We would love to stay in touch with you!

Enter your details to join our mailing list and we'll send you a link to exclusive content.

* indicates required
Close

Howto: Protect your SQL database with a Firewall

by Jago Maniscalchi  //  February 17, 2010  //  Threat Mitigation  //  No comments

GreenSQL recently released version 1.20 of their SQL firewall. So, what does an SQL firewall do, how does it work, and how is it installed?

An SQL firewall acts as a proxy server for SQL requests. It blocks known administration commands (DROP, CREATE etc) and rates all others against a risk matrix, blocking those that are deemed to be malicious (e.g. as a result of SQL injection). It sites between the web application server (e.g. Apache) and the database server (e.g. MySQL or PostgreSQL). It is technically a reverse proxy (it proxies inbound, rather than outbound connections).

greensql-architecture

The software is transparent to existing applications – they just need to be repointed at the proxy, rather than the normal SQL server. Usernames and passwords are passed through as normal so no credential management is required. No dedicated hardware is required either – GreenSQL will run on the same server as your db.

Installation packages are provided for Debian and Ubuntu (.deb) and Redhat (.rpm) as well as source for other distributions. During installation the proxy is pointed at your database server, but from then on, it comes with a web based interface for configuration and that can be simply dropped into an Apache web root.


# Install and start the proxy
sudo dpkg -i greensql-fw_X.X.X.deb
/etc/init.d/greensql-fw start

# Install the web interface
cd /var/www
ln -s /usr/share/greensql-fw/ greensql
cd /var/www/greensql
chmod 0777 templates_c

(Now open GreenSQL management console. The login page has the default user "admin" and the password "pwd").

# Test the proxy
mysql -h 127.0.0.1 -P 3305 -u root -p

The adminstration console allows setup of proxies for MySQL and PostgreSQL, configuration of options for each proxied database – including which types of query to block, white-lists of allowed commands, and the alert screen, which categorises alerts by type.

greensql-mailalert

White-lists and blocking options don’t need to be set manually. GreenSQL comes with a number of modes to assist in initial setup – learning (which builds the database whitelist and blocking commands), IDS (which alerts but doesn’t block) and IPS (which blocks).

For more information on GreenSQL, visit greensql.net.

About the Author

Jago Maniscalchi is a Cyber security consultant, though he tries to avoid the word "Cyber" at all costs. He has spent 15 years working with Information Systems and has experience in website hosting, software engineering, infrastructure management, data analysis and security assessment. Jago lives in London with his family, enough pets to start a small zooalogical society, and a Samsung NaviBot Robotic Vacuum Cleaner. Despite an aptitude for learning computer languages, his repeated attempts to learn Italian have resulted in spectacular failure.

Leave a Comment

comm comm comm