Oracle Database Firewall defuses SQL injection attacks


Oracle is using the RSA Conference this week to launch a database firewall designed to block suspicious traffic.

Oracle Database Firewall understands SQL-statement formats, and can be configured to blacklist and whitelist traffic based on source.

PRODUCT ROUNDUP: Hot products from RSA 2011 

LEARN MORE: Amazon to offer Oracle's database in the cloud

When it detects suspicious statements within SQL traffic -- ones that might indicate SQL injection attacks, for example -- it can replace them with neutral statements that will keep the session running without allowing potentially harmful traffic through, the company says.

The platform can also create compliance and security reports in a common format for security auditors checking on database defenses.

Firewall policies can be set by a number of factors including time of day, IP address and user name.

Separately, Oracle sells a management server that reads all database firewall logs and can create aggregate reports.

Oracle Database Firewall costs $5,000 per processor of the target database servers it protects. The management server costs $57,500 per processor of the firewall servers it oversees.

Read more about wide area network in Network World's Wide Area Network section.

This story, "Oracle Database Firewall defuses SQL injection attacks" was originally published by Network World.

Free Course: JavaScript: The Good Parts
View Comments
You Might Like
Join the discussion
Be the first to comment on this article. Our Commenting Policies