The intrusion prevention feature of Cloud Firewall can defend against intrusions into common databases.

Requirements for database security defense

A database is a system for an enterprise to manage and store data resources. A database stores large amounts of valuable and sensitive data. As a result, databases become the primary target of attacks. Database security is vital to normal business operations and the growth of enterprises.

Databases may face the following major security threats:

  • Brute-force attacks

    Brute-force attacks directly cause databases to be compromised.

  • Database application vulnerabilities

    For example, Common Vulnerabilities and Exposures (CVE) of databases may cause denial-of-service (DoS) attacks to database applications, malicious command execution, or data breaches.

  • Malicious command execution and file reading or writing

    For example, attackers call high-risk stored procedures or functions, which may cause malicious command execution and file reading or writing.

  • Data theft and breaches

    Attackers sell stolen data or defraud others, which results in economic loss.

Solution provided by Cloud Firewall

The intrusion prevention feature of Cloud Firewall can defend against intrusions into the following types of databases:
  • MySQL
  • Microsoft SQL Server
  • Redis
  • PostgreSQL
  • Memcache
  • MongoDB
  • Oracle

How to use Cloud Firewall to prevent intrusions to databases

The Alibaba Cloud security team continuously tracks and studies database intrusions and their preventive measures, and has accumulated rich experience in intrusion prevention. The prevention rules formulated based on the experience greatly enhance the database security defense of Cloud Firewall.

To ensure the normal running of a database, Cloud Firewall provides multi-point prevention against all the risks that the database faces.
  • Brute-force attacks

    Threat intelligence: The threat intelligence feature of Cloud Firewall can detect network-wide attacks and block scans or intrusions in advance.

  • Database application vulnerabilities

    Virtual patching: The virtual patching feature of Cloud Firewall prevents the high-risk application vulnerabilities of databases.

  • Malicious command execution and file reading or writing

    Basic protection: The basic protection feature of Cloud Firewall blocks malicious operations in real time. The operations include system file operations, webshell writing, and the call of stored procedures or user-defined functions (UDFs).

  • Data theft and breaches

    High-risk SQL blocking: The basic protection feature of Cloud Firewall blocks data breach operations in real time to prevent data from being stolen.

Procedure

  1. Log on to the Cloud Firewall console.
  2. In the left-side navigation pane, choose Intrusion Prevention > Prevention Configuration.
  3. On the Prevention Configuration page, select Loose for Block Mode in the Threat Engine Mode section. Block Mode
  4. Turn on Threat Intelligence in the Threat Intelligence module of the Advanced Settings section. Threat Intelligence
  5. Turn on Basic Policies in the Basic Protection module of the Advanced Settings section. Basic Policies
  6. Turn on Patches in the Virtual Patches module of the Advanced Settings section. Virtual Patches