All Products
Search
Document Center

Security Audit

Last Updated: Jun 02, 2020

This topic describes DAS Security Audit function and its usage.

Background

Database, as one of the most important assets of enterprises, is facing the threat of external attacks, dangerous internal operations, data leakage.

DAS Security Audit function with bypass technology can do real-time collection and intelligent analyzation of various operations on the database server so that risks like high-risk SQL, SQL injection, New Access Sourc and etc. can be automatically identified.

Prerequisite

Access the corresponding database instance in DAS console in advance, and the status should be shown as normal. It should be noted that this feature currently only supports self-built MySQL databases.Details of accessing database instances can be found in the document introducing Access Other On-premise Database Instances.

High-risk SQL

Three kinds of high-risk SQL shown below can be identified automatically by DAS according to the predefined rule base.

  • DDL (operations including to create table, alter table, modify index, rename table and tec.)
  • Full table updates (operations like update and delete over the whole table)
  • Large requite, which is supposed to meet any conditions below in default
    • Number of rows scanned >= 1,000,000
    • Number of rows returned >= 100,000
    • Number of rows updated >= 100,000

SQL Injection

SQL injection is a kind of attack which seriously compromise the health of the database via inserting SQL commands into web requests including form, domain or page requests and ultimately results in malicious SQL commands being executed by the server in trick.
DAS continuously monitors and identifies the presence of SQL injections in the database and finds the source of the access.

New Access Sourc

DAS is able to identify the source of new access automatically by comparing with access history,and to help users be aware of unknown host which is accessing or reading data from database.

By default, access sources which haven’t appeared during last 7 days would be regarded as new access sources.

Operation Procedure

The DAS Security Audit function is disabled by default and can be enable following the steps below.The DAS Security Audit function will be enable simultaneously if the Full SQL feature is activated.

  1. Log into the DAS console.
  2. Click Instance Monitoring on the lift navigation bar.
  3. Click the target instance and go to the instance detail page.
  4. Click Security Audit on the left navigation bar.
  5. Click Enable and click OK in the pop-up box.

Click Disable Security Audit on the top right corner to turn off the function and the Full SQL feature will also be disabled in meanwhile.