 Database Security Overview
 Understanding the DB security industry paradigm
 From investment and construction to efficient use of resources and security era.
In the last 10 years, the main goal of the IT industry was expanding the infra. However, the focus has now shifted, and has become a national task, to develop it in a safe and sound manner. Protection of information assets, no longer simply means the protection of the physical system or software, but encompasses internal security and establishment of security awareness.
As a result, regulations and guides for IT users and solution vendors are being created, in order to guarantee the efficiency and saftey of the information
infra.
The convenience of information usage and a real-time execution environment has led to various forms of threatening factors. As such ill effects increase, regulations and supervision are expected to be reinforced to secure stability.
Information system related regulations and an IT compliance market are being created, in order to meet such industrial demands.
Compliance demands on firms are expected to increase, and once a regulation is made it will continue to be enforced.
The larger and higher a building rises, the higher the demands of more stringent regulations, such as, provision of estinguishers, emergency staircases, and heliports. Likewise, as society relies more and more on the information system, demands for secure and unfragmented information will arise from outside the corporal environment, leading to the development of relavent solutions.
At present, compliance demands on companies have only just begun to arise. However, it is expected that, not only compliance demands on server and storage hardware, system software, application software, but also, demands on IT services integrating hardware and software will increase, in the near future.
 Implementing a real-time monitor, restriction and auditing system for DB operations within a company.
Although there have been various IT related regulations in the past, recent demands have led to more systematic regulations, such as, the Sarbanes-Oxley Act (SOA) of 2002, Basel II by the Bank for International Settlements (BIS), and information security regulation.
The SOA was established in response to the Enron, WorldCom accounting scandals of 2001, to ensure transparency in financial statements and disclosures.
Such regulations have made it necessary for global corporations, such as, POSCO, to construct an internal restriction system and establish response strategies in advance, for protecting information and managing hazards.
In addition, increasing personal information security awareness, and reported cases of leakage of important information(data), have led to a demand for technology to secure such information, and develop a system for system developers and administrator to efficiently manage, monitor, and restrict accesses to information.
Protection of important data and prevention of DB leakage without loading the system, by 100% logging of all real-time monitor, restriction, and accesses to the database under surveillance, and post-analysis of the logged records.
Establishing an information security system in response to IT compliance.
Not only is it necessary to establish an internal restriction system, it is also imperative that general security problems be solved, such as, those related to processes, the operation system, document access, database security and backup, in order to fully comply with this regulation.
The importance of not only internal operation system security, but also secure management, restriction, and auditing of the database containing vital company information, is being more and more emphasized.
For efficient database security management, a system for real-time monitor and logging of all DB accesses is needed, in order to apply security restrictions in advance and aquire proof for enforcing regulations.
Product Features & Architecture
The database systems managed by companies are various and the tasks complicated. In a large system which deals with several thousand transitions per second, even a short interval of abnormal operation can cause huge losses.
It therefore important to choose a system that will cause 0% damage, when establishing a DB security system for monitoring the database on a real-time basis.
The company's operations must not be affected even when a physical problem occurs in the system under surveillance. Chakra offers a solution for such requirements, enabling real-time monitoring of the database, without needing to access the database.
Chakra identifies all tasks requested to the database and by whom, on a real-time basis, enables searching of when, where, and which data, is queried and modified by whom, and supplies the necessary information for troubleshooting when a problem occurs.
