Скачать презентацию Guardium — kako obezbijediti sigurnost i kontrolu nad Скачать презентацию Guardium — kako obezbijediti sigurnost i kontrolu nad

9abf27e637ee7a85d0fc288bfcc732cb.ppt

  • Количество слайдов: 21

Guardium - kako obezbijediti sigurnost i kontrolu nad podacima Peter Pavkovič, IBM peter. pavkovic@si. Guardium - kako obezbijediti sigurnost i kontrolu nad podacima Peter Pavkovič, IBM peter. [email protected] ibm. com © 2010 IBM Corporation

Agenda Zašto sigurnost baza podataka Šta je to Guardium arhitektura Sažetak © 2010 IBM Agenda Zašto sigurnost baza podataka Šta je to Guardium arhitektura Sažetak © 2010 IBM Corporation

3 Database Servers Are The Primary Source of Breached Data “Although much angst and 3 Database Servers Are The Primary Source of Breached Data “Although much angst and security funding is given to offline data, mobile devices, and end-user systems, these assets are simply not a major point of compromise. ” - 2009 Data Breach Investigations Report …up from 75% in 2009 Data Breach Report from Verizon Business RISK Team Source: http: //www. verizonbusiness. com/resources/security/reports/2009_databreach_rp. pdf Note: multi-vector breaches counted in multiple categories © 2010 IBM Corporation

How are data breaches discovered? © 2010 IBM Corporation How are data breaches discovered? © 2010 IBM Corporation

Database Activity Monitoring: Three Key Business Drivers 1. Prevent data breaches • Mitigate external Database Activity Monitoring: Three Key Business Drivers 1. Prevent data breaches • Mitigate external and internal threats 2. Ensure data integrity • Prevent unauthorized changes to sensitive data 3. Reduce cost of compliance • Automate and centralize controls Across DBMS platforms and applications Across SOX, PCI, SAS 70, … • Simplify processes © 2010 IBM Corporation

Database Danger from Within “Organizations overlook the most imminent threat to their databases: authorized Database Danger from Within “Organizations overlook the most imminent threat to their databases: authorized users. ” (Dark Reading) “No one group seems to own database security … This is not a recipe for strong database security” … 63% depend primarily on manual processes. ” (ESG) Most organizations (62%) cannot prevent super users from reading or tampering with sensitive information … most are unable to even detect such incidents … only 1 out of 4 believe their data assets are securely configured (Independent Oracle User Group). http: //www. darkreading. com/database_security/app-security/show. Article. jhtml? article. ID=220300753 http: //www. guardium. com/index. php/landing/866/ © 2010 IBM Corporation

The Compliance Mandate DDL = Data Definition Language (aka schema changes) DML = Data The Compliance Mandate DDL = Data Definition Language (aka schema changes) DML = Data Manipulation Language (data value changes) DCL = Data Control Language © 2010 IBM Corporation

Why is database auditing so challenging? 8 © 2010 IBM Corporation Why is database auditing so challenging? 8 © 2010 IBM Corporation

How are most databases audited today? Reliance on native audit logs within DBMS • How are most databases audited today? Reliance on native audit logs within DBMS • • • Lacks visibility and granularity • Privileged users difficult to monitor • Tracing the “real user” of application is difficult • Level of audit detail is insufficient Inefficient and costly • Impacts database performance • Large log files provide little value • Different methods for each DB type No segregation of duties • DBAs manage monitoring system • Privileged users can bypass the system • Audit trail is unsecured © 2010 IBM Corporation

Osnovne funkcionalnosti Guardium rješenja Pračenje aktivnosti u realnom vrjemenu (auditing) Zabrana internih/internetnih napada i Osnovne funkcionalnosti Guardium rješenja Pračenje aktivnosti u realnom vrjemenu (auditing) Zabrana internih/internetnih napada i gubljenje podataka Pračenje promjena na podatkovnoj bazi Zabrana/pračenje pristupa administratora podatkovnih baza Identifikacija prevara na aplikacijskom nivou Provjeravanje novih “patch”-ova na podatkovnim bazama “Data privacy accelerator” – unaprjed definirane politike, izvještaji, automtsko obavještavanje u realnom vrjemenu © 2010 IBM Corporation

Real-Time Database Monitoring with Info. Sphere Guardium Host-based Probes (S-TAPs) • • • Collector Real-Time Database Monitoring with Info. Sphere Guardium Host-based Probes (S-TAPs) • • • Collector Non-invasive architecture – Outside database – Minimal performance impact (23%) – No DBMS or application changes Cross-DBMS solution 100% visibility including local DBA access • • Enforces separation of duties Does not rely on DBMS-resident logs that can easily be erased by attackers, rogue insiders Granular, real-time policies & auditing – Who, what, when, how Automated compliance reporting, signoffs & escalations (SOX, PCI, NIST, etc. ) © 2010 IBM Corporation

