A Secure Architecture Includes the Data Connectivity Layer
For ISVs, Architects, Developers, and Project Managers…
DataDirect Technologies understands that secure data exchange is critical to business systems that must maintain information security. As the data connectivity experts, we incorporate industry-standard security features into all of our DataDirect Connect line of high-performance data access middleware, including a secure architecture. And it’s why we hired Internet Security Advisors Group (ISAG) to conduct an independent audit of the security features in DataDirect Connect.
Ira Winkler, founder of ISAG and well-known security expert, wrote the report, which documents his assessment and establishes the need for security features as an integral part of database drivers and providers. The report also provides important information if you’re looking to implement Single Sign-on (SSO) or data encryption.
Read the security report now, or call us at 1-800-876-3101 to speak with an expert about your data connectivity needs. You can also submit a Request for Information form and an account executive will contact you.
Scroll down this page to get more details about the features of DataDirect Connect that provide a secure architecture.
While every DataDirect Connect product is designed to give you the highest possible performance, the same strategies used in their design inherently reinforce your security.
Wire Protocol Architecture
The wire protocol architecture used in DataDirect Connect for ODBC drivers is a good example of this. This architecture dispenses with the need for client libraries, making the data connectivity path more direct and thus faster. However, it also eliminates the additional “hop” that traditional drivers require between the driver and the client libraries — thus eliminating a point of vulnerability to breaches in security.
.NET Security Benefits for Managed Code
DataDirect’s strict use of 100% managed code in our Connect for ADO.NET drivers is another case in point. The Common Language Runtime (CLR) component of the .NET Framework provides numerous services and checks that enhance the scalability, reliability, and security of managed middleware — that is, middleware that runs entirely within the CLR. Such automatic checks can help prevent Denial of Service attacks that are initiated by making repeated API methods that cause buffer overruns.
100% managed code also has no direct access to memory, machine registers, or pointers. The .NET Framework security enforces security restrictions (called Code Access Security — CAS) on all managed code, protecting it from being misused or damaged by other code — a feature that’s become increasingly important for .NET applications. Administrators can define a security model to grant or revoke permissions at every level: enterprise, machine, assembly, or user. Calling unmanaged code — as takes place when a data driver calls a client library — bypasses the .NET CLR security, opening a door to potential compromise via code that has direct access to memory or machine registers, or uses pointers. Once that unmanaged code is executing, the CLR can no longer check it.
Extensive Testing & Third-Party Review
DataDirect has spent many man-years developing test suites for our products. These extensive and comprensive suites, which include security assessments, are run regularly as part of our standard release cycle. We thoroughly test and certify our products in a wide vareity of scenarios. We have also engaged a third-party firm specializing in IT security (ISAG). ISAG validated the design and implementation of of our security features to ensure that they are effective against known exploits.
The table shown here summarizes some of the important security factors in the design of our Connect products:
Challenge |
Risk |
DataDirect Feature |
Feature Benefit |
Network Vulnerabilities |
Security vulnerabilities such as packet sniffing and router logging used to capture data. |
Wire Protocol Architecture | Eliminates libraries and thus additional data exchanges between the data driver and client |
Denial of Service Attacks |
Database client libraries are often rife with memory leak issues that propagate up through a client-based driver to the application. Hackers may intentionally leverage the memory leak to impede access to legitimate users of the application. Identifying and fixing these memory leaks in every single deployment of the client is an expensive and time-consuming proposal. |
Wire Protocol Architecture | Clientless wire protocol drivers avoid the memory leaks that client libraries engender. |
| 100% Managed Code | Because DataDirect Connect for ADO.NET software runs entirely within the .NET Framework’s CLR, common Denial of Service attacks that involve making API methods operate out of specification, causing buffer overruns, are theoretically impossible. | ||
Sub-Optimal Middleware Design and Implementation |
Data connectivity middleware not subjected to thorough and rigorous QA testing in multiple scenarios leaves itself open to unforeseen security compromises. |
Comprehensive Test Suite | DataDirect thoroughly tests and certifies our products in a wide variety of scenarios. |
| Validation of Design & Implementation by 3rd Party Security Specialists | The Internet Security