|
| Protection |
Real-time monitoring of all accesses to the database (Host, Application, User, ID, time) and the contents of the task (SQL type and etc.) |
|
|
In the case of a violation to an established security policy, immediate alert and reaction, such as, denial-of-service. |
|
| Auditing |
100% monitoring and logging of queries and modifications by all tasks (including server side tasks), without loading the system, and without accessing the database. |
|
|
Convenient tracking and searching of the contents of the
recorded tasks. |
|
| Monitoring & Reporting |
Saving of the records of all accesses to the database, and post-audit. |
|
|
Utilization of analysis reports from various points of view
of the real-time statistics of the logged data. |
|
|
Performance diagnosis based on data mining technique, and
preventive measures for security violations. |
|
|
System
Benefits
|
| 1. First software to employ the hybrid method in Korea |
|
| - Normal accesses via applications are monitored and logged using the Sniffing method : |
|
| - Guarantees stability and causes no load on the system. |
|
| - Abnormal accesses via Tools are monitored, restricted, and logged using the Gateway method, on a real-time basis. |
|
| - Sole product which supports the following : Normal and Abnormal satisfying compliance, GW, integrated management for Sniffing, |
|
| user access information including the result data. |
|
| 2. Integrated monitoring and restriction of accesses to commercially available DB |
|
| - Oracle, DB2, Sybase, MS-SQL, and etc. |
|
| 3. Achievement of dis-fragmented SQL logging and enhanced product stability, |
|
| through more than 3 years of service to major companies, in Korea and abroad. |
|
| 4. Integrated monitoring of Network and Server, through local logging |
|
| - Expanding of the DB security domain, by monitoring the tasks and executions made by authorized personnel on the server side |
|
| (console or Telnet). |
|
| 5. Official quality evaluation and certification |
|
| - Certification of Excellent Korean Technology (KT Mark),Certificate of Software Quality of TTA, Public Procurement excellent |
|
| product, New software grand prize , Dasan technology prize and etc. |
|
| 6. Excellent product acknowledgment by the Korean IntellectualPropertyOffice and Public Procurement Service |
|
| - Patent No. : 0481130, Patent No. : 2005047 |
|
| |
 |
|
Supported Platforms & Datasheet
|
| H/W Specification Chakra hybrid for Enterprise Chakra GW FOR SMB |
| H/W Specification : Chakra Hybrid for ENterprise Chakra GW FOR SMB |
|
| OS : Windows, Unix, Linux OS : Linux |
|
| H/W : Intel, Sun, IBM, HP and etc. HW : (standard size is allotted according to the scale of the system) |
|
| SQL Capture : 1!20,000/sec Chakra GW 100 : Intel Xeon 3GHz, |
|
| Disk Capabilities : 10~20GB / Day Memory 2G / HDD 140G |
|
| differs according to te operational system environment and logging policies CHakra GW 1000 : Intel Xeon 3GHz*2CPU, |
|
| target DBMS : Oracle, DB2, Sybase, MS-SQL Memory 4G / HDD 200G |
|
| * refer to the Chakra functions supplement |
| |
| |
|
Details of Feature
|
Chakra v2.1.3 vs Chakra v3.0.0
|
Logging and Monitoring
|
| Section |
Skill |
Detail |
V2.1.3 |
V3.0.0 |
| SQL Logging |
Oracle |
SQL/PLSQL logging |
o |
o |
|
|
|
Export/Import logging |
o |
o |
|
|
|
DB Link logging |
o |
o |
|
|
|
OCI(Oracle Call Interface) Thick Drive |
o |
o |
|
|
|
Java Thin Drive(JDBC Type 2,4) |
o |
o |
|
|
|
Load/Unload logging |
o |
o |
|
|
DB2 |
SQL/Stored Procedure logging |
|
o |
|
|
|
JDBC logging |
|
o |
|
|
Sybase |
SQL/Stored Prodecure/Dynamic SQL logging |
