McAfee Database Security Franz Huell Enterprise Technology Specialist, EMEA Select GETDATE () select SYSDATE select CURDATE () select CURRENT DATE: 19.03.2015
McAfee Database Security Rundumschutz für die Datenbank: Wie kann ich meine wichtigen Datenbanken erfolgreich absichern DOAG Regionaltreffen 19-mar-2015 2
Copyright 2015 McAfee, Inc. The McAfee logo is a trademark or registered trademark of McAfee, Inc. in the United States and other countries. Other names and brands may be claimed as the property of others. Copyright 2015 Intel Corporation. All rights reserved. Intel, the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries. Other names and brands may be claimed as the property of others. 3
Rätsel 1 date function select CURRENT DATE select CURDATE() select SYSDATE select GETDATE() select CURRENT_DATE Database DB2 MySQL ORACLE SQL SERVER / SYBASE TERADATA 4
Rätsel 2 5 http://www.beverland-resort.de
6 http://www.beverland-resort.de
Vorstellung McAfee und Datenbank Sicherheit McAfee und Intel Franz Hüll Enterprise Technology Specialist Database Security 7
Die ANGREIFER sind MITTEN unter uns 10
Sicherheit in Silos Nur ein integriertes Sicherheitskonzept bietet den nötigen Schutz Sicherheitslage Gesamtkosten Point Products Schichtweiser Ansatz Verfehlt ein Produkt schützt das nächste Integriertes Sicherheitskonzept Reaktiv ZEIT Optimiert 11
Der Bedarf für Kontext & Integration Nachträgliche proprietäre Integration erzeug Abhängigkeiten und Fehlerquellen Identity Management Mail Gateway Web Gateway App & Change Control Database Security Network Firewall IPS Anti-Malware Encryption Vulnerability Management SECURITY MANAGEMENT Access Control HIPS Data Protection Mobile Security Virtualization Threat Analysis 12
Data Exchange Layer Sicherheitskomponenten agieren als Eins und nicht mehr in Silos Web Gateway Database Security Identity Management IPS Data Protection App & Change Control Network Firewall Mail Gateway Vulnerability Management Web Gateway IPS Database Security Encryption Anti-Malware Identity Management App & Change Control SECURITY MANAGEMENT Network Firewall Anti-Malware Vulnerability Management Access Control Mail Gateway Mobile Security HIPS Virtualization Access Control Data Protection Mobile Security HIPS Virtualization Threat Analysis Data Exchange Layer 13
Sensor Database Security Database Activity Monitoring (DAM) Virtual Patching for Databases (VPT) Vulnerability Manager for Databases (VMD) Monitoring Technology Scan Technology Database Database Databases 15
Sensor Datacenter Security Suite for Databases (standalone / none epo) Datacenter Security Suite for Databases (epolicy Orchestrator / epo) Database Activity Monitoring (DAM) Virtual Patching for Databases (VPT) Vulnerability Manager for Databases (VMD) Vulnerability Manager for Databases (VMD) Database Activity Monitoring (DAM) Virtual Patching for Databases (VPT) Monitoring Technology Scan Technology Scan Technology Monitoring Technology Database Database Databases Sensor McAfee Agent 17
Sicherheits Überprüfung der Datenbanken Durchführung verschiedener Security Scans Suche nach sensiblen Daten Schutz der Applikationsdaten Audit hochprivilegierter Nutzer Absicherung sensibler Datenbankoperationen und daten Trennung von Zuständigkeiten Compliance und firmeninterne Security Policies Erfahrungen aus konkreten Projekten Installation und Testen 18
McAfee Vulnerability Manager for Databases Data at Rest What s in the scan? 19
McAfee Vulnerability Manager for Databases Scan Library including more than 5.100+ Single tests 20
McAfee Vulnerability Manager for Databases Centralized Management Integration into SIEM tools Communication with Database Activity Monitoring Reporting and Alerting based on Severity and Criticality 21
McAfee Vulnerability Manager for Databases Database Scans: Scanning for... General Auditing settings Backdoor Detection DB Configuration checks Patchlevel Scan for Vulnerabilities Custom checks 22
McAfee Vulnerability Manager for Databases Database Scans: Scanning for... Vulnerabililty & Patch List of Vulnerabilities Patch & Version level Missing patches 23
McAfee Vulnerability Manager for Databases Database Scans: Scanning for... Passwords Default Password Passwords from Dictionary Default 170,000 Bigger 1.7 Million Customizable No account locked 24
McAfee Vulnerability Manager for Databases Database Scans: Scanning for... Benchmarking CIS PCI-DSS STIG Customer Security Policy Custom 25
McAfee Vulnerability Manager for Databases Database Scans: Scanning for... Data Discovery Payment Data Discovery Encryption Discovery Address Data Discovery Password Discovery Custom checks... 26
