Write it at the front
Welcome to focus on the likes collection ️ Leaving a message.
️ Today's share ：

Advise you not to cherish the wisp of gold , Advise you to cherish the youth .

  Preface

  Function performance relationship

Technology Outlook

  Unified database access interface

  Security audit

  Real time desensitization

  Access control and permission control

  Operation and maintenance work order approval

  Database running state monitoring

  Database vulnerability scanning

  machine learning

Write it at the end

  Preface

    While the voice for data security is getting louder and louder , More and more security vendors are constantly exploring appropriate solutions , Database firewall is definitely a topic that cannot be bypassed , It can be said that it is knife stone It's also Epigraph .

    With constant exploration , The use of database firewall on the O & M side can really play a greater role , according to Conservation of energy and Entropy increase is irreversible Two laws of the universe , Reduce requirements for performance and high availability , thus to turn to Develop more o & M management functions , Database firewall becomes more and more dazzling in iterative update .

  Function performance relationship

    performance 、 Usability, etc Nonfunctional requirements It is easy to be ignored in the initial requirement scheme analysis stage of the product , Performance and availability often affect the implementation of products , Including functional architecture 、 Mode of operation 、 Interface display 、 Background processing methods, etc . Therefore, at the beginning of product design, we should consider performance 、 Usability 、 Security 、 Environmental requirements And other non functional requirements .

    The performance of database firewall mainly considers two aspects ： Delay and Concurrent . If it is used on the operation and maintenance side , The requirements for real-time performance are not as high as those for access services , But as many functions as possible , More integrated into the operation and maintenance scenario .

    During the requirement analysis of database firewall , That is to say in the light of Operation and maintenance objects 、 Functions required for operation and maintenance , Consider response time 、 throughput 、 Concurrent requirements , Conduct Demand analysis and The product design . Database firewall is a kind of software product license Control the use of , Performance size 、 Function module Can be controlled by the authorization certificate .

Technology Outlook

    First clear Product positioning is operation and maintenance management , For many third-party personnel involved in operation and maintenance 、 Government and enterprise organizations with a large number of internal management personnel , Create a one-stop operation and maintenance control platform , Integrate more functions required for operation and maintenance , Avoid more risk exposures . The next analysis Use object and Operation and maintenance scenarios .

  Protection body ： database .

  Use object ：DBA、 insiders 、 Third party personnel 、 Development testers, etc .

  The scenarios involved are all around the database operation behavior , For example, monitoring the running status of hundreds of databases 、 Whole process audit and monitoring of database operation behavior 、 Operation and maintenance end access control 、 Identity authentication and authority control .

  The product should support SaaS turn , Support cloud deployment .

  Unified database access interface

    In the O & M scenario , adopt One The interface platform implements the following functions: all Database access , And support single sign on , So a database connection tool can operate all databases , The advantage is to improve data operation efficiency and reduce risk points , And 4A The design concept of is a bit like .

  Security audit

    For the operation and maintenance end, the database access behavior is realized Full audit , Including login and logout of operation and maintenance account 、 Access terminal IP Address , It is convenient to go back afterwards , Real time alarm for high-risk operation .

  Real time desensitization

    Deploy through proxy mode , If the O & M end accesses the sensitive data table , Can target Return results Real time desensitization , Prevent data leakage , This dynamic desensitization technology is Result set rewrite and SQL Statement rewriting technology , The dynamic desensitization of the database layer is realized through the reverse proxy of the database protocol .

  Access control and permission control

    At the O & M end, it is carried out according to different personnel levels Confer authority on , Realize the separation of personnel operation authority and fine-grained control , Strictly control the behavior and process of database operation .

  Operation and maintenance work order approval

    If the operation and maintenance personnel conduct operations beyond their own authority , This operation will be blocked , And prompt the user to initiate Examination and approval of power raising technological process . Relax the operation authority during working hours , For operations in non working time periods, approval rules can be set according to requirements , Optimize the approval process according to business scenarios , This is the best way to docking OA System , Convenient for approval .

  Database running state monitoring

    It can realize various operation indexes of the database Comprehensive real-time monitoring . The system can find and identify database exceptions and potential performance problems , And report database exceptions to the administrator in time , Through the statistical analysis report for each operation index , Help administrators 、 Operations staff 、 Decision makers have a multi perspective understanding of the database Running state , So as to better respond to the needs and planning of the database .

  Database vulnerability scanning

    because SQL Injection attacks and database vulnerability attacks Concomitant , The database firewall should have the functions of database vulnerability detection and defense . And the virtual patch function is also very important , Implement virtual patches , The key point is on the requested path Set the detection point , Block illegal requests , Let the protected database itself The vulnerability is invisible , So as to achieve “ Bug repair ” Purpose .

  machine learning

    Security policy support machine learning . The learning period can be customized , And complete the sentences based on the learning period 、 Session modeling and analysis , Build a database security protection model , Realize database oriented active prevention and real-time audit mechanism .

Write it at the end

    The database firewall is at the O & M end Outstanding performance It's worth studying , There are still a lot of requirements for this scenario , Technological evolution will only become more and more exciting , The points mentioned above are all basic functions , There is not much discussion about technical implementation , This integrated operation and maintenance control platform used to be used for compliance inspection , Now? Focus on practicality , Who doesn't want to solve the database operation and maintenance work on one platform .

    The development of technology is There is no end Of , There is no end to the need for security . As long as the threat evolves , Technology is innovating , The means of defense need to evolve To balance . As the user's demand increases , I also wish data security enthusiasts can constantly break the border , Take great strides to go deeper into technology .

Because my personal level is really limited , deficiencies , Please help to correct , The above contents are shared for reference and learning only , If there is any infringement , Please contact me to delete .