MySQL Enterprise Firewall provides real-time
protection against database-specific attacks, safeguarding applications with
user-supplied input such as login and personal information fields. Data
breaches can occur through various means, including SQL virus attacks or
employee misuse, potentially resulting in the theft of customer records
containing sensitive information.
MySQL Enterprise Firewall
monitors, alerts, and blocks unauthorized database activity without requiring
changes to your applications. It offers different operating modes to help
administrators block, detect, and respond to malicious database attacks:
1.
Allow: Allows execution and
result generation for SQL statements that match an approved allowlist.
2.
Block: Prevents the execution of
SQL statements that do not match an approved allowlist.
3.
Detect: Executes SQL statements
that do not match an allowlist and notifies administrators of policy
violations.
Group Profiles
The Group Profiles feature creates a composite list of allowed queries for a group of users by recording allowed normalized queries. It enforces firewall protection across all the profiles in the group.
Block SQL Injection Attacks
MySQL Enterprise Firewall blocks SQL Injection attacks that can result in the loss of valuable personal and financial data. It achieves this by creating an allowlist, real-time threat monitoring, SQL statement blocking, and alerting to enable DBAs to protect data assets.
Database Intrusion Detection
MySQL Enterprise Firewall acts as a security alarm, notifying administrators of SQL statement activity that does not match an approved allowlist.
Real-time Threat Monitoring
MySQL Enterprise Firewall monitors for database threats in real time. All incoming queries pass through a SQL analysis engine and are matched against an approved allowlist of expected SQL statements. SQL attacks are blocked if they do not represent expected statements.
Blocking Suspicious Traffic
Statements that do not match the approved allowlist are blocked, logged, and can be analyzed to help block potential SQL injection attacks. This provides DBAs with valuable information in preventing malicious attacks, stolen credentials, and loss of data.
Build Allowlists
MySQL Enterprise Firewall automatically creates user-specific allowlists of pre-approved SQL statements using a self-learning system. It records all incoming SQL statements and builds an allowlist. Only incoming queries that match the allowlist are approved and allowed to pass through to MySQL.
Transparent Protection
MySQL Enterprise Firewall requires no changes to your application, regardless of the development language, framework, or third-party application used. It acts as a "walled garden," transparently protecting MySQL databases, regardless of the application's development language (such as Java, Python, PHP, .NET, JavaScript, etc.), database frameworks (such as Hibernate, Doctrine, SQL Alchemy, etc.), or third-party applications (such as Wordpress, Joomla, Drupal, etc.).
High Performance
MySQL Enterprise Firewall runs within each MySQL instance and provides scalable performance. It does not require additional firewall services to run or maintain, and runs transparently, requiring no changes to your database applications.
Logging
MySQL Enterprise Firewall tracks and provides metrics on both allowed and blocked SQL statements. Blocked statements are logged for inspection and alerting.
Default Location:-
[root@centos8srvr mysql-8.0]# pwd
/usr/share/mysql-8.0
[root@centos8srvr mysql-8.0]# ls -lrt *fire*
-rw-r--r--. 1 root root 8472 Dec 12 2023 linux_install_firewall.sql
-rw-r--r--. 1 root root 2281 Dec 12 2023 firewall_profile_migration.sql
[root@centos8srvr mysql-8.0]#
