Scribd Logo
Importer

Bienvenue sur Scribd !

  • greenSQL Database Firewall

    Transféré par

    Yahya Nursalim
    403 vues33 pages
    GreenSQL is an open source database firewall that protects against SQL injection attacks. It uses several techniques like pattern recognition, heuristic analysis, and whitelisting of normal queries to block malicious SQL code. The firewall can be deployed rapidly and manages databases easily through its web-based GUI. Future plans include adding support for more databases and improving detection of attacks.

    Description originale:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formats disponibles

    PPT, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    GreenSQL is an open source database firewall that protects against SQL injection attacks. It uses several techniques like pattern recognition, heuristic analysis, and whitelisting of normal queries to block malicious SQL code. The firewall can be deployed rapidly and manages databases easily through its web-based GUI. Future plans include adding support for more databases and improving detection of attacks.

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme PPT, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    403 vues33 pages

    greenSQL Database Firewall

    Transféré par

    Yahya Nursalim
    GreenSQL is an open source database firewall that protects against SQL injection attacks. It uses several techniques like pattern recognition, heuristic analysis, and whitelisting of normal queries to block malicious SQL code. The firewall can be deployed rapidly and manages databases easily through its web-based GUI. Future plans include adding support for more databases and improving detection of attacks.

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme PPT, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 33

    GreenSQL

    Yuli Stremovsky
    Email/MSN/Gtalk:
    stremovsky@gmail.com

    http://www.greensql.net/
    Agenda
    • What is SQL Injection?
    • DEMO: Backdoor web server
    • GreenSQL: Detailed Description
    • DEMO: GreenSQL
    • Other solutions
    • Future plans
    What is SQL Injection ?
    • Legitimate Query:
    SELECT * from users where username =
    ‘Alice’ and password = ‘123456’

    • Injected SQL code:


    SELECT * from users where username =
    ‘Alice’ and password = ‘123456’ or ‘1’=‘1’
    SQL Attacks Hazards
    • Bypass Login page
    • Read files
    • Write Files
    • Dump sensitive information
    • Execute system commands
    • Create database back door
    • New Attack: Distribution of Trojans
    Demo: Attack
    • MySQL commands
    – select “text” into outfile “file.txt”
    • Find directory with write permissions
    – templates_c / templates / temp
    – images / files / cache
    C99 Web shell
    Simple Web Shells
    • Execute system commands
    • Simple Web shell:
    <?php system($_GET['cmd']); ?>

    – system() function
    – $_GET['cmd']
    – $_POST['cmd']
    – $_REQUEST['cmd']
    MySQL Attack DEMO
    • More info here:

    http://www.greensql.net/publications/backd
    oor-webserver-using-mysql-sql-injection

    Demo
    Demo
    What is GreenSQL?
    • GreenSQL is a database firewall solution
    • Protects against SQL injection attacks
    • Management console
    • MySQL built in support
    GreenSQL Diagram
    GreenSQL Architecture
    • Reverse Proxy
    • Number of databases
    • Number of backend DB servers
    • Deployment options:
    – Can be installed together with the DB server
    – Can be installed on specialized server
    How Query is Blocked
    • Empty result is sent back to application
    • Application can continue gracefully
    • No TCP reset is send
    • No errors is generated
    GreenSQL Advantages
    • Multiple modes
    – simulation / learning / active protection
    • Easy Management
    • Pattern Recognition (signatures)
    • Heuristics (risk calculation)
    • Open Source
    GreenSQL Advantages 2
    • Cross Platform
    • Rapid Deployment
    • Well established
    • Web application independent
    • The only free security solution for MySQL
    • User Friendly WEB GUI/Management tool
    Supported modes
    • Simulation mode
    • Block suspicious commands
    – Based on overall query risk
    • Learning mode
    – Whilelist patterns of used SQL command
    patterns
    • Block new commands
    – Missing queries in Whitelist will be blocked.
    Easy Management
    • Management GUI
    • IT Orientation
    • Automatic Configuration
    – Learning Mode
    – Blocking mode
    Pattern Recognition
    • Detects administrative commands like:
    – create table/database
    – drop table/database
    – alter table structure
    • Detects information disclosure commands
    – version() / current_user() / show tables
    • Detects privileged commands
    – kill() / create_user() / load_file()
    Example
    Heuristic Analysis
    • Access to sensitive tables increases risk
    query (users, accounts, credit information)
    • SQL Comments
    • Empty password string
    • OR token
    • UNION token
    • SQL tautology (true statement)
    – or 1=1
    Examples - Blocked
    Examples - Blocked
    Whitelist
    Positive & Negative Security

    • Positive Security
    – Learning mode
    – Whitelist

    • Negative security
    – Pattern recognition
    – Heuristic Analyses
    Multiplatform support
    • Linux based:
    – CentOS / OpenSUSE / Fedora / Mandrake
    – Debian / Ubuntu
    • BSD based
    – FreeBSD
    • Windows (beta)
    Rapid Deployment
    • Pre-build packages for popular Linux
    distributions and for FreeBSD
    • Simple installation and configuration
    scripts
    • Two configuration files
    – General configuration / DB settings
    – MySQL patterns
    Not only for Web Apps
    • Defense in depth methodology
    • IT oriented
    • Support legacy applications
    • Does not require application configuration
    change
    • Can be configured to listen on the original
    DB socket which database uses a different
    one.
    Open Source
    • Free
    • Open Source
    • GPL License
    • MySQL support
    Well established
    • Hundreds of newsletter subscribers
    • A bunch of the security reviews and hundreds
    bug fixes
    • Active support forum
    • Production version
    • A bunch of blog reviews
    • Sourceforge version for more that a year.
    • Featured by popular resources:
    – http://www.linux.com/
    – http://www.phpmagazine.net/
    – http://www.tecchannel.de/
    Console - DEMO
    • Demo version is available here:
    • http://demo.greensql.net/
    Related OS Solutions
    • Snort IDS/Prelude
    • ModSecurity
    • PHPIDS
    • MySQL built in security
    • Kernel IDS solutions
    Future Version
    • DB User permissions
    • Support for PostgreSQL
    • Higher heuristic detection
    • More reports
    Thank You
    Yuli Stremovsky
    Email/MSN/Gtalk:
    stremovsky@gmail.com

    More info: http://www.greensql.net/


    Google Database Firewall

    Vous aimerez peut-être aussi