In recent years, with the rapid development of Internet, various industries have entered the information age, the financial sector had started in China in the 1970s; the 1980s has entered the application stage, have introduced the United States, Japan and other advanced information equipment; 1990s major banks and other specialized information systems have been upgraded, keeping up with the pace of international information, the introduction of foreign advanced technology and constantly improve their level of information; the late 1990s, the whole world into the Internet era of rapid development of information technology , and the financial industry as the representative of China's advanced level of information technology is facing unprecedented opportunities and challenges.
Financial sector ordinary course of business can be summed up in the following four parts, namely banking, securities, insurance and other financial services. Banking which include central banks, commercial banks and other banks. Securities owners have stocks, bonds, futures and other investment securities trading activities. Insurance, including life insurance, non-life insurance, insurance ancillary services. Other financial services business is outside of the three businesses, mainly in financial trusts, financial management, financial leasing, finance companies, postal savings, pawn and other unlisted financial activities.
As people's living standards continue to improve, the economy upward, banking growing, emerging businesses continued to emerge, application behavior within the bank tend increasingly complex enterprise networks, data banks and often involves sensitive information public. Bank communication network is generally based on the total acts of the central provinces were acts of sub-centers, covering the hierarchical system backbone network lines around the city, the entire network is responsible for the overall banking business data (including the public, savings, office automation and voice services to ) real-time transmission task. In this way requires high reliability, high security network, but there are security risks for the bank's core database operations, such as non-working time to visit the core business table, non-workplace access to the database, third-party software developers remote access, etc. behavior, may there is a significant security risk.
In order to ensure banking network, business system is stable, reliable, national authorities from the actual security needs of the banking industry, issued the following relevant guidelines and regulations: In 2010, ××× issued the "online banking information system security general specification (Trial) "that the network architecture, data security to be audited; in 2009, the CBRC issued" commercial bank information technology risk management guidelines "; in 2007, the National information security standardization technical Committee issued the" online banking system of information security evaluation criteria "; 2006 CBRC issued "electronic banking business management approach", "e-banking security assessment guide", "banking financial institution information systems risk management guidelines", "commercial Bank compliance risk management guidelines", "China banking regulatory Commission General Office file Yin Jian Ban Tong No. 313 "," insurance companies internal audit guidelines (trial) "," insurance company risk management guidelines (trial) "; in 2002," internal control guidelines for commercial banks. "
In this information technology background, the financial sector followed the trend in the information technology equipment procurement has maintained international advanced level, but only to maintain the advanced nature of the hardware and software systems is not enough. Database as the core and foundation of the financial industry information system, carrying an increasing number of critical business systems, business processes change the operation of the entire process, data, add, delete all stored in the database, saving the customer's profile and a variety of information and funding. Once the information has been tampered with or compromised, not only detrimental to the interests of its citizens, the bank's brand image, and even affect the public order and national interests.
Threats against the network, the financial industry has also taken a number of preventive measures, such as financial information systems in the outermost layer of the deployment of the network firewall, application layer deployed IDS, IPS, WAF, fort and a series of security products, the client terminal also deployed on the appropriate anti-virus software, but security measures have not done enough in the database level.
Demand for business and database security to protect the banking system in the cluster of eight applications, in ANVIZ proposed a "defense in depth" security reinforcement plan for business systems and database systems (Figure 1). The program uses a database behavior audit, the audit business systems, databases, firewalls and transparent encryption technology, can effectively monitor the various operations for databases and business systems, to detect violations of security policy events database and blocking, the program supports the core data encryption, layers of defenses, ensure data security and business banking information system.
Figure 1 ANVIZ for business and database security "defense in depth" program
The main function modules in ANVIZ business and database security "defense in depth" program are as follows:
Risk database scanning. Can the system vulnerabilities database, user content weak passwords, assign permissions, the host operating system vulnerabilities and other regular scan, identify vulnerabilities, and unreasonable risk of configuration items, and timely notify the administrator. Can reduce the risk by scanning the database function, database risks weakening the most human and non-human caused, improve the security of the database, the database is to reduce the risk of ***.
Database status monitoring. Memory usage monitoring database system, buffer management statistics, user connection statistics, information Cache information, lock information, SQL statistical information, database information, scheduled tasks, thread information, key efficiency, such as buffer hit ratio to determine the database system is running It is normal, to ensure the availability and responsiveness of the database system.
