Help Center/ Database Security Service/ Getting Started/ Getting Started with Common Practices
Updated on 2024-11-13 GMT+08:00

Getting Started with Common Practices

After configuring DBSS, you can view common practices to better use DBSS.

Table 1 Common practices

Practice

Description

Auditing a Database

Auditing an ECS Database

Database audit is deployed in out-of-path mode. The database audit agent is deployed on the database or application server to obtain access traffic, upload traffic data to the audit system, receive audit system configuration commands, and report database monitoring results, implementing security audit on databases built on ECS or BMS.

Auditing an RDS Database (with Agent Installed)

Auditing an RDS Database (Agent-free)

DBSS can audit the security of relational database instances. (Applications connected to this DB instance are deployed on ECS.)

DBSS can audit certain types of relational databases without installing agents.

Container-based database audit agent

For easier O&M, you can deploy the database audit agent in a large number of containerized applications or databases in batches. This makes configuration quicker and easier.

Checking a Database

Database drag detection

Database audit provides a preconfigured rule to check audit logs for data security risks, such as SQL statements used for data breach.

You can learn the execution duration, number of affected rows, and database information of the SQL statements.

Slow SQL Detection

Database audit provides a preconfigured rule to check for slow SQL statements, whose response time recorded in audit logs is greater than 1 second.

You can learn the execution duration, number of affected rows, and database information of the slow SQL statements, and optimize the statements accordingly.

Dirty database table check

Configure a rule to detect operations on dirty tables. You can configure unnecessary databases, tables, and columns as dirty tables. Programs that access the dirty tables will be marked as suspicious programs.

In this way, you can detect the SQL statements that access dirty tables and detect data security risks in a timely manner.