|
o |
|
|
|
JDBC logging |
|
o |
|
|
|
ODBC logging |
|
o |
|
|
MS SQL Server |
SQL/Stored Procedure logging |
|
|
|
|
|
ODBC logging |
|
|
|
| Server Logging |
Telnet Logging |
Telnet command logging |
o |
o |
|
|
|
Telnet command results logging |
|
o |
|
|
R-Login Logging |
RLogin command and results logging |
o |
o |
|
|
FTP Logging |
FTP command and results logging |
o |
o |
|
|
R-Command Logging |
RCmd command and results logging |
o |
o |
|
| Logging Policy |
Time |
Established of a logging policy for each time range |
o |
o |
|
|
IP |
Establishment of a logging policy for each IP |
o |
o |
|
|
DB Account |
Establishment of a logging policy for each DB Account |
o |
o |
|
|
OS Account |
Establishment of a logging policy for each OS Account |
o |
o |
|
|
Application |
Establishment of a logging policy for each Application |
o |
o |
|
|
SQL Text |
Establishment of a logging policy for a specific string in the SQLs |
o |
o |
|
|
SQL Type |
Establishment of a logging policy for a specific string in the SQLs |
o |
o |
|
|
SQL Object |
Establishment of a logging policy for each SQL Object (Table, Column, Command) |
|
o |
|
|
SQL Output |
Logging of the SQL execution result |
|
o |
|
| Real-time Monitoring |
Session Monitoring |
Real-time monitoring of DB SQL Session information and SQL executions |
o |
o |
|
|
|
Real-time monitoring or Server Session information and Commands |
|
o |
|
|
|
LOB Operation |
o |
|
|
|
SQL Monitoring |
Monitoring of SQLs with long execution time |
o |
o |
|
|
|
Top-n SQL |
o |
o |
|
|
Stat Monitoring |
Provides real-time trend graphs of Instance information |
o |
o |
|
|
|
Provides information on Chakra status (DISK I/o, CPU %, DISK %) |
|
o |
|
|
|
Provides DB Internal information |
|
o |
|
|
Alert Monitoring |
Monitoring of policy violating Alerts |
o |
o |
|
| |
| |
|
Controlling of access and privileges
|
| Section |
Skill |
Detail |
V2.1.3 |
V3.0.0 |
| Alert |
Time |
Monitoring of accesses in a specific/each time range |
o |
o |
|
|
Connection |
Monitoring of accesses according to Application |
o |
o |
|
|
|
Monitoring of accesses according to IP |
o |
o |
|
|
|
Monitoring of accesses according to Host Name |
o |
o |
|
|
|
Monitoring of accesses according to DB User |
o |
o |
|
|
|
Monitoring of accesses according to OS User |
o |
o |
|
|
Instance |
Monitoring according to the number of Sessions in an Instance and average Response Time |
o |
o |
|
|
Session |
Monitoring according to number of SQL executions, and failed executions |
o |
o |
|
|
|
Monitoring according to number of SQL executions, and failed executions |
o |
o |
|
|
|
Monitoring of excessive Network Usage (average, accumulative) |
o |
o |
|
|
|
Monitoring of excessive Data Access (average, accumulative) |
o |
o |
|
|
SQL |
Monitoring according to SQL response time |
o |
o |
|
|
|
Monitoring of excessive Network Usage |
o |
o |
|
|
|
Monitoring of excessive Data Access |
o |
o |
|
|
|
Shutting-down of session in the case of excessive data retrieval (accumulative) |
o |
o |
|
|
|
Monitoring according to SQL error code |
o |
o |
|
|
|
Monitoring according to SQL Type |
o |
o |
|
|
|
Monitoring according to SQL Text |
o |
o |
|
|
|
Monitoring according to SQL Object (Table, Column, Command) |
|
o |
|
|
Command |
Monitoring according to Telnet, FTP, R-Cmd, R-Login Command |
|
o |
|
|
Login Failure |
Monitoring of DB log-in failures |
|
o |
|
|
User Information modification |
Alert of changes in OS User and IP |
|
o |
|
|
Server Program execution |
Execution of Server Program in the case of an Alert |
o |
o |
|
| |
| |
|
Log Search and Analysis
|
