With the frequent occurrence of information leakage incidents, database security products have gradually entered the public's field of vision. Among database security products, database audit may be the most familiar product for users. Database audit products can track and audit the operation and access behavior of the database without affecting the normal operation of the business system, which is also an important reason why most users regard it as the procurement of database security standards. In this article, Xinwei will help you popularize what is database audit, and what is the function and principle of database audit? Let's have a look!

What is database audit?

Database audit refers to the review of audit logs and transaction logs, so as to track the changes of data and database structure. A database can be established to capture the changes of data and metadata, as well as the modifications made by the database that stores these materials. A typical audit report should include the following contents: completed database operations, changed data values, who performed the operations and several other attributes. These audit functions are embedded in all relational database platforms, and ensure that the generated record files have high accuracy and integrity, just like the data stored in the database. In addition, the audit trail can transform a series of reports into reasonable transactions and provide a business environment for forensic analysis of business processes.

However, the audit function also has limitations, such as not being able to audit data access statements (usually called SELECT statements). In addition, the local database audit is difficult to capture the original queries and variables recognized by users, and can only record events from a comprehensive perspective, while the log can capture the data values before and after the changes. This also makes the audit trail more effective in detecting the changed content than the accessed content.

Audit can accurately grasp the essence of the event when conducting forensic examination on the activity and state of the database. When checking SELECT statements (which users will use when viewing data), because the local platform lacks the ability to collect these statements, even if advanced options are used to achieve this operation, the performance will be greatly affected. Since there are simple ways to register the SELECT statement efficiently (such as login failure, trying to query the information of the letter of credit), why do enterprises choose to add other data collection resources to the local database audit function? In any case, the built-in database audit function can generate the core information of transaction authentication and regulatory control.

Database audit function:

Database audit can record the database activity on the network in real time, manage the compliance of fine-grained audit of database operation, and warn the risk behavior of database through bypass deployment. By recording, analyzing and reporting users' database access behavior, it is used to help users generate compliance search reports afterwards, which can be traced back afterwards. At the same time, strengthen the network behavior records of internal and external databases to improve the security of data assets.

Principles of database audit:

The database audit system comprehensively audits the access behavior of the database from the application client and dba, not only auditing sql statements, but also auditing remote access such as ftp and telnet. The system records the behavior and operation results of query, deletion, addition and modification in detail, and can also give real-time warning to dangerous operations and stop them in time, thus achieving a good effect of protecting the database.

Hegel once said that "existence is reasonable", which is used in the field of data security and is also applicable to the application of database audit. Times Xinwei believes that database audit is the most economical, personal and effective data bodyguard at present, and it is the inevitable choice for the long-term sustainable development of China's informatization construction.