McAfee Vulnerability Manager for DB: Enterprise Deployment Cloud DB ESM Network Connectivity to Databases (SQL-Connect) McAfee Database Security Server / McAfee Policy Orchestrator (epo) DB DB DB DB DB DB DB DB DB DB DB 27
Supported Platforms 28
Sicherheits Überprüfung der Datenbanken Durchführung verschiedener Security Scans Suche nach sensiblen Daten Schutz der Applikationsdaten Audit hochprivilegierter Nutzer Absicherung sensibler Datenbankoperationen und daten Trennung von Zuständigkeiten Compliance und firmeninterne Security Policies Erfahrungen aus konkreten Projekten Installation und Testen 30
31
Data in Use Whats in the parcel? 32
Why? Quickest deployment Software based Audit and Security without performance penalty Encrypted networks Virtualization, cloud 34
3rd Generation Execution Plan we see the objects 35
Datenbank Check network 'select * from cr' 'e' 'ditc' chr(63+3-1) translate traffic ('XY','YX','dr') SQL Statement 'select * from creditcard' 'select * from cr' 'e' 'ditcard' 'select * from cr' 'e' 'ditc' chr(65) 'rd' 'select * from cr' 'e' 'ditc' chr(63+3-1) 'rd' 'select * from cr' 'e' 'ditc' chr(63+3-1) translate ('XY','YX','dr') Network based Solution?? Memory Based Solution 36
Datenbank Check network 'create view tempview as select * from traffic tempsyn' 'select * from tempview' SQL Statement 'select * from creditcard' 'create synonym tempsyn for cr' 'e' 'ditc' chr(63+3-1) translate ('XY','YX','dr') 'select * from tempsyn' 'create view tempview as select * from tempsyn' 'select * from tempview' Network based Solution Memory Based Solution 37
McAfee Database Activity Monitoring Execution Plan Synonym View Table Netzwerkverschlüsselung 38
Listener Bequeath 1 From the network 2 From the host 3 From within the database (Intra-DB) DB ADMINS SYS ADMINS PROGRAMMERS Local Connection DBMS Stored Proc. SAP Network Connection Shared Memory Data Trigger View intra-db threats 39
McAfee Database Activity Monitoring: Enterprise Deployment Cloud DB ESM Network McAfee Database Security Server DB DB DB DB DB DB DB DB DB DB DB 40
No Downtime 42
Rules Generic Groups Groups relevant to all applications and databases. weekday or time Application specific groups Groups specified per application. <app>_db_admins or user or account Recommended Rules Specify custom rules to create and protect customer databases. Restrict <app> sensitive table access 43
Session Context Sensor Session ID User (DB Account) Executing User OS User CMD Type (SQL Command) Log On Time Instance (DB Name) Application (also module name) IP Addresse Host Name (computer name) 45
Security Connected LDAP Server LDAP Vulnerability Manager for Databases Database Activity Monitoring Database Activity Monitoring McAfee ESM ESM Datenbank ORCL Custom Scan Who Has DBA Role? user not in LDAP_Group and user in DBA_role_Group Applikation / Tool Connect Black_DBA Connect Blue_DBA 46
Why a virtual patch? 47
Virtual Patching for Databases High priority: Productivity 1st NO Downtime NO (few) Patches NO Upgrade Verfügbarkeit der Datenbank 24 x 7 Old database versions, no support by the vendor Applications & Patching? 48
Virtual Patching = Compensating Control http://www.mcafee.com/hk/resources/misc/infographic-virtual-patching.pdf 49
Real Patching 50
Virtual Patching (vpatch) Non intrusive NO change of any Libraries Executables Binaries Just driven by Rules (>500) Monitors access (statements) to the Database 51
Virtual Patching Days or Weeks Days or Weeks Hours or Days Report Analyze Patch Install Weeks or Months Months or Years Weeks or Months or NEVER McAfee vs. DB-Vendor 52
More information 1. McAfee Vulnerability Manager for Databases http://www.mcafee.com/de/resources/data-sheets/ds-vulnerability-manager-for-databases.pdf 2. McAfee Database Activity Monitoring http://www.mcafee.com/de/resources/data-sheets/ds-database-activity-monitoring.pdf 3. McAfee Virtual Patching for Databases http://www.mcafee.com/de/resources/data-sheets/ds-virtual-patching-for-databases.pdf 53
Supported Platforms 54
Sicherheits Überprüfung der Datenbanken Durchführung verschiedener Security Scans Suche nach sensiblen Daten Schutz der Applikationsdaten Audit hochprivilegierter Nutzer Absicherung sensibler Datenbankoperationen und daten Trennung von Zuständigkeiten Compliance und firmeninterne Security Policies Erfahrungen aus konkreten Projekten Installation und Testen 55
Demo 56
Franz Huell Enterprise Technology Specialist, EMEA Database & Datacenter Security McAfee. Part of Intel Security. Office: +49.89.3707.1666 Mobile: +49.171.7666475 Mail: Franz_Huell@Mcafee.com 57