| Section |
Skill |
Detail |
V2.1.3 |
V3.0.0 |
| Log Analyzer |
SQL Full |
SQL Log analysis |
o |
o |
|
|
Log Statistics |
SQL Statistics |
o |
o |
|
|
|
DB User statistics |
o |
o |
|
|
|
Client (IP) statistics |
o |
o |
|
|
|
Application statistics |
o |
o |
|
|
|
Session statistics |
o |
o |
|
|
Alert Analyzer |
Alert analysis |
|
o |
|
|
Server Analyzer |
Analysis of Telnet, FTP, R-Cmd, and R-Login accesses |
o |
o |
|
|
SQL Summary Analyzer |
Analysis of SQL statistics |
|
o |
|
|
Local Logging Analyzer |
Analysis of Local Accesses |
|
o |
|
|
Performance Analyzer |
Analysis of effect on performance (bases on Session, Lock, Latch, Transaction, and Plan information) |
|
o |
|
|
Trend |
Updates the trend graphs every second (minute) |
o |
o |
|
|
Snapshot |
Snapshot of the Trend Graphs and Stat Monitor |
o |
o |
|
|
Excel |
Log search and Export of statistical data in Exel format |
o |
o |
|
|
Reporting |
Creation of Reports using the statistical data DAO |
o |
|
|
| |
| |
|
Trend Analysis
|
| Section |
Skill |
Detail |
V2.1.3 |
V3.0.0 |
| Trend Analyzer |
Session |
Session trend graph |
|
o |
|
|
SQL Count |
SQL Count trend graph |
|
o |
|
|
Return Rows |
Return Rows trend graph |
|
o |
|
|
Analysis of Weekly changes |
Graph of the average weekly values |
|
o |
|
| |
| |
|
Reporting
|
| Section |
Skill |
Detail |
V2.1.3 |
V3.0.0 |
| Database |
Analysis of each Day |
Report of DB usage for each Day |
|
o |
|
|
Analysis of each Time Range |
Report of DB usage for each Time Range |
|
o |
|
|
Analysis of each Day of the Week |
Report of DB usage for each Day of the Week |
|
o |
|
|
Analysis of each Client |
Report of DB usage for each IP / Application |
|
o |
|
|
Analysis of each User |
Report of DB usage for each IP / DB User |
|
o |
|
| DB Session |
Application |
Report of Application statistics |
|
o |
|
|
IP |
Report of IP statistics |
|
o |
|
|
OS User |
Report of OS User statistics |
|
o |
|
|
DB User |
Report of DB User statistics |
|
o |
|
|
IP, App, DB User |
Statistical report for each IP, APP, and DB User |
|
o |
|
| SQL Report |
SQL Statistic |
Report of Uni-SQL execution statistics |
|
o |
|
| Server |
Daily |
Report of Server Access statistics for each Day |
|
o |
|
|
IP, Login User |
Report of Server Access statistic for each IP, Login User |
|
o |
|
| Alert |
Date |
Report of Alert Occurrence for each Day |
|
o |
|
|
Alert Policy |
Statistical report for each Alert Policy |
|
o |
|
|
Alert Level |
Statistical report for each Alert Level |
|
o |
|
|
IP, Alert Policy |
Statisctical report for each IP, Alert Policy |
|
o |
|
| Object Usage |
Analysis of accesses to a specific Table |
Statistical report of accesses to Table, Column |
|
o |
|
| Other |
Irregular Reporting |
Dimension(...), Measure(...) |
|
o |
|
| |
| |
|
Restoration
|
| Section |
Skill |
Detail |
V2.1.3 |
V3.0.0 |
| Restoration |
Table restoration |
Restoration of Tables deleted by the DROP command |
|
o |
|
|
Data restoration |
Restoration of Data modified by INSERT, UPDATE, or DELETE |
|
o |
|
| |
| |
|
Tool
|
| Section |
Skill |
Detail |
V2.1.3 |
V3.0.0 |
| Plan |
Built-in Plan Tool |
|
o |
o |
|
| Export |
V2 Schema Export function |
|
o |
o |
|
| Log2csv |
Creation of separate CSV for each Log File |
|
o |
o |
|
| Backup |
Backup S/W |
|
|
o |
|
| |
| |
|
Security of the security server
|
| Section |
Skill |
Detail |
V2.1.3 |
V3.0.0 |
| Security of the security server |
User Password |
One-way Path structure |
o |
o |
|
|
Logging Data |
Encryption, saving in Binary form |
|
o |
|
|
Transfer of Client information |
SSL application |
|
o |
|
| |
| |
|
Technical Spec.
