Top Banner
GreenSQL Yuli Stremovsky Email/MSN/Gtalk: [email protected] http:// www.greensql.net /
33
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 2: greenSQL Database Firewall

Agenda

• What is SQL Injection?• DEMO: Backdoor web server• GreenSQL: Detailed Description• DEMO: GreenSQL• Other solutions• Future plans

Page 3: greenSQL Database Firewall

What is SQL Injection ?

• Legitimate Query:

SELECT * from users where username = ‘Alice’ and password = ‘123456’

• Injected SQL code:

SELECT * from users where username = ‘Alice’ and password = ‘123456’ or ‘1’=‘1’

Page 4: greenSQL Database Firewall

SQL Attacks Hazards

• Bypass Login page• Read files• Write Files• Dump sensitive information• Execute system commands• Create database back door• New Attack: Distribution of

Trojans

Page 5: greenSQL Database Firewall

Demo: Attack

• MySQL commands– select “text” into outfile “file.txt”

• Find directory with write permissions– templates_c / templates / temp– images / files / cache

Page 6: greenSQL Database Firewall

C99 Web shell

Page 7: greenSQL Database Firewall

Simple Web Shells

• Execute system commands

• Simple Web shell:<?php system($_GET['cmd']); ?>

– system() function– $_GET['cmd']– $_POST['cmd']– $_REQUEST['cmd']

Page 8: greenSQL Database Firewall

MySQL Attack DEMO

• More info here:

http://www.greensql.net/publications/backdoor-webserver-using-mysql-sql-injection

DemoDemo

Page 9: greenSQL Database Firewall

What is GreenSQL?

• GreenSQL is a database firewall solution

• Protects against SQL injection attacks

• Management console• MySQL built in support

Page 10: greenSQL Database Firewall

GreenSQL Diagram

Page 11: greenSQL Database Firewall

GreenSQL Architecture

• Reverse Proxy

• Number of databases

• Number of backend DB servers

• Deployment options:– Can be installed together with the DB server– Can be installed on specialized server

Page 12: greenSQL Database Firewall

How Query is Blocked

• Empty result is sent back to application

• Application can continue gracefully

• No TCP reset is send

• No errors is generated

Page 13: greenSQL Database Firewall

GreenSQL Advantages

• Multiple modes– simulation / learning / active protection

• Easy Management

• Pattern Recognition (signatures)

• Heuristics (risk calculation)

• Open Source

Page 14: greenSQL Database Firewall

GreenSQL Advantages 2

• Cross Platform

• Rapid Deployment

• Well established

• Web application independent

• The only free security solution for MySQL

• User Friendly WEB GUI/Management tool

Page 15: greenSQL Database Firewall

Supported modes

• Simulation mode

• Block suspicious commands– Based on overall query risk

• Learning mode– Whilelist patterns of used SQL command

patterns

• Block new commands– Missing queries in Whitelist will be blocked.

Page 16: greenSQL Database Firewall

Easy Management

• Management GUI

• IT Orientation

• Automatic Configuration– Learning Mode– Blocking mode

Page 17: greenSQL Database Firewall

Pattern Recognition

• Detects administrative commands like: – create table/database– drop table/database– alter table structure

• Detects information disclosure commands– version() / current_user() / show tables

• Detects privileged commands– kill() / create_user() / load_file()

Page 18: greenSQL Database Firewall

Example

Page 19: greenSQL Database Firewall

Heuristic Analysis

• Access to sensitive tables increases risk query (users, accounts, credit information)

• SQL Comments

• Empty password string

• OR token

• UNION token

• SQL tautology (true statement)– or 1=1

Page 20: greenSQL Database Firewall

Examples - Blocked

Page 21: greenSQL Database Firewall

Examples - Blocked

Page 22: greenSQL Database Firewall

Whitelist

Page 23: greenSQL Database Firewall

Positive & Negative Security

• Positive Security– Learning mode– Whitelist

• Negative security– Pattern recognition– Heuristic Analyses

Page 24: greenSQL Database Firewall

Multiplatform support

• Linux based:– CentOS / OpenSUSE / Fedora / Mandrake– Debian / Ubuntu

• BSD based– FreeBSD

• Windows (beta)

Page 25: greenSQL Database Firewall

Rapid Deployment

• Pre-build packages for popular Linux distributions and for FreeBSD

• Simple installation and configuration scripts

• Two configuration files– General configuration / DB settings– MySQL patterns

Page 26: greenSQL Database Firewall

Not only for Web Apps

• Defense in depth methodology

• IT oriented

• Support legacy applications

• Does not require application configuration change

• Can be configured to listen on the original DB socket which database uses a different one.

Page 27: greenSQL Database Firewall

Open Source

• Free

• Open Source

• GPL License

• MySQL support

Page 28: greenSQL Database Firewall

Well established

• Hundreds of newsletter subscribers• A bunch of the security reviews and hundreds

bug fixes• Active support forum• Production version• A bunch of blog reviews• Sourceforge version for more that a year.• Featured by popular resources:

– http://www.linux.com/– http://www.phpmagazine.net/– http://www.tecchannel.de/

Page 29: greenSQL Database Firewall

Console - DEMO

• Demo version is available here:

• http://demo.greensql.net/

Page 30: greenSQL Database Firewall

Related OS Solutions

• Snort IDS/Prelude

• ModSecurity

• PHPIDS

• MySQL built in security

• Kernel IDS solutions

Page 31: greenSQL Database Firewall

Future Version

• DB User permissions

• Support for PostgreSQL

• Higher heuristic detection

• More reports

Page 32: greenSQL Database Firewall

Thank You

Yuli StremovskyEmail/MSN/Gtalk:[email protected]

More info: http://www.greensql.net/

Page 33: greenSQL Database Firewall

Google Database Firewall