Guardium培训.ppt

* * * Updates to Deck for RSA 2010 1- Use New logo and blue wash template ---------------------- OLD SCRIPT NOTES BELOW--------------------- Preventing Unauthorized Access! Database software can’t protect against DBAs! Guardium is the ONLY CROSS DBMS solution in the industry! No impact to the legitimate Application Server traffic. Our implementation does not affect this traffic! SGATE – an extension of the STAP Agent resides at the kernel level on the Database Server it can look for Privileged User access specifically and hold only this traffic for validation! We’ll hold the transaction – do an analysis – and allow it only if it doesn’t violate a policy! If the Privileged User violates a policy – we can block this and report or alert on the violation! Using an inline appliance would add latency to the application traffic! would not be able to block a user at the database console – it can’t block local access! * 中央管理器可以查看所有被管控的Aggregator和Collector的状态，并管理 补丁 Policy 用户组权限 直接进行查询 报告定义和审计流程定义 可直接对Collector上的数据进行查询 * * q-d p 如果Analysis Engine的d丢包部分数据较大，说明相当的包被抛掉了 * 首先查看有没有数据，如果有数据，可以关注logger queue length，如果这个值持续有数，表明有在数据包等待；如果数值特别大，则可能导致hang住 Guardium 8.1上查看pid，这里查看TID是否发生了切换 查看Mysql is UP的值，如果是1表明发生restart * 注意：有时重启系统也未必能会让相应的服务成功启动，需要特别执行start，或是restart stopped_services inspect-core：A sniffer is a core component that monitors and parses database traffic as it received from a network interface * 注意：有时重启系统也未必能会让相应的服务成功启动，需要特别执行start，或是restart stopped_services inspection engine 使用数据库协议（比如DB2或Oralce）来监控数据流，从网络数据包中抽取SQL; compiles parse trees that identify sentences, requests, commands, objects, and fields; and logs detailed information about that traffic to an internal database * ni：not interactive tls：S-TAP与Collector通信使用tls协议 k：K-TAP t：TEE dir：S-TAP安装目录 tapip：被数据库服务器IP sqlguardip：Guardium Collector IP * Guardium Installation Manager，优势是以后升级S-TAP无需重启数据库 * Administration Console-Local Taps-S-TAP Control 这里比较特殊，用/监控网络里的所有客户机 – /usr/local/guardium/g