Presentation is loading. Please wait.

Presentation is loading. Please wait.

Database as a networked server DB at the centre of the network Network Access Map for DB environment Tracking of tools and apps Remove unnecessary network.

Published byLinda Carson Modified over 8 years ago

Similar presentations

Presentation on theme: "Database as a networked server DB at the centre of the network Network Access Map for DB environment Tracking of tools and apps Remove unnecessary network."— Presentation transcript:

1 Database as a networked server DB at the centre of the network Network Access Map for DB environment Tracking of tools and apps Remove unnecessary network libraries – SQL, DB2, Oracle networking layers – Implement using TCP/IP only Secure services from known network attacks Use of Firewalls

2 Db at the core Avoid direct exposure of DB to Internet Databases must reside in Data centers DMZ architecture – consists of 2 firewalls between DB and Internet Use DB firewall or VPN for client access from outside the Corporate network

3 Network access map Communication essential between Networking group and Database group Review data access diagram for new access patterns Following are shown in data access diagrams – Database access endpoints – Clients accessing each database – Apps used to access DB and type of access

4 Tracking of tools and apps Knowledge of tools and versions – Address points of vulnerabilities – Compliance with IT governance – Alert on questionable changes Get client information including host from – Monitoring Database Access (MDA) in Sybase – System Global Area (SGA) in Oracle 10g E.g select machine, terminal, program, username, logon_time from v$session Monitoring sys tables by polling /from TCP/IP packets going to DB

5 Remove unnecessary network libraries SQL, DB2, Oracle networking layers – Support for multiple protocols – TCP/IP, named pipes etc. – OCI, SQLLIB, SQLNET, OPI (Oracle Program interface) – Oracle Net Config, Assistant Implement using TCP/IP only – Disable all other protocols

6 Port scanners Use port scanners to list all services and corresponding ports – E.g. Database 1521, Listener 1522-1540 netstat nmap

7 Secure services from known network attacks SQL Slammer – Jan. 2003 – this worm infected 120,000 SQL server machines More than 120K packets/second Uses buffer overflow error in SQL Server’s Resolution service The service runs on UDP port 1434 Watch for vulnerabilities that can exploit the network

8 Use of Firewalls Limit access to DB Conventional or specialized SQL firewall – IP address and port filtering – SQL firewall helps to set policy based on SQL commands, DB users, app types and Db objects Oracle re-direction pitfall Protocols.ora or sqlnet.ora – TCP_INVITED_NODES= – TCP_EXCLUDED_NODES=

Download ppt "Database as a networked server DB at the centre of the network Network Access Map for DB environment Tracking of tools and apps Remove unnecessary network."

Similar presentations

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Firewalls : usage Data encryption Access control : usage restriction on some protocols/ports/services Authentication : only authorized users and hosts.

Firewalls : usage Data encryption Access control : usage restriction on some protocols/ports/services Authentication : only authorized users and hosts.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Vulnerability Analysis Borrowed from the CLICS group.

Vulnerability Analysis Borrowed from the CLICS group.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Terri Lahey LCLS Facility Advisory Committee 20 April 2006 LCLS Network Security Terri Lahey.

Terri Lahey LCLS Facility Advisory Committee 20 April 2006 LCLS Network Security Terri Lahey.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Module 1: Database and Instance. Overview Defining a Database and an Instance Introduce Microsoft’s and Oracle’s Implementations of a Database and an.

Module 1: Database and Instance. Overview Defining a Database and an Instance Introduce Microsoft’s and Oracle’s Implementations of a Database and an.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040)

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.

LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.
Ana Chanaba Robert Huylo

Ana Chanaba Robert Huylo
FIREWALL Mạng máy tính nâng cao-V1.

FIREWALL Mạng máy tính nâng cao-V1.
Penetration Testing Security Analysis and Advanced Tools: Snort.

Penetration Testing Security Analysis and Advanced Tools: Snort.
Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software

Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software

Similar presentations

Ads by Google