Oracle Database Firewall technology easily recognizes injected SQL and can block attempted attacks that are out of an organizations security policy. The technology is so accurate in understanding the meaning of the SQL transaction that false positives and false negatives are a thing of the past.
Database Firewall is designed to work on the network, providing in-line security or out-of-band monitoring for the largest of enterprise deployment. Optional host-based agents provide low-impact local monitoring capabilities.
About the Oracle Database Firewall System Architecture
The typical Oracle Database Firewall architecture has the following main components:
The database network, containing the database server and its clients: You are not required to install Oracle Database Firewall onto the database server or clients. However, if needed, you can install the Database Firewall Local Monitoring on the database server, which enables the Database Firewall to monitor SQL traffic originating from the users or processes that have direct access (for example, through the console) to the database computer.
The Database Firewall: This is the server that runs the Oracle Database Firewall software. Each Database Firewall collects SQL data from SQL databases, and then sends this SQL data to the Database Firewall Management Server to be analyzed in reports. After the Database Firewall sends the SQL data to the Management Server, it deletes it locally. The SQL data is then stored in the Management Server.
Database Firewall applications and other third-party applications: These applications perform system configuration, monitoring, administration, and reporting. If necessary, you can use a single computer to operate these applications. However, typically, there is a separate computer for each application, because applications are often used by different people or from different locations.
Examples of Database Firewall applications include the Oracle Database Firewall Administration Console and Oracle Database Analyzer.
You must use a Database Firewall Management Server to control one or more Database Firewall installations.
Documentation: http://download.oracle.com/docs/cd/E20465_01/doc/nav/portal_booklist.htm
In this tutorial, I use 4 Virtual machines:
ORADB11g - Test Oracle Database (on OELinux) which will be monitored by Database Firewall.
FWMS - Firewall Management Server (on OELinux)
DBFW - Standalone Database Firewall (on OELinux)
Analyzer - Windows XP client, which will be used for browser based applications like Administration Console.
Now, I will go through multiple parts for each section: Installation, Integration, Monitoring, Auditing and etc.
Future parts will be added as soon as possible, like "User Role Auditing", "SQL Injection" and etc.
Part 1: Installation
Download MP4 of this video
Part 2: Firewall Management Server Installation
Download MP4 of this video
Part 3: Firewall Management Server Initial Configuration
Download MP4 of this video
Part 4: Integration Standalone Firewall With Management Server
Download MP4 of this video
Part 5: Creating Enforcement Point for Monitoring Database
Download MP4 of this video
Part 6: Stored Procedure Auditing
Download MP4 of this video
Part 7: User Role Auditing
Download MP4 of this video
Next parts coming soon...
1 comment:
Hi, How can you test in inline mode if all interfaces are bridged. Could you indicate the network configuration to use with 3 machines on virtualbox e.g or other.. ? I test with a client/xp, the DBFW (which is DBFW and management) and a vulnerable application (php+mysql e.g). I've tried to configured 1 management network to reach the (IP of the bridge) DBFW and the bridge interfaces which is connected to 2 separate host-only (to pass the traffic from client to vulnerable server/db) .. no WAY :) thanks in advance for your recommendations :)
Post a Comment