Page 1 of 16

Seminar Report

GreenSQL Database Security

Submitted by

Mr Karan Krishna Dahiwale

5th SemesterInformation Technology

Enrolment No: 1607013

Academic Session 2018-19

(Department of Information Technology)

Government Polytechnic, Nagpur

Mangalwari Bazar, Sadar

(An Autonomous Institution of Government of Maharashtra)

GOVERNMENT POLYTECHNIC NAGPUR

(An Autonomous Institution of Government of Maharashtra)

 Page 2 of 16

Department of Information Technology

Certificate
This is to certify that the Seminar Report titled (“Green SQL“) submitted by Mr.Karan
Krishna Dahiwale of 5 thSemester towards the partial fulfillment of requirement for t he
award of Diploma in Information Technologyawarded by Government Polytechnic,
Nagpur, is approved.

(Mr.LD Vilhekar)

Guide

(Dr. Anjali Mahajan)

I/c HoDInformation Technology

Date:

Place: Nagpur.
 Page 3 of 16

ABSTRACT

GreenSQL is a software-based solution that provides enterprises with database security

and compliance solutions. GreenSQL’s Sensitive Data Auto-Discovery tool locates the most
private data, and allows you to manage the data seamlessly using other products from the
GreenSQL Compliance and Security Suite: Dynamic Data Masking, Database Firewall, SQL
Injection Defence, Compliance Reporting and Database Activity Monitoring.

Database Activity Monitoring is a powerful solution that independently monitors and

audits all database activity across multiple database platforms. Dynamic Data Masking provides
Real Time Dynamic Data Masking to your sensitive information. Database Security protects
databases from SQL injection attacks, unauthorized access, data theft and abuse. Unified
Database Security helps you comply with PCI data security requirements. GreenSQL auditing
goes beyond traditional approaches by providing custom real-time monitoring and auditing of all
data access, updates, schema modifications and permission changes.

There are many devices and services that are under constant attack in today’s business
environments. Popular vectors for attack include browsers and smartphones, but the goal of an
attack is not the device, service or application. Attackers exploit weaknesses in devices and
services in order to get to important business information which is stored in a database. Thus it
is essential that businesses protect critical information stored in databases.

GreenSQL provides database security that prevents SQL injection attacks, monitors
database activity, protects systems behind a database firewall and applies dynamic data
masking. The software began as an open source project in 2007; by 2009 it had become so
popular that the founders got serious and rewrote the code base to be production ready. It has
been downloaded over 130,000 times, and there are currently over 200 paying customers
worldwide
 Page 4 of 16

CONTENTS

1. Introduction.
1.1 History of GreenSQL.
1.2 SQL Injection.
1.3 GreenSQL Architecture.
2. Getting Started.
2.1 Requirements.
2.2 SupportedDatabaseServers
2.3 GreenSQL Common Functions
3. GreenSQLAdvantages.
4. Policies.
5. Conclusion.
6. Reference.
 Page 5 of 16

List of figures

Sr no: Figure no: Figure name: Page no:

1. 1 C99 Web Shell 8.

2 2 Green SQL Architecture 9

3 3 Figure 3:Policy Page-Global View 13

 Page 6 of 16

1. Introduction

Overview.

GreenSQL is a Unified Database Security solution that is installed as a frontend to

databases, fully camouflaging and securing them. GreenSQL works as a SQL reverse proxy and
provides several database security and acceleration features including automated learning mode,
a database rule-based firewall, database audit, database intrusion detection and prevention,
database caching and database virtual patching.

About GreenSQL

Founded in 2009, GreenSQL (provides unified database security and compliance

solutions for organizations running their databases on-premises or in the cloud. The company’s
all-in-one approach to database security lets organizations discover, monitor and protect sensitive
data, effectively enforcing separation-of-duties and meeting regulatory compliance requirements.
The company, based in Tel Aviv, is backed by leading venture capital firms Jerusalem Venture
Partners, Magma Venture Capital and Rhodium.

What is GreenSQL?

• GreenSQL is a database firewall solution.

