The wide-band Internet service, the mobile tools changed the life of people drastically. The number of people considering the Internet as an everyday activity tool is increasing fast. The users are served invisibly by the millions of database servers providing the data for the various platforms. The protection of these systems does often not reach the minimum level which is partly due to the fact that the database servers have no easy and reliable protection solutions. By developing the SQLShield we would like to provide a solution for this problem. Our objective consisted of creating a database protection tool at the level of a modern application.
The multi-decade IT security, the special firewall designing and developing practice of the engineer team guarantees that the created tool provides the widest possible protection. The finished tool can provide protection against the majority of the known attacks. In addition – based on the database and the normal user’s habits – it is able to learn the characteristics of the proper operation, in this way it is possible to protect against the attacks that were unknown earlier.
Main security functions of the system
- The protection against the SQL injection detects the attempts aiming at dodging the protection of the web application, it is possible to avoid that the web-server hacker retrieves data, destroys the database or tries to run an unauthorised program on the database server.
- The protection against the data leakage hinders the attacker in having access to the data of the system even in case of a fully compromised client (web-based or traditional application, stolen access data, etc.).
- Basic database access control functions:
- The restriction of the connection to the database according to the user’s network information (source address, network, etc.), according to the database user or the date or the time interval,
- Enforcing the SSL/TLS protected connection, checking the certificate shown by the connected user, restriction based on its characteristics,
- Certain database operations or operation groups (e.g. writing) can be permitted or banned according to the users or other features,
- the database assures server-independent audit possibility, the important operations can be logged based on various decision possibilities (source address, user, etc.)
- provides the possibility of reporting based on various standards (PCI-DSS, etc.)
- Protection against the puffer overflow at protocol level
Development of a database protection tool at the level of the innovative application
HUF 36 215 760,- Which takes place with the support of the European Union and the co-financing of the European Regional Development Fund.
Name of beneficiaries:
Andrews IT Engineering Kft.