HexaTier logs transactions performed on databases, enabling compliance with regulations and computer forensics. Providing IT personnel and security officers with more information and any queries that reached databases, such as database content extraction, modification and deletion, as well as changes to database configuration and system settings.
You can set rules to audit transactions on specific databases and for queries originating from specific source IPs, users and applications. HexaTier’s auditing capabilities are very dynamic and include auditing of a whole databases, specific tables or specific columns within tables.
The Advanced Audit not only logs all transactions performed on the database, it also presents the content or settings of a database exactly before they have been modified (If a modification was made).
Note that the Advanced Auditing is performed only on sensitive tables. Sensitive tables are configured in each database settings page (In the HexaTier Database Activity Monitoring Management Console).
cloud utilizing its patented Database Reverse Proxy technology.
• Reducing the databases’ attackable surface
• Installed as a front-end to the database, fully camouflaging it
• A unified solution with four key elements: Database Security, Discovery of Sensitive Data, Dynamic Data Masking, and Database Activity Monitoring
You can generate two types of support files:
- Compact – creates a small zip file that contains a minimal amount of information
- Full – creates a large zip file. Send this type of support file only if requested by HexaTier.
To generate a support file
- On the Main Menu, click System.
- On the Context Menu, click Support.
- Click Compact or Full as required.
- Click Generate.
- Click Save File and send it to HexaTier support at support@HexaTier.com
- In SQL Server Configuration Manager, in the console pane, expand SQL Server Network Configuration, expand Protocols for <instance name>, and then double-click TCP/IP.
- In the TCP/IP Properties dialog box, on the IP Addresses tab, several IP addresses appear in the format IP1, IP2, up to IPAll. One of these is for the IP address of the loopback adapter, 127.0.0.1. Additional IP addresses appear for each IP Address on the computer. Right-click each address, and then click Properties to identify the IP address that you want to configure.
- If the TCP Dynamic Ports dialog box contains 0, indicating the Database Engine is listening on dynamic ports, delete the 0.
- Locate the IPX that contains the IP Address 127.0.0.1 (local loopback address)
- Make sure that at all IP1, IP2, up to IPALL except IPX (see above), the Active and Enabled are set to No.
- Make sure that IPX interface that contains the IP Address 127.0.0.1 (local loopback address) Active and Enabled options are set to Yes, and that the TCP Port is configured with your desired Port for HexaTier to connect to.
All the logs can be found in the following locations by default:
On a Linux System:
On a Windows System:
accordance with your regulatory compliance requirements, automatically setting your Auditing and Masking policies. HexaTier reviews and inspects both database queries and database responses, making it the perfect tool for securing your database.
If HexaTier is installed on the same machine as the Database server, and local TCP/IP connectivity is desired
- Go into the Edit Instance option, under Databases -> Instances
- At the Host/IP, make sure that 127.0.0.1 is set
- Click on Check Connection and make sure the HexaTier can connect to your database locally
- Click Update to save the configuration
To backup HexaTier settings
- On the Main Menu, click System.
- On the Context Menu, click Backup & Restore.
- Enter a password to encrypt the backup file.
- Click Backup.
- Save the file in the location you require and note the path so that you can restore if required.
NOTE – Passwords must be a combination of English letters and numbers and be at least 8 characters.
- Windows 2012 Server
- Windows 2008 Server (Service Pack 2 and above)
- Ubuntu 9.04 and above
- CentOS 5.4 and above
- Debian 6.0.4 and above
- RedHat 6.x and above
You can find HexaTier tutorial videos at youtube at this address: http://www.youtube.com/user/HexaTier
HexaTier can be installed in any of the following scenarios:
- On the Application server
- On a dedicated server (Physical or Virtual)
- On the Database server
- Microsoft SQL Server
- Microsoft SQL Azure
- Aurora DB
Note that HexaTier is agnostic to the operating system on which your databases are running.
I tried to run the greensql.bin Linux installer and received the following:
root@server [/~]# ./greensql.bin
Verifying archive integrity... All good.
./greensql.bin: ./run.sh: /bin/bash: bad interpreter: Permission denied
root@server [/home/secure]# cat /etc/fstab
LABEL=/ / ext3 defaults,usrquota 1 1
LABEL=/tmp /tmp ext3 defaults,noexec,nosuid 1 2
/tmp is mounted with the ‘noexec’ flag, you will need to install the HexaTier software using the
--target flag, specifing exactly where to uncompress the files for installation.
root@server [/~]# ./greensql.bin --target /home/tmpuser/tmp1/
Creating directory /home/tmpuser/tmp1/
Verifying archive integrity... All good.
I tried to run the greensql.bin after realizing that the service did not start, and received the following:
root@:/opt/greensql# ./greensql -mode 2 sem_open failed for "/GreenSQL_IFP_FW": Function not implemented
terminate called after throwing an instance of 'boost::interprocess::interprocess_exception'
what(): Function not implemented
tmpfs /dev/shm tmpfs defaults 0 0
Reboot the system if you wish or reload your mount points and the already installed HexaTier software will run.
HexaTier does not have default credentials, since version 2.2 HexaTier initial password is being set after installation.
IPS and IDS
The IPS and IDS module provides an intrusion detection and prevention system which is implemented in the following methods:
- SQL Injection detection
- Calculation of each query’s risk (Anomaly detection subsystem)
- Detection of table content brute-force attempts
- Detection of SQL tautology (Expressions that always return TRUE)
- Risk Profiles
- Detection of groups of SQL commands considered by the administrator to be of high risk. Each group (Risk Profile) can be assigned to an IPS or IDS policy
- Patterns and User Patterns
- Detection of user-defined signatures as well as user-defined groups of built in SQL commands. Each pattern or group (User Patterns and Pattern Groups) can be assigned to an IPS or IDS policy
Note that HexaTier is preconfigured with a default policy which allows all queries. If this policy is removed or disabled, all queries will be denied, due to the nature of HexaTier to block all traffic by default.
Configuring a proxy and a database will not forward the traffic to your backend Database without a policy.
A proxy configuration tutorial can be found on our Youtube channel
When the proxies appear unavailable in the proxy list, this may be a result of the following cause:
- The process HexaTier-fw was unable to initialize after 5 iterations
Verify proxy was not manually set to bypass mode
Restart the HexaTier service
- On Linux: /etc/init.d/HexaTier restart
- On Windows: In the Windows services list, right-click HexaTier service and select Start (or restart
If the proxy is still in bypass mode, please run the support diagnostic tool under System->Support->Generate (compact) and send support@HexaTier.com the output file
When the proxies appear unavailable in the proxy list, this may be a result of the following causes:
- The process HexaTier-fw is not running
- The configuration of the proxies is incorrect
- Check if the HexaTier service is running. If it is not, start it
- On Linux: /etc/init.d/greensql restart
- On Windows: In the Windows services list, right-click HexaTier service and select Stop and then Start (or restart)
When the proxies configuration is incorrect:
- Verify the connection is successful when using the same connection parameters in a standard SQL client
- Verify the IP configuration is correct
- Verify the port configuration does not overlapsses active ports in the system
If the proxy is still in unavailable state, please run the Support diagnostic tool under System->Support->Generate (compact) and send email@example.com the output file
A Proxy can be created for each unique connection to a database or a server which hosts multiple databases.
The examples below describe how to determine the amount of proxies to be configured:
- A server hosts multiple databases which are accesible at the same IP address and the same port. Only one proxy is needed
- A server hosts two databases which are each accessible at different ports. A proxy should be configured for each database connection. Two proxies are needed.