All Products
Search

This Product

    Cloud Firewall:Best practices for database security defense

    Document Center

    Cloud Firewall:Best practices for database security defense

    Last Updated:Jun 27, 2024

    The intrusion prevention feature of Cloud Firewall can defend against intrusions into common databases.

    Requirements for database security defense

    A database is a system for an enterprise to manage and store data resources. A database stores large amounts of valuable and sensitive data. As a result, databases become the primary target of attacks. Database security is vital to normal business operations and the growth of enterprises.

    Databases may face the following major security threats:

    • Brute-force attacks

      Brute-force attacks directly cause databases to be compromised.

    • Database application vulnerabilities

      For example, Common Vulnerabilities and Exposures (CVE) of databases may cause denial-of-service (DoS) attacks on database applications, malicious command execution, or data breaches.

    • Malicious command execution and file reading or writing

      For example, attackers call high-risk stored procedures or functions, which may cause malicious command execution and file reading or writing.

    • Data theft and breaches

      Attackers sell stolen data or defraud others, which results in economic loss.

    Solution provided by Cloud Firewall

    The intrusion prevention feature of Cloud Firewall can defend against intrusions into the following types of databases:

    • MySQL

    • Microsoft SQL Server

    • Redis

    • PostgreSQL

    • Memcache

    • MongoDB

    • Oracle

    How to use Cloud Firewall to prevent intrusions to databases

    The Alibaba Cloud security team continuously tracks and studies database intrusions and their preventive measures, and has accumulated rich experience in intrusion prevention. The prevention rules formulated based on the experience greatly enhance the database security defense of Cloud Firewall.

    To ensure the normal running of a database, Cloud Firewall provides multi-point prevention against all the risks that the database faces.

    • Brute-force attacks

      Threat intelligence: The threat intelligence feature of Cloud Firewall can detect network-wide attacks and block scans or intrusions in advance.

    • Database application vulnerabilities

      Virtual patching: The virtual patching feature of Cloud Firewall prevents the high-risk application vulnerabilities of databases.

    • Malicious command execution and file reading or writing

      Basic protection: The basic protection feature of Cloud Firewall blocks malicious operations in real time. The operations include system file operations, webshell writing, and the call of stored procedures or user-defined functions (UDFs).

    • Data theft and breaches

      High-risk SQL blocking: The basic protection feature of Cloud Firewall blocks data breach operations in real time to prevent data from being stolen.

    Procedure

    1. Log on to the Cloud Firewall console.

    2. In the left-side navigation pane, choose Prevention Configuration > IPS Configuration.

    3. On the IPS Configuration page, select Loose for Block Mode in the Threat Engine Mode section. Block Mode

    4. Turn on Threat Intelligence in the Threat Intelligence module of the Advanced Settings section. Threat Intelligence

    5. Turn on Basic Policies in the Basic Protection module of the Advanced Settings section. Basic Policies

    6. Turn on Patches in the Virtual Patches module of the Advanced Settings section. Virtual Patches