Help Center> >Glossary


    • A
      authentication proxy

      The authentication proxy feature allows users to connect to database instances far away from networks where active directories reside while maintaining the authentication mechanism of Windows domains.


      • B
        bidirectional audit

        Both requests to and responses from the database are audited.


        • D
          database audit

          Database audit is deployed in a bypass disposition pattern. It records user access to the database in real time, generates fine-grained audit reports for compliance management, and sends real-time alarms for risk operations and attack behaviors.

          database data reduction

          Users can set data reduction rules to detect data operation on specific database tables from unauthorized users, IP addresses,or applications. When the amount of operated data exceeds the specified threshold, HexaTier alerts administrators and records this event in a data reduction log to protect user data from leakage.

          data masking

          Pre-configured characters are used to partly or fully replace sensitive data based on masking rules.

          Database Security Service

          Database Security Service (DBSS) provides functions such as database protection and database audit to fully protect your databases and assets on the cloud.

          database protection

          Deployed as a reverse proxy between an application server and a database, database protection provides you with database protection functions such as database firewall and dynamic data masking.


          See Database Security Service

          dynamic data masking

          Based on a user's permissions and a policy, sensitive or personal data is dynamically masked in real time, without the need to modify the database or application (stored procedures and views can also be masked).


          • I
            intrusion detection system

            An intrusion detection system (IDS) monitors network transmissions in real time and sends alarms when it detects suspicious transmissions.

            intrusion prevention system

            An intrusion prevention system (IPS) is used between a firewall and a network device. When detecting an attack, the IPS stops the malicious communication before the attack spreads in the network.


            • K

              Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography.


              • L
                learning mode

                Learning mode is the process of analyzing applications' access to databases, establishing a baseline for typical database access patterns, and creating a security policy from those patterns.

                Lightweight Directory Access Protocol

                Based on TCP/IP, the Lightweight Directory Access Protocol (LDAP) is a protocol that allows access to the Directory System Agent (DSA). LDAP involves some simplified functions of X.500.


                • M

                  If a specified audit object matches an audit rule, the audit engine records the risk severity and executes the response action.


                  • R
                    regex query pattern

                    The regular expression is a simple and flexible method to specify and identify text character strings (for example, certain characters, words, or character modes). A regex mode is an object containing the following fields: name and regex-defined character string.

                    risk profile

                    Risk profiles are action groups configured for risky operations. Different actions (allowing and blocking) are configured for different operations (such as viewing, modifying, creating, deleting, and running) on objects such as servers, databases, and service blocks. In addition, whether or not the action is logged is also configured. You can use risk profiles to create risk-based IPS/IDS policies.

                    reverse proxy

                    In computer networks, a reverse proxy is a type of proxy server that retrieves resources on behalf of a client from one or more servers. These resources are then returned to the client, appearing as if they originated from the proxy server itself.[1] Unlike a forward proxy, which is an intermediary for its associated clients to contact any server, a reverse proxy is an intermediary for its associated servers to be contacted by any client.


                    • S
                      SQL injection

                      In an SQL injection attack, an attacker sends forged domain or page query strings to spoof a server into executing malicious SQL statements.


                      The syslog protocol is a protocol for message logging.


                      • U
                        unidirectional audit

                        Only the requests to the database are audited.