pcre:"/UPDATE.+SET/i"; sid:2015052202) ######### Block Delete Table ######### drop tcp $UAT_NET any -> $DB_NET any (msg:"Block SQL Command Oracle: DELETE"; flow: to_server, established; content:"DELETE|20|"; nocase; pcre:"/DELETE.+FROM/i"; sid:2015052203)
  • 21. Example Ruleset: Block Privilege Users ######### Block Privilege Users ######### drop tcp $UAT_NET any -> $DB_NET any (msg:"Drop privilege user"; content:"USER=SYS"; nocase; sid:20150520)
  • 22. Example Ruleset: Block Specific Software ########### Disallow Toad.exe ######### reject tcp $UAT_NET any -> $DB_NET any (msg:"Disallow Toad.exe"; flow:to_server,established; content:"Toad.exe"; nocase; sid:2015062901)
  • 23. Concerns: Unicode UTF-8: No problem UTF-16: ANSI pattern unable to match. ######### Block Create Table ######### drop tcp $UAT_NET any -> $DB_NET any (msg:"Block SQL Command: Create Table"; flow: to_server, established; content:"CREATE|20|"; nocase; pcre:"/CREATE.+TABLE/i"; sid:2015052205) ######### Block Create Table, UTF-16, Little Endian ######## drop tcp $UAT_NET any -> $DB_NET any (msg:"Block SQL Command UTF-16LE: Create"; flow:to_server,established; content:"C|00|R|00|E|00|A|00|T|00|E|00 20|"; nocase; sid:2015052705)
  • 24. Other Concerns No return result on IPS drop, causes disconnection on some software Dual-Port Ethernet adapter with bypass function may be required (with expensive cost) Implement ruleset rotation to cover scheduling feature.
  • 25. Special Thanks Amornsak Ruangtang IT Security, Kiatnakin Bank PLC. CEH, SEC+, MCITP, CCNA