• Protects against SQL injection attacks

• Management console

• MySQL built in support

 Page 7 of 16

1.1 SQL Injection.

SQL injection is a code injection technique that exploits a security

vulnerability occurring in the database layer of an application. The vulnerability is present when
user input is either incorrectly filtered for string literal escape characters embedded in SQL
statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance
of a more general class of vulnerabilities that can occur whenever one programming or scripting
language is embedded inside another. SQL injection is a basic attack used to either gain
unauthorized access to database or to retrieve information directly from the database. SQL
injection is a technique used to take advantage of no validated input vulnerabilities to pass
SQLcommands through a web application for execution by a backend database. SQL commands
are injected from the web form into the databse of an application to change the databse content or
dump the database information like creditcard or password to attacker.

Most web applications include a back-end database, either running on a

separate database server, or installed on the same machine as the web server itself. SQL Injection
is one of the most common application layer attack techniques used today.

What is SQL Injection?

• Legitimate Query:SELECT * from users where username = ‘Alice’ and password = ‘123456’

• Injected SQL code: SELECT * from users where username = ‘Alice’ and password = ‘123456’
or ‘1’=‘1

SQL Attacks Hazards:

• Bypass Login page

• Read files

• Write Files

• Dump sensitive information

• Execute system commands

• Create database back door

• New Attack: Distribution of Trojans

 Page 8 of 16

Demo: Attack

• MySQL commands – select “text” into outfile “file.txt”

• Find directory with write permissions – templates_c / templates / temp – images / files / cache.

C99 Web shell:

Figure1-C99 Web Shell

Simple Web Shells:

• Execute system commands

• Simple Web shell:

– system() function

– $_GET['cmd']

– $_POST['cmd']
 Page 9 of 16

GreenSQL Architecture.
GreenSQL works as a reverse proxy for MySQL connections. This means, that instead of
connecting TO THE MySQL server, your applications will connect to THE GreenSQL server.
GreenSQL will analyze SQL queries and then, if they're safe, will forward them to the back-end
MySQL server. The following picture describes the whole process.

As you can see, GreenSQL calls the real database server to execute SQL commands and
the web application connects to the GreenSQL server as if it were a real database server.
GreenSQL can be installed together with the database server on the same computer or it can use a
distinct server. By defaultGreenSQL listens on local port 127.0.0.1:3305 redirecting SQL
requests to 127.0.0.1:3306 (the default MySQL setting). These settings can be altered using the
GreenSQL Console.
 Page 10 of 16

2.Getting Started
2.1 Requirements.
To ensure GreenSQL operates properly, the following minimum system requirements
must be met:

Operating Systems:

Windows® Server 2003 (x86 and x64)

Windows® Server 2008 (x86 and x64)

Ubuntu 9.04 or above (x86 and x64)

CentOS 5.4 or above (x86 and x64)

Memory and Hard Disk Space:

2048 MB(2GB) of RAM .

200 MB for Installation, Audit information, reporting and Logging.

2.2 Supported Database Servers

The following Database servers are supported:

 Microsoft SQL Server 2000 / 2005 / 2008

 MySQL 4.x / 5.x
 PostgreSQL 7.x / 8.x
 Page 11 of 16

2.3 GreenSQL Common Functions

Common operational functions used in the GreenSQL Web-Based Management Interface

include the following:

BUTTON DESCRIPTION
Toggle for hiding/displaying the Functions Bar.

Enables you to add another row in the required field.

Toggle to expand/collapse display.

View:Global Toggle for policy view type.

View:Per Database
Enables you to create a new item as required.

Enables you to customize the display of table fields.

Cancels action

Indicates action is completed.

Enables you to reorder rules in policy view

Enables you to edit an object’s settings

Enables you to delete an object

 Page 12 of 16

3. GreenSQL Advantages

 Multiple modes – simulation / learning / active protection.

