For data security incidents frequently occurring internally, how to trace the source and obtain evidence are difficult problems of information communication department. Effect internal audit and control means are issues that public security organs need to consider seriously.
Important data information including national population basic information, national escaping criminal information and national illegal and criminal person information resource database are stored in the public security organ information system. How to realize visualized management on daily service operation including resource access of background database and ensure security and reliability of database have become important preconditions of stable operation of each information system.
Public security organ services are moving from closure to opening-up. While data sharing brings convenience to government departments and broad masses, it also cause huge potential security hazard to database. How to ensure the access to information system is safely controllable and conduct reasonable authority control and process audit on different access personnel are security problems to be considered urgently.
For increasingly growing service and database security demand of public security, organs, Ankki raises comprehensive and deep security audit toward service system and database, realize whole-processing monitoring audit on database and interface service, solve the problem that deleted data can not be known and finally cracks the problem of “unable to follow, trace the source and obtain evidence”. The entire project fully combines original security guarantee system and realizes proactive prevention, ex post traceability, management and control of information security to prevent sensitive information from leaking. Setting service and data security of public security information system as an example, general design of the project is as shown below:
Information leakage traceability of evidence obtaining
Public security organ information system stores large amounts of citizen identity information, criminal record and citizen files, if the information is leaked and abused by criminals, there will be extremely serious consequence. Ankki database audit system can localize visitors accurately, perform orientation analysis and playback and provide basis for subsequent tracing and evidence obtaining.
Prevention of information tampering and reducibility of operations
Ankki Technology, based on existing relational database audit products, gives full support to the latest generation database audit, especially better restoration of arbitrarily deleted contents.
Compliance with national grade protection and classified protection requirement for confidentiality
Annki AAS report can output different types of report according to compliance requirement, such as grade protection report.
Strategy customization report
focus on major issues of auditors to customize strategy rule output report meeting the requirement and make auditors get required audit information fast.
1. Technology leadership, first entry of the fourth generation database audit, restoration of deleted operations.
Ankki, based on existing relational database audit products, gives full support to the latest generation database audit, especially better restoration of arbitrarily deleted contents.
2. Audit of industry problems through creating “sextet” independently and breaking through “three-layer architecture” and localization of specific persons
As many service systems of public security, procuratorate and court are based on three-layer architecture for deployment. Front-end users can not operate database directly. Therefore when localizing specific executors of database operation, web front desk visitors can not be correlated. Ankki AAS provides all-round three-layer (application, middle and database layers) access audit which can realize accurate localization of original visitors when in data operation.
3. Inner anti-attack rules can effectively detect hacker attack like SQL injection
Unlike general database audit products, Ankki database audit system can prevent higher level data query operations including function and bind variables and specialize in seizing “master”. Inner anti-attack rules can effectively detect SQL injection and cross-site scripting attack.
4. Database connecting tools and illegal IP monitoring
Ankki database audit system can automatically scan access tools connecting to database. Analyzing from the source of database access, if unknown database connecting tools or such tools out of rules are used according to audit record, auditors can analyze the IP and associated operation records and further investigate the source of tools and illegality of operation.
5. Orientation behavior analysis and Smooth evidence acquisition
Through orientation behavior analysis, all operation records in a certain time period in designated client side can be confirmed for scene reconstruction and video playback, in order to reappear whole operation process, conduct electronic forensics and provide strong evidence for sourcing and evidencing obtaining.