Database as a networked server DB at the centre of the network Network Access Map for DB environment Tracking of tools and apps Remove unnecessary network.

Slides:

Advertisements

Similar presentations

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.

Advertisements

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

Firewalls : usage Data encryption Access control : usage restriction on some protocols/ports/services Authentication : only authorized users and hosts.

System Security Scanning and Discovery Chapter 14.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

Firewalls and Intrusion Detection Systems

Vulnerability Analysis Borrowed from the CLICS group.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

Terri Lahey LCLS Facility Advisory Committee 20 April 2006 LCLS Network Security Terri Lahey.

Computer Security and Penetration Testing

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Module 1: Database and Instance. Overview Defining a Database and an Instance Introduce Microsoft’s and Oracle’s Implementations of a Database and an.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )

LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.

Ana Chanaba Robert Huylo

FIREWALL Mạng máy tính nâng cao-V1.

Penetration Testing Security Analysis and Advanced Tools: Snort.

Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software

11 Copyright © 2005, Oracle. All rights reserved. Configuring the Oracle Network Environment.

Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 4 Finding Network Vulnerabilities By Whitman, Mattord, & Austin© 2008 Course Technology.

Csci5233 Computer Security1 Bishop: Chapter 27 System Security.

Cisco PIX firewall Set up 3 security zones ***CS580*** John Trafecanty Jules R. Nya Baweu August 23, 2005.

Cognos TM1 Satya Mobile:

TCP/IP: Basics1 User Datagram Protocol (UDP) Another protocol at transport layer is UDP. It is Connectionless protocol i.e. no need to establish & terminate.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

Honeypot and Intrusion Detection System

Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.

Lector: Aliyev H.U. Lecture №14: Telecommun ication network software design for data bases and servers. TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES.

Learningcomputer.com SQL Server 2008 Configuration Manager.

Module 12: Routing Fundamentals. Routing Overview Configuring Routing and Remote Access as a Router Quality of Service.

Security at NCAR David Mitchell February 20th, 2007.

1 Firewalls G53ACC Chris Greenhalgh. 2 Contents l Attacks l Principles l Simple filters l Full firewall l Books: Comer ch

Oracle 10g Database Administrator: Implementation and Administration Chapter 2 Tools and Architecture.

Mainframe (Host) - Communications - User Interface - Business Logic - DBMS - Operating System - Storage (DB Files) Terminal (Display/Keyboard) Terminal.

A VIRTUAL HONEYPOT FRAMEWORK Author : Niels Provos Publication: Usenix Security Symposium Presenter: Hiral Chhaya for CAP6103.

1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.

© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.

Topics Network topology Virtual LAN Port scanners and utilities Packet sniffers Weak protocols Practical exercise.

Small Business Security Keith Slagle April 24, 2007.

BY SYDNEY FERNANDES T.E COMP ROLL NO: INTRODUCTION Networks are used as a medium inorder to exchange data packets between the server and clients.

Module 11: Designing Security for Network Perimeters.

Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.

Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:

Module 1 Introduction to SQL Server® 2008 R2 and its Toolset.

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-1 Lesson 3 Cisco PIX Firewall Technology and Features.

Lesson 2a © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—2-1 Firewall Technologies and the Cisco Security Appliance.

Firewall Technology and InterCell Communication Peter T. Dinsmore Trusted Information Systems Network Associates Inc 3060 Washington Rd (Rt. 97) Glenwood,

Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.

Basic Oracle Net Services Client-Side Configuration

Syo-401 Question Answer. QUESTION 1 An achievement in providing worldwide Internet security was the signing of certificates associated with which of the.

11 MAINTAINING A NETWORK INFRASTRUCTURE Chapter 9.

@Yuan Xue Worm Attack Yuan Xue Fall 2012.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.

CompTIA Security+ Study Guide (SY0-401)

MySQL Exploit with Metasploit

Chapter 6 Application Hardening

Click to edit Master subtitle style

Introduction to SQL Server 2000 Security

CIT 480: Securing Computer Systems

CompTIA Security+ Study Guide (SY0-401)

Lecture 2: Overview of TCP/IP protocol

Lecture 3: Secure Network Architecture

Session 20 INST 346 Technologies, Infrastructure and Architecture

Presentation transcript:

Database as a networked server DB at the centre of the network Network Access Map for DB environment Tracking of tools and apps Remove unnecessary network libraries – SQL, DB2, Oracle networking layers – Implement using TCP/IP only Secure services from known network attacks Use of Firewalls

Db at the core Avoid direct exposure of DB to Internet Databases must reside in Data centers DMZ architecture – consists of 2 firewalls between DB and Internet Use DB firewall or VPN for client access from outside the Corporate network

Network access map Communication essential between Networking group and Database group Review data access diagram for new access patterns Following are shown in data access diagrams – Database access endpoints – Clients accessing each database – Apps used to access DB and type of access

Tracking of tools and apps Knowledge of tools and versions – Address points of vulnerabilities – Compliance with IT governance – Alert on questionable changes Get client information including host from – Monitoring Database Access (MDA) in Sybase – System Global Area (SGA) in Oracle 10g E.g select machine, terminal, program, username, logon_time from v$session Monitoring sys tables by polling /from TCP/IP packets going to DB

Remove unnecessary network libraries SQL, DB2, Oracle networking layers – Support for multiple protocols – TCP/IP, named pipes etc. – OCI, SQLLIB, SQLNET, OPI (Oracle Program interface) – Oracle Net Config, Assistant Implement using TCP/IP only – Disable all other protocols

Port scanners Use port scanners to list all services and corresponding ports – E.g. Database 1521, Listener netstat nmap

Secure services from known network attacks SQL Slammer – Jan – this worm infected 120,000 SQL server machines More than 120K packets/second Uses buffer overflow error in SQL Server’s Resolution service The service runs on UDP port 1434 Watch for vulnerabilities that can exploit the network

Use of Firewalls Limit access to DB Conventional or specialized SQL firewall – IP address and port filtering – SQL firewall helps to set policy based on SQL commands, DB users, app types and Db objects Oracle re-direction pitfall Protocols.ora or sqlnet.ora – TCP_INVITED_NODES= – TCP_EXCLUDED_NODES=