|
| Section |
Skill |
Detail |
V2.1.3 |
V3.0.0 |
| Supported DB Versions Oracle |
|
7.3.4 |
o |
o |
|
|
|
8.0.5 |
o |
o |
|
|
|
8i |
o |
o |
|
|
|
9i |
o |
o |
|
|
|
9i R2 |
o |
o |
|
|
|
10G |
o |
o |
|
|
|
10G R2 |
o |
o |
|
|
DB2 |
DB2 UDB for Linux, WIndows, UNIX, V8 |
|
o |
|
|
|
DB2 UDB for Linux, Windows, UNIX V7 |
|
o |
|
|
|
DB2 UDB for Linux, Windows, UNIX V6 |
|
o |
|
|
|
DB2 UDB for z/OS and OS/390 V2.3 and above |
|
o |
|
|
Sybase |
Sybase IQ V12.x |
|
o |
|
|
|
Sybase ASE V12.x |
|
o |
|
|
MS SQL Server |
MS SQL Server 2005 |
|
o |
|
|
|
MS SQL Server 2000 |
|
o |
|
|
|
MS SQL Server 7 |
|
o |
|
|
|
MS SQL Server 6.5 |
|
o |
|
|
Teradata |
|
|
o |
|
|
ALTIBASE |
|
|
o |
|
|
Informix |
|
|
o |
|
| HW Platform |
HP |
HP-UX 11.x |
|
o |
|
|
SUN |
Solaris 7,8,9 and 10 SPARC |
|
o |
|
|
IBM |
AIX 5.1, 5.2, 5.3 |
|
o |
|
|
Windows |
2000 Server |
o |
o |
|
|
|
2003 Server |
o |
o |
|
|
Linux |
SUSE kernel 2.4, 2.6 |
|
o |
|
|
|
Red-Hat Kernel 2.4, 2.6 |
|
o |
|
| |
| |
|
Installation and Method
|
| Section |
Skill |
Detail |
V2.1.3 |
V3.0.0 |
| Sniffing method |
TAP |
UTP Tap, Fiber Tap |
o |
o |
|
|
Switch Mirror |
All switches that can be mirrored |
o |
o |
|
| GateWay method |
In-Line method |
FOD application |
|
o |
|
|
Port Forwarding method |
IP modification |
|
o |
|
|
Certificate method |
Packet control using the Certification method (Authorization) |
|
o |
|
| Client method |
C/S |
C/S method |
o |
|
|
|
Web |
Thin Client method |
|
o |
|
|
|
Reach Client method |
|
o |
|
| |
| |
|
License
|
| Section |
Skill |
Detail |
V2.1.3 |
V3.0.0 |
| License |
Issue via Mail |
|
o |
|
|
|
Issue via Web |
|
|
o |
|
| |
| |
|
Others
|
| Section |
Skill |
Detail |
V2.1.3 |
V3.0.0 |
| Chakra Manager |
Management of the Chakra Usage History |
|
o |
o |
|
| RAC |
Supports RAC environment (recognizes as identical server) |
|
|
o |
|
| DB |
MySQL |
|
|
o |
|
|
Oracle |
|
|
o |
|
| Mail |
Supports sending of Mail |
|
o |
o |
|
| SMS |
Supports sending of SMS messages |
|
|
o |
|
| SNMP |
Supports SNMP Trap |
|
o |
o |
|
| |
| |
|
CHAKRA