Please add a link database operations audit description . Smart parsing technology, the statement sent to the database for analysis and will revert to the operational behavior of SQL statements to the database. Record fine-grained auditing and reports show, for high-risk SQL operations alarm even blocked. For special deployment of business systems (such as applications and database systems deployed on the same stage), or operation and maintenance operations (for example, directly in the operation of the database server, remote desktop access to the database, etc.), database audit conventional methods can not be monitored. ANVIZ in database auditing system can provide local probe deployment of a comprehensive audit to conduct local access to the database, ensure that the audit information 360 degrees without dead ends. Database auditing can conduct illegal operations of database records, tracking and forensics, which is a powerful deterrent to internal cybercrime.
And three related business systems audit. Currently a lot of business banking systems are based on three-tier deployment architecture, browser which uses the foreground, three deployment middleware or Web servers and back-end database server. In this deployment, all database access to the background is performed by the Web application server or middleware, database front-end user does not operate directly. The current mainstream database audit products are often carried out against the behavior of back-end database access records and audit, which creates a problem, that is, when locating specific database operations executive, you can not be associated to the front desk of Web visitors.
Figure 2 audit requirements under the three-tier architecture
中安威士的数据库审计产品支持“全业务流程审计”,可同时监控Web应用系统前台发生的业务行为和后台数据库发生的操作行为。通过将用户登录Web页面后所进行的业务操作(包括用户登录、退出、业务信息的增、删、查、改等)和对数据库的操作(数据的增、删、查、改等)进行关联分析,准确定位数据库的操作源头。
数据库防火墙。数据库防火墙以直联的方式部署于数据库服务器的前端,实时监控应用系统以及管理员对数据库的一切访问活动。数据库防火墙采用了创新的语法分析技术,检查发往数据库的每一条SQL语句,并根据预先制定的策略决定是否让该SQL语句通过,这些策略包括:
主体、客体授权规则:实现粗粒度的访问控制,比如根据操作人员、IP、应用程序、操作时间、数据库表、指定操作等信息实现访问控制;
请求分类规则:通过对业务系统中的数据库访问操作进行自动学习,对事件进行分类,识别普通操作和高危操作;
多关键字匹配:通过关键字及关键字组合快速匹配某条SQL语句,实现对敏感内容的识别和过滤;
正则表达式:可以根据业务系统的实际情况,自定义任意规则对数据操作进行识别和控制。
通过部署数据库防火墙,可以屏蔽掉高危的SQL操作,防止注入***以及对敏感信息的无授权访问,有效避免因外部***、内部非法操作以及误操作所带来的数据被窃取、删除、篡改等风险。
数据库透明加密。通过数据库状态监控、业务和数据库行为审计、数据库防火墙,已经能够确保核心数据资产的安全。对于极端情况,比如DBA权限泄漏、直接复制文件等情况造成的数据泄密,可以通过数据库的透明加密来给数据加上最后一道“锁”。部署了数据库加密以后,数据库管理员获得的信息无法进行正常脱密,从而保证了用户信息的安全。同时,通过加密,数据库的备份内容成为密文,从而能减少因备份介质失窃或丢失而造成的损失。
, Behavior-related business personnel access applications and databases can be performed compliance audits by the above-mentioned database "defense in depth" program for external users (such as user online banking access, website access user) behavior to access the database security protection for the core banking system sensitive data is encrypted in order to achieve defense in depth, and fine-grained audit and database resources of the bank information systems.
The above-described embodiment relates to the security product comprising ANVIZ auditing database, the database and database transparent encryption firewall product, which product comprises three functions as follows:
Meet security compliance inspection requirements from the People's Bank and the Banking and other sectors; to maintain and enhance the image and credibility of the banking institutions; solve the problem of professional security analysis capabilities operation and maintenance personnel issues; assist in the security event forensics and retroactively; to prevent the loss of sensitive information or Give way. Database leak sweep through vulnerability assessment and configuration checks on the banks of the database, reducing the chances of illegal ***; audit records from illegal products effective area of Internet access, database *** behavior, and illegal access and conduct timely warning behavior back; database firewall to prevent "unauthorized use, authority abuse, misappropriation of authority" and other security threats, to enhance the overall safety database defensive effect, effective against all kinds of ***.