What does Guardium monitor? SQL Errors and failed logins DDL commands (Create/Drop/Alter Tables) SELECT What does Guardium monitor? SQL Errors and failed logins DDL commands (Create/Drop/Alter Tables) SELECT queries DML commands (Insert, Update, Delete) DCL commands (Grant, Revoke) Procedural languages XML executed by database Returned results sets 12 © 2010 IBM Corporation

Fine-Grained Policies with Real-Time Alerts Application Server 10. 9. 244 Database Server 10. 9. Fine-Grained Policies with Real-Time Alerts Application Server 10. 9. 244 Database Server 10. 9. 56 © 2010 IBM Corporation

Identifying Fraud at the Application Layer Marc Joe Issue: Application server uses generic service Identifying Fraud at the Application Layer Marc Joe Issue: Application server uses generic service account to access DB – Doesn’t identify who initiated transaction (connection pooling) User Application Server 14 Database Server Solution: Guardium tracks access to application user associated with specific SQL commands – Out-of-the-box support for all major enterprise applications (Oracle EBS, People. Soft, SAP, Siebel, Business Objects, Cognos…) and custom applications (Web. Sphere…. ) © 2010 IBM Corporation

Guardium u SAP okolini Upotreba za sve SAP module – SAP ERP, SAP CRM, Guardium u SAP okolini Upotreba za sve SAP module – SAP ERP, SAP CRM, SAP BI, . . . Guardium ima poseban “plug-in” za SAP © 2010 IBM Corporation

Data-Level Access Control: Blocking Without Inline Appliances “DBMS software does not protect data from Data-Level Access Control: Blocking Without Inline Appliances “DBMS software does not protect data from administrators, so DBAs today have the ability to view or steal confidential data stored in a database. ” Forrester, “Database Security: Market Overview, ” Feb. 2009 Application Servers Production Traffic Privileged Users Issues SQL Outsourced DBA Connection terminated Datalevel Access Control Hold SQL Oracle, DB 2, SQL Server, etc. Check Policy On Appliance Policy Violation: Drop Connection (or Quarantine User ) Session Terminated © 2010 IBM Corporation

Vulnerability & Configuration Assessment Architecture Based on industry standards (DISA STIG & CIS Benchmark) Vulnerability & Configuration Assessment Architecture Based on industry standards (DISA STIG & CIS Benchmark) Customizable – Via custom scripts, SQL queries, environment variables, etc. Combination of tests ensures comprehensive coverage: – Database settings – Operating system – Observed behavior DB Tier (Oracle, SQL Server, DB 2, Informix, Sybase, My. SQL) Database User Activity OS Tier (Windows, Solaris, AIX, HPUX, Linux) Tests • Permissions • Roles • Configurations • Versions • Custom tests • Configuration files • Environment variables • Registry settings • Custom tests © 2010 IBM Corporation

Vulnerability Assessment Example Historical Progress or Regression Overall Score Detailed Scoring Matrix Filter control Vulnerability Assessment Example Historical Progress or Regression Overall Score Detailed Scoring Matrix Filter control for easy use © 2010 IBM Corporation

Broad Platform Supported Platforms Oracle 8 i, 9 i, 10 g (r 1, r Broad Platform Supported Platforms Oracle 8 i, 9 i, 10 g (r 1, r 2), 11 g. R 2 Oracle (ASO, SSL) 9 i, 10 g (r 1, r 2), 11 g Microsoft SQL Server 2000, 2003, 2008 Microsoft Share. Point 2007, 2010 IBM DB 2 (Linux, Unix, Linux for System z) 9. 1, 9. 5, 9. 7 IBM DB 2 for z/OS 7, 8, 9 IBM DB 2 (Windows) 9. 1, 9. 2, 9. 5, 9. 7 IBM DB 2 for i. Series V 5 R 2, V 5 R 3, V 5 R 4, V 6 R 1 IBM Informix 7, 9, 10, 11. 5 Oracle My. SQL and My. SQL Cluster 4. 1, 5. 0, 5. 1 Sybase ASE 12, 15. 5 Sybase IQ 12. 6, 15 Teradata 6. x, 12, 13 Netezza 4. 5 Postgre. SQL 19 Supported Versions 8 © 2010 IBM Corporation

Info. Sphere Security and Privacy Portfolio Discovery Encryption Expert Guardium Optim Test Data Management Info. Sphere Security and Privacy Portfolio Discovery Encryption Expert Guardium Optim Test Data Management Optim Data Redaction Optim Data Privacy Solution © 2010 IBM Corporation

Pitanja © 2010 IBM Corporation Pitanja © 2010 IBM Corporation