| Database Security Overview |
- Limitations of traditional DBMS auditing and logging solutions
Most DBA are reluctant to turn on database-resident tools such as logging, SQL trace, or native database auditing functions.
• Do not satisfy auditor¡¯s requirements for an independent audit trail : database logs can be changed easily
• Do no provide all of the information required by auditors
• Significantly reduce database performance
• Fill up their disks quickly
• Finding the suspicious event is complex and time-consuming
• Do not provide any real-time protection
• Can¡¯t control the accesses based on the each users
- Key functionalities for Database Security
• Additional authentication mechanism - Session ramification
• Database policy-based access control - including real time alerting and denial
• Database intrusion detection/prevention - Real-time and before the fact
• Data access monitoring
• Error monitoring
• Auditing
¤ýSELECT on privacy sets
¤ýDML on sensitive objects
¤ýFull audit trails
• Customized compliance reporting and alerting
| dGriffin Special Features |
- Authentication
• DBMS inside auth mechanism is not enough to identify every users who are sharing the same DB accounts
• dGriffin has an additional authentication functionality
¤ýEvery users have their own ID ( PC IP is the best candidate for ID) and password
¤ýdGriffin checks security rules defined in the dGriffin repository and displays an authentication window on
the PC screen (see below picture)
¤ýUser gives password and dGriffin Server transfers it to authentication server
¤ýAuthentication server checks it and gives the result to dGriffin server
¤ýdGriffin server opens a new session to DBMS
¤ýUser can start to execute SQL
• No limitations to SQL tools (TOAD, Golden, SQL*Plus, etc)
• Ask authentication in specific situations according to security rules in dGriffin repository
¤ýWhen the user is trying to access sensitive tables (select salary from employee...)
¤ýWhen the user is trying to execute DDL ( drop table...)
• Approval functionality : The user can execute an SQL after getting an approval from DBA or manager
- Powerful Repository and Space saving Mechanism
• dGriffin is using memory based RDBMS ( called SOHA ) for its repository, developed internally
¤ýSOHA has a partitioning functionality in saving data
¤ýFor database backup, just copy log files into backup directory.
And restore backup files in backup directory when needed
• When SQL is executed repeatedly, dGriffin save SQL ID instead of SQL text to save disk space
(Some DB Security Tools are saving the same SQL every time when it is executed. In this case,
tremendous disk space is required for just saving SQL text)
• dGriffin can log return data for a SELECT statement, as you see below picture
| System Configuration |
- General Configuration
• dGriffin is using three kinds of base technology : Sniffing, Gateway, Agent
• According to the requirements of customer, dGriffin can be configured differently
[ Hybrid Configuration ]
[ Configuration Ratio of dGriffin Customers ]
• dGriffin is supporting various RDBMS Systems including Oracle, SQL Server, Sybase ASE, DB2, Altibase
• Regardless of the RDBMS, dGriffin provides the same administration UI and consistent methodology to control
| DBMS |
Version |
| Oracle |
Oracle 7.*, 8, 9i, 10g |
| SQL Server |
SQL Server 2000 |
| Sybase |
ASE 12.5 + |
| DB2 |
DB2(UDB) 8.0 + |
| Altibase |
Altibase 4.5 + |