 Easy Management

 Pattern Recognition (signatures)

 Heuristics (risk calculation)

 Open Source

 Cross Platform

 Rapid Deployment

 Well established

 Web application independent

 Page 13 of 16

4.Policies

This chapter describes the policy feature, the core of GreenSQL’s ability to
provide constant protection to databases. GreenSQL enables organizations to define their own
security policy using the GreenSQL Policy function. Should there be a breach of policy, you may
elect to be immediately alerted (See: ). The system will respond to a breach in the manner
defined by the relevant enacted policy. GreenSQL Policy has an automated Learning Mode
which learns and builds policies, according to the specific usage of each database. You can
accept or reject the rules custom made for you. Learning Mode dramatically reduces the
operational overhead required to implement a secure and reliable policy for all access to your
database. Similarly, you can manually configure policies and create custom rules by creating
Query Groups which consist of patterns to be monitored, allowed or blocked. You can also apply
an Intrusion Prevention System (IPS) or Intrusion Detection System (IDS) policy based on a risk
profile, anomaly detection and preconfigured signature detection.

Figure 3:Policy Page-Global View

4.1 Types of Policies

There are three types of policies which can be defined:
 Learning Mode – Learns database behavior and automatically generates a custom
rule policy for each database in accordance with its specific behavior. You may elect
to accept or reject the policies generated. This method is quick and comprehensive.
GreenSQL provides you the option to enable intrusion detection or prevention during
the learning mode process.
 Page 14 of 16

 Database Firewall – Enables you to create custom rules by specifying the type of the
rule (Query Groups or Table Based), source IP address(es), database user(s),
application name(s), schedule and patterns or conditions where a query will be
blocked, allowed or monitored. You can also enable or disable caching per policy.

 Risk Based – IPS/IDS – Monitors or blocks SQL injection attacks and/or queries
according to preconfigured a risk profile (See: Risk Profiles). If the IDS policy is
selected, GreenSQL will monitor queries detected as intrusions. If the IPS policy is
selected, GreenSQL will block queries detected as intrusions.
 Page 15 of 16

5.Conclusion

SQL and code injection are some of the most critical vulnerabilities in web applications .
GreenSQL gives administrators a tool that is especially useful for protecting mission-critical web
applications that (still) have not been intensely scrutinized for vulnerabilities.

GreenSQL is available in a number of variants. Even the Express version provides good
basic protection, which is sufficient to protect a company blog or moderately busy shop. The
commercial versions offer additional features, such as alerts and reports, keep an eye on who
connects to a database, and conceal privileged information.

The GreenSQL security solution is easy to install and put into operation within a short
time. Extensive documentation helps if something is unclear. The ability to learn queries
automatically saves administrators much work and prevents them from forgetting important
requests later on. This minimizes trouble and complaints from users at very early stages. The
developers have ensured from the outset that only users from the associated network can connect
to the GreenSQL server. It is possible to restrict GreenSQL, without further firewall rules, to a
single IP address or localhost. Certificates help to verify the authenticity of the server.

Although GreenSQL cannot protect against all the uncertainties of the World Wide Web,
it is a useful security solution that can put an end to attacks at the database level and
meaningfully supplement other security measures in the enterprise.
 Page 16 of 16

6.0 Bibliography:
[1] Justin Clarke, SQL Injection Attacks and Defense, Second Edition, Syngress Publication, July
2, 2012,ISBN-13: 978-1597494243
[2] GreenSQL Available: http://www.greensql.net/
[3] GreenSQL Available: http://www.howtoforge.com/preventing-mysqlinjection-attacks-with-
greensql-on-debian-etch
[4] GreenSQL Available: http://www.greensql.com/docs
[5] GreenSQL Available: http://www.greensql.com/support/knowledge
[6] GreenSQL Available: http://www.greensql.com/whygreensql-db-security/top-10-reasons
[7] GreenSQL Available: http://community.spiceworks.com/topic/212598- database-firewall-
greensql[8] GreenSQL Available: http://www.techrepublic.com/blog/opensource/firewallmysql-
with-greensql/317
[9] GreenSQL Available: http://opensourcedba.wordpress.com/2012/03/26/databas e-firewalls-
from-oracle-and-greensql/.