# Deploying the Datasunrise solution ## **Introduction** When I made my project with Datasunrise, there was no one before to guide me but only documents from the company, and of course the setup guide was quite sketchy, so it was quite difficult to install as proxy. So I write this blog to make it easier for newbies to set up Datasunrise as proxy. ## **Overview** Datasunrise, a company specializing in database security and management. These solutions are designed to address various aspects of database security, data protection, and compliance. Datasunrise solutions typically include features such as: - Database Firewall - Database Activity Monitoring - Data Masking and Data Loss Prevention - Database Encryption - Compliance and Audit Reporting In addition, DataSunrise can also connect with **ElasticSearch** and **Kibana** to be able to statistics and visualize data for easy traffic analysis. In this blog, I use Datasunrise to protect Mysql database. ## **Architecture** ![](https://hackmd.io/_uploads/B1Al4P083.png) This is the standard model of Datasunrise in enterprise scenarios ## **System Requirements** - **Centos 7** for **Mysql database server** - **Ubuntu** (22.04) for **Datasunrise** - **kali linux** for **user/attacker** ## **Topology** ![](https://hackmd.io/_uploads/rkPLhZGwh.png) **DataSunrise**: 192.168.111.139 **Database:** 192.168.111.140 **User/Attacker**: 192.168.111.135 ## **Installation** ### **Database Server (mysql)** The database that I used is **mysql** so just install **mysql server** ``` sudo yum install mysql-server ``` The config instruction for **mysql server** you can find it on Google. Next step, I recommend using **mysql workbench** to make it easier to manage and use **mysql** with UI After that, you must config for mysql can access for the internet: 1. Open **my.cnf** in **/etc/** folder 2. Change the IP value in line ***bind-address = 0.0.0.0*** to your database machine's IP 3. If you have a firewall enabled on your CentOS 7 server, you need to open the MySQL port (default is 3306) to allow incoming connections. Run the following command to open the port: ``` sudo firewall-cmd --zone=public --add-port=3306/tcp --permanent ``` ``` sudo firewall-cmd --reload ``` 4. Restart the mysql service ``` sudo systemctl restart mysqld ``` ### **Datasunrise** **1**. Download DataSunrise installer with your OS and type of database from: https://www.datasunrise.com/download/ **2**. Just install normally and skip all config for database connection and Mail service **3**. After you finished the installation, access to https://localhost:11000 to open the DataSunrise Console ![](https://hackmd.io/_uploads/ryYByzfw3.png) **4**. Now, navigate to **Configuration/Databases** then click **Add** to setup connection to your database server ![](https://hackmd.io/_uploads/rygglffvn.png) Fill in the required fields then click **Test** ![](https://hackmd.io/_uploads/H1QHezMD2.png) You can connect to DB server! **5**. Next, DataSunrise will let you choose Capture mode There are 3 modes for you: 1. **Proxy**: All traffic/queries will go through Datasunrise before going to database server --> You can use all DataSunrise features like **Data Audit, Data Masking, Data Security (act like Firewall)**,... ![](https://hackmd.io/_uploads/BkX1ZMMvn.png) 2. **Sniffer**: Network Switch will direct traffic/queries from client to both of database server and Datasunrise --> You just use the **Data Audit** feature ![](https://hackmd.io/_uploads/BklYL-fzPh.png) 3. **Trailling**: place behind Database server and log all queries on database server --> Just **Data Audit** ![](https://hackmd.io/_uploads/By9sMGzvn.png) I choose Proxy for all features ![](https://hackmd.io/_uploads/H1hSQfMvn.png) Then save. ![](https://hackmd.io/_uploads/BkZj7zMDn.png) You haved connect to database server successfully! Then, navigate to **Audit/Rules** to add new rule for testing connection from client (kali) This is the interface for creating rules ![](https://hackmd.io/_uploads/rJJ_BMzvn.png) ![](https://hackmd.io/_uploads/Bk7iHGfD3.png) You just choose DB server and set name for rule, other settings I leave as default to be able to log all queries. Then save. If before the rule have green light, that rule is activated. ![](https://hackmd.io/_uploads/Skxu58GMPh.png) Now, go to Clients section for connection and testing ### **Clients (users/attacker)** Because we use Datasunrise as a proxy to manage traffic for security and audit, instead of connecting directly to the database server, we will connect to the proxy. Then, the proxy will forward queries from users to the database and so all queries will have to go through the proxy. So, what i need to do? Yeah, instead of using **database server's IP**, now you just use **Datasunrise's IP as database server**. --> Problem solved ## **Test** I was used kali acts like user and attacker. Now, using CLI (or something like WorkBench) to connect to Mysql DB server, but remember, **using IP address of DataSunrise instead of DB server's IP address!** ![](https://hackmd.io/_uploads/SyGeCGGv3.png) I query something, then back to DataSunrise console and check the audit logs. ![](https://hackmd.io/_uploads/S1p8RMzPh.png) You can see the first line is my query on Kali. ## **Features** Demo some features which i used in my project. **Security** - Block query type (delete, update): <iframe width="560" height="315" src="https://www.youtube.com/embed/vLsgdjjKs7E" frameborder="0" allowfullscreen></iframe> - Block IP : <iframe width="560" height="315" src="https://www.youtube.com/embed/VmSHYNEMOQU" frameborder="0" allowfullscreen></iframe> **Data Masking** - Masking credit card number: <iframe width="560" height="315" src="https://www.youtube.com/embed/3Py2CZSF8vQ" frameborder="0" allowfullscreen></iframe> **Data Discovery** - Discovery sensetive data: <iframe width="560" height="315" src="https://www.youtube.com/embed/lTZVUarbzuM" frameborder="0" allowfullscreen></iframe> ## **Reference** https://www.datasunrise.com/documentation/ https://www.datasunrise.com/guides/ ###### tags: network, proxy, database security