SQL Firewall is directly integrated into Oracle Database 23c to effectively address both SQL injection attacks and compromised account issues with minimal impact on database performance.
It offers real-time protection against common database attacks by monitoring and blocking unauthorized SQL and SQL injection attacks from inside the database.
It does this by capturing a set of accepted SQL statements and generating an allow-list for them. After enabling the SQL Firewall, it will create an allow list. SQL statements that fall outside the allow-list can be permitted but logged to a violations list or blocked from executing. Environmental context such as IP address, or calling program, can also be applied, and used for enforcement to ensure access via trusted paths.
By Prabir Kundu,
AVP, Pre Sales and Cloud & Platform Management Services, Path
Features and Benefits of SQL Firewall:
- SQL Firewall delivers real-time defense against common database attacks by limiting database access solely to authorized SQL statements or connections for designated users.
- It effectively counters SQL injection threats, abnormal access patterns, and potential credential misuse or theft by detecting and preventing SQL injection attempts.
- By constructing an allow-list tailored to each database user, and defining permitted SQL actions, the system can swiftly identify, obstruct, and log any unexpected SQL activity.
- Connection paths linked to database connections and SQL statements can be controlled, with SQL Firewall leveraging session context data like IP addresses for further restriction. Unauthorized SQL activities are promptly logged and obstructed.
- This protection extends to various levels, including application service accounts or direct database users, such as reporting users or administrators.
- Utilizing session context data like IP addresses and operating system credentials, SQL Firewall imposes restrictions on how database accounts interact with the database, curbing risks associated with compromised application service account credentials.
- SQL Firewall seamlessly integrates with both root and pluggable databases (PDBs), complementing other Oracle Database security features such as Transparent Data Encryption (TDE), database auditing, and Oracle Database Vault.
- The feature encompasses all SQL commands barring transaction control commands (SAVEPOINT, COMMIT, and ROLLBACK). Furthermore, it supports SQL*Plus commands like PASSWORD and DESCRIBE, along with remote procedure calls (RPC) via database links.
How Does it Work?
Oracle SQL Firewall functions directly within the Oracle Database 23c kernel, scrutinizing each incoming SQL statement, irrespective of its source. Whenever Oracle SQL Firewall identifies a rule violation, it automatically generates a violation log. Nevertheless, you have the flexibility to configure SQL Firewall to either permit or prohibit violating SQL statements. Refer to the diagram below for a visual representation.
In conclusion, Oracle Database 23c’s SQL Firewall offers a robust solution for combating SQL injection attacks and securing compromised accounts. By creating an allow-list for accepted SQL statements and operating within the database kernel, it provides real-time protection with minimal performance impact. With user-specific allow-lists, IP-based access restrictions, and seamless integration with other Oracle security features, SQL Firewall stands as a comprehensive safeguard for modern database environments.
Disclaimer: The content presented in this blog post is sourced from Prabir Kundu’s original LinkedIn blog. To read the full blog click here.