Latest release of Oracle databse firewall extends support to my SQL report feature - Technology tips

Monday, January 9, 2012

Latest release of Oracle databse firewall extends support to my SQL report feature

If you want to know how secure your data is so – we could tell you there are many surveys that has been conducted and revealed that 48% of data from organization are stolen or many employees they do not follow the organization’s code of conduct just steal data– and sometimes that data is leak out to the competitors.
There are many ways people can steal data usually people uses sql injection technology to do such stuff.
Data can be stolen from inside and this percentage is getting doubled every year, application and data-ware house are becoming critical place for this activity, if you are using encryption technique and storing user privilege inside database which is very impressive too but this technique may not work if someone is approaching database with sql injection.

Oracle has introduced a technology called oracle database firewall that monitors your data access, enforces policies who has accessed your data with permission or without permission, it will protect network based attack originating from inside and outside too, it can protect you from any kind of threat and best part of this technology is- it support different databases, New release of oracle database firewall is supported to non-oracle database including my SQL, this means simple, this tool not only provide security to oracle databases but also SQL Server database and other RDBMS databases. It also supports IBM DB2, Sybase and SQL Anywhere databases.

You will find a white list policy feature that allows anyone to release only approved sql statement, for example you have mentioned approved sql statement and only such statement can be sent to database otherwise nobody can execute any other statement. In other words you can block as many sql statement as you want so any person approaching your database with select statement –if he/she is not allowed to execute such statement he cannot use them.

This tool is shipped with different reports – supported standards are Sarbanes Oxley and PCI DSS II.

No comments: