DataBase Firewall a GreenSQL example
To defend against SQL Injection attacks there are Database Firewalls, the article offers a brief introduction to GreenSQL, an OpenSource database firewall
Hacker attacks are now on the agenda, a SQL injection can damage an application even in a compromising way.
It is often frequent that the damage caused by an attack does not appear immediately but after a few days, in such a way as to make backup procedures very complex.
It is true that the best solution is to write applications immune to this type of attack, but who can host third-party sites, or more generally a provider, how can they defend themselves against all this?
There are solutions designed precisely to stem this problem, of systems that act as reverse proxies between WebServer and DBServer that have the task of defending data from these problems.
In this article we present GreenSQL an Open Source Database Firewall.
GreenSQL is compatible with MySQL and PostgreSQL:
Implementing a reverse proxy logic, it must be configured between Web Server and DB Server in other words means that the web application will not have to be configured to connect to the DB directly, but will have to connect to the Database Firewall, which only after analyzing the query and having established that it is secure, will forward it to the DB Server.
The following figure shows the process implemented by GreenSQL
GreenSQL contacts the DB Server to execute the SQL commands, while the application communicates directly with the Database firewall.
GreenSQL can be used in four ways:
- Simulation Mode (IDS database)=>
In this mode nothing is blocked, the firewall acts as an IDS, notifying suspicious queries on the console.
Blocking Suspicious Commands (IPS database)=>
In this configuration GreenSQL uses its own heuristic engine to find illegal queries and automatically block them, implementing a basic IPS.
This mode consists in training GreenSQL to keep all SQL queries in a whitelist, at the end of the training the system will go alone in a protection mode.
Active protection from unknown queries=>
This is the DB Firewall mode, all unknown queries will not be executed, unknown queries the firewall will only calculate the risk and give evidence to the administrator.
GreenSQL is distributed in three versions:
The matrix of features is available on the DOWNLOAD page of the official website.
One last necessary reflection and to be spent on the performances, the first reaction we have, for those who have never used it, is to see an intermediate node between application and DB, which would seem penalizing for the performances.
However, the caching mechanisms of GreenSQL make it possible to guarantee good performance in any case, and not to weigh down the DB Server with the same queries.
We are not advocating GreenSQL due to above reasons but this is just for a knowledge example. Dbametrix is providing only remote Database Administration support for Oracle and SQL database servers including cloud servers for an instance DBaaS DBA support. Stay connected with our Expert DBA team club blog for more knowledge gain articles on database from this blog or from here.