Help Center> >Glossary

A

    • A
      authentication proxy

      The authentication proxy feature allows users to connect to database instances far away from networks where active directories reside while maintaining the authentication mechanism of Windows domains.

    B

      • B
        bidirectional audit

        Both requests to and responses from the database are audited.

      D

        • D
          database audit

          Database audit is deployed in a bypass disposition pattern. It records user access to the database in real time, generates fine-grained audit reports for compliance management, and sends real-time alarms for risk operations and attack behaviors.

          database data reduction

          Users can set data reduction rules to detect data operation on specific database tables from unauthorized users, IP addresses,or applications. When the amount of operated data exceeds the specified threshold, HexaTier alerts administrators and records this event in a data reduction log to protect user data from leakage.

          data masking

          Pre-configured characters are used to partly or fully replace sensitive data based on masking rules.

          Database Security Service

          The Database Security Service (DBSS) is a security service that protects databases on clouds. Based on the reverse proxy and machine learning technologies, it provides functions such as data masking, database auditing, sensitive data discovery, and injection attack prevention.

          database protection

          Deployed as a reverse proxy between an application server and a database, database protection provides you with database protection functions such as database firewall and dynamic data masking.

          DBSS

          See Database Security Service

          dynamic data masking

          Database Security Service (DBSS) provides functions such as database protection and database audit to fully protect your databases and assets on the cloud.

        I

          • I
            intrusion detection system

            An intrusion detection system (IDS) monitors network transmissions in real time and sends alarms when it detects suspicious transmissions.

            intrusion prevention system

            An intrusion prevention system (IPS) is used between a firewall and a network device. When detecting an attack, the IPS stops the malicious communication before the attack spreads in the network.

          K

            • K
              Kerberos

              Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography.

            L

              • L
                learning mode

                Learning mode is the process of analyzing applications' access to databases, establishing a baseline for typical database access patterns, and creating a security policy from those patterns.

                Lightweight Directory Access Protocol

                Based on TCP/IP, the Lightweight Directory Access Protocol (LDAP) is a protocol that allows access to the Directory System Agent (DSA). LDAP involves some simplified functions of X.500.

              M

                • M
                  match

                  If a specified audit object matches an audit rule, the audit engine records the risk severity and executes the response action.

                R

                  • R
                    regex query pattern

                    The regular expression is a simple and flexible method to specify and identify text character strings (for example, certain characters, words, or character modes). A regex mode is an object containing the following fields: name and regex-defined character string.

                    risk profile

                    Risk profiles are action groups configured for risky operations. Different actions (allowing and blocking) are configured for different operations (such as viewing, modifying, creating, deleting, and running) on objects such as servers, databases, and service blocks. In addition, whether or not the action is logged is also configured. You can use risk profiles to create risk-based IPS/IDS policies.

                    reverse proxy

                    PIn computer networks, a reverse proxy is a type of proxy server that retrieves resources on behalf of a client from one or more servers. These resources are then returned to the client, appearing as if they originated from the proxy server itself.[1] Unlike a forward proxy, which is an intermediary for its associated clients to contact any server, a reverse proxy is an intermediary for its associated servers to be contacted by any client.

                  S

                    • S
                      SQL injection

                      In an SQL injection attack, an attacker sends forged domain or page query strings to spoof a server into executing malicious SQL statements.

                      Syslog

                      The syslog protocol is a protocol for message logging.

                    U

                      • U
                        unidirectional audit

                        Only the requests to the database are audited.