Auditing

HexaTier logs transactions performed on databases, enabling compliance with regulations and computer forensics. Providing IT personnel and security officers with more information and any queries that reached databases, such as database content extraction, modification and deletion, as well as changes to database configuration and system settings.
You can set rules to audit transactions on specific databases and for queries originating from specific source IPs, users and applications. HexaTier’s auditing capabilities are very dynamic and include auditing of a whole databases, specific tables or specific columns within tables.

The Audit feature is used to log all transactions performed on the database. This feature assists with compliance of regulations, giving the security officer information on all queries which reached the database and have not been blocked, such as extraction, modification and deletion of database content or database configuration and system settings.
The Advanced Audit not only logs all transactions performed on the database, it also presents the content or settings of a database exactly before they have been modified (If a modification was made).
Note that the Advanced Auditing is performed only on sensitive tables. Sensitive tables are configured in each database settings page (In the HexaTier Database Activity Monitoring Management Console).

General

HexaTier sets the industry standard for database security and compliance in the
cloud utilizing its patented Database Reverse Proxy technology.
• Reducing the databases’ attackable surface
• Installed as a front-end to the database, fully camouflaging it
• A unified solution with four key elements: Database Security, Discovery of Sensitive Data, Dynamic Data Masking, and Database Activity Monitoring
The HexaTier solution is a non-disruptive solution, is easy to install and configure, and provides extensive management reporting and audit trails.
If you require assistance, you can generate a compressed support file for sending to HexaTier. The support file contains mainly log files and does NOT contain any sensitive information from your computer.

You can generate two types of support files:

  • Compact – creates a small zip file that contains a minimal amount of information
  • Full – creates a large zip file. Send this type of support file only if requested by HexaTier.

To generate a support file

  1. On the Main Menu, click System.
  2. On the Context Menu, click Support.
  3. Click Compact or Full as required.
  4. Click Generate.
  5. Click Save File and send it to HexaTier support at support@HexaTier.com
  1. In SQL Server Configuration Manager, in the console pane, expand SQL Server Network Configuration, expand Protocols for <instance name>, and then double-click TCP/IP.
  2. In the TCP/IP Properties dialog box, on the IP Addresses tab, several IP addresses appear in the format IP1, IP2, up to IPAll. One of these is for the IP address of the loopback adapter, 127.0.0.1. Additional IP addresses appear for each IP Address on the computer. Right-click each address, and then click Properties to identify the IP address that you want to configure.
  3. If the TCP Dynamic Ports dialog box contains 0, indicating the Database Engine is listening on dynamic ports, delete the 0.
  4. Locate the IPX that contains the IP Address 127.0.0.1 (local loopback address)
  5. Make sure that at all IP1, IP2, up to IPALL except IPX (see above), the Active and Enabled are set to No.
  6. Make sure that IPX interface that contains the IP Address 127.0.0.1 (local loopback address) Active and Enabled options are set to Yes, and that the TCP Port is configured with your desired Port for HexaTier to connect to.

All the logs can be found in the following locations by default:

On a Linux System: /opt/greensql/log/

On a Windows System: C:\Program Files\GreenSQL\log\

Installation

HexaTier is installed as a front-end to the database and works as a reverse proxy, effectively hiding and securing the database. Once installed, it scans the database for sensitive information in
accordance with your regulatory compliance requirements, automatically setting your Auditing and Masking policies. HexaTier reviews and inspects both database queries and database responses, making it the perfect tool for securing your database.

If HexaTier is installed on the same machine as the Database server, and local TCP/IP connectivity is desired

  1. Go into the Edit Instance option, under Databases -> Instances
  2. At the Host/IP, make sure that 127.0.0.1 is set
  3. Click on Check Connection and make sure the HexaTier can connect to your database locally
  4. Click Update to save the configuration

To backup HexaTier settings

  1. On the Main Menu, click System.
  2. On the Context Menu, click Backup & Restore.
  3. Enter a password to encrypt the backup file.
  4. Click Backup.
  5. Save the file in the location you require and note the path so that you can restore if required.

NOTE – Passwords must be a combination of English letters and numbers and be at least 8 characters.

    • Windows 2012 Server
    • Windows 2008 Server (Service Pack 2 and above)
    • Ubuntu 9.04 and above
    • CentOS 5.4 and above
    • Debian 6.0.4 and above
    • RedHat 6.x and above

You can find HexaTier tutorial videos at youtube at this address: http://www.youtube.com/user/HexaTier

HexaTier can be installed in any of the following scenarios:

  • On the Application server
  • On a dedicated server (Physical or Virtual)
  • On the Database server
Supported Cloud Platforms
Amazon AWS
Microsoft Azure
Google Cloud Platform
SOFTLAYER
Rackspace Cloud
VMware
Supported Databases
MySQL
Microsoft SQL Server
MariaDB
Amazon Aurora
Supported Operating Systems
Microsoft Windows Server 2008 with Service Pack 2 and above
Microsoft Windows Server 2012
Ubuntu 9.04 and above
CentOS 5.4 and above
RedHat 6.x and above
Debian 6.0.4 and above
Supported Browsers
Microsoft Internet Explorer 7 and above
Mozilla Firefox 3.5 and above
Google Chrome 7 and above
Internet access (for faster license activation process)
Minimum hardware requirements
Minimum of 4 cores CPU
4 GB RAM (8 GB is recommended)
20 GB available of hard-disk space
For installation Auditing information and logging may required more space depending on configured policies.
  • Microsoft SQL Server
  • Microsoft SQL Azure
  • MySQL
  • MariahDB
  • Aurora DB

Note that HexaTier is agnostic to the operating system on which your databases are running.

I tried to run the greensql.bin Linux installer and received the following:

root@server [/~]# ./greensql.bin
Verifying archive integrity... All good.
Uncompressing GreenSQL.....................................
./greensql.bin: ./run.sh: /bin/bash: bad interpreter: Permission denied

Check /etc/fstab

root@server [/home/secure]# cat /etc/fstab
LABEL=/ / ext3 defaults,usrquota 1 1
LABEL=/tmp /tmp ext3 defaults,noexec,nosuid 1 2

if /tmp is mounted with the ‘noexec’ flag, you will need to install the HexaTier software using the --target flag, specifing exactly where to uncompress the files for installation.

for example:

root@server [/~]# ./greensql.bin --target /home/tmpuser/tmp1/
Creating directory /home/tmpuser/tmp1/
Verifying archive integrity... All good.
Uncompressing GreenSQL.....................................

I tried to run the greensql.bin after realizing that the service did not start, and received the following:

root@:/opt/greensql# ./greensql -mode 2 sem_open failed for "/GreenSQL_IFP_FW": Function not implemented
terminate called after throwing an instance of 'boost::interprocess::interprocess_exception'
what(): Function not implemented
Aborted
The reason is that /dev/shm was not mounted as tempfs on your system.
Add the following into the /etc/fstab:
tmpfs /dev/shm tmpfs defaults 0 0

Reboot the system if you wish or reload your mount points and the already installed HexaTier software will run.

 

HexaTier does not have default credentials, since version 2.2 HexaTier initial password is being set after installation.

IPS and IDS

Risk-Based IPS/IDS – implementation of a real-time intrusion detection system (IDS) and intrusion prevention system (IPS) based upon actual risk to the database. The IDS engine monitors data packets traversing the network and issues an alarm if it detects anything suspicious. The IPS can actually stop malicious traffic from invading the network. The combination of both solutions provides maximum protection for your databases.

The IPS and IDS module provides an intrusion detection and prevention system which is implemented in the following methods:

  • SQL Injection detection
    1. Calculation of each query’s risk (Anomaly detection subsystem)
    2. Detection of table content brute-force attempts
    3. Detection of SQL tautology (Expressions that always return TRUE)
  • Risk Profiles
    1. Detection of groups of SQL commands considered by the administrator to be of high risk. Each group (Risk Profile) can be assigned to an IPS or IDS policy
  • Patterns and User Patterns
    1. Detection  of user-defined signatures as well as user-defined groups of built in SQL commands. Each pattern or group (User Patterns and Pattern Groups) can be assigned to an IPS or IDS policy

Proxies

A proxy is used to relay all queries to the database server or instance. A query directed to a front-end IP address and port of the HexaTier server is relayed to the original IP address and port of the database or instance. Such queries are monitored or intercepted by HexaTier before reaching the database or instance as soon as a rule is created.
Note that HexaTier is preconfigured with a default policy which allows all queries. If this policy is removed or disabled, all queries will be denied, due to the nature of HexaTier to block all traffic by default.
Configuring a proxy and a database will not forward the traffic to your backend Database without a policy.

A proxy configuration tutorial can be found on our Youtube channel

When the proxies appear unavailable in the proxy list, this may be a result of the following cause:

    The process HexaTier-fw was unable to initialize after 5 iterations

Suggested Solution

Verify proxy was not manually set to bypass mode

Restart the HexaTier service

  • On Linux: /etc/init.d/HexaTier restart
  • On Windows: In the Windows services list, right-click HexaTier service and select Start (or restart

If the proxy is still in bypass mode, please run the support diagnostic tool under System->Support->Generate (compact) and send support@HexaTier.com the output file

When the proxies appear unavailable in the proxy list, this may be a result of the following causes:

  1. The process HexaTier-fw is not running
  2. The configuration of the proxies is incorrect

Suggested Solution

When the service is not running:
  1. Check if the HexaTier service is running. If it is not, start it
    • On Linux: /etc/init.d/greensql restart
    • On Windows: In the Windows services list, right-click HexaTier service and select Stop and then Start (or restart)

When the proxies configuration is incorrect:

  1. Verify the connection is successful when using the same connection parameters in a standard SQL client
  2. Verify the IP configuration is correct
  3. Verify the port configuration does not overlapsses active ports in the system

If the proxy is still in unavailable state, please run the Support diagnostic tool under System->Support->Generate (compact) and send support@greensql.com the output file

A Proxy can be created for each unique connection to a database or a server which hosts multiple databases.

The examples below describe how to determine the amount of proxies to be configured:

  1. A server hosts multiple databases which are accesible at the same IP address and the same port. Only one proxy is needed
  2. A server hosts two databases which are each accessible at different ports. A proxy should be configured for each database connection. Two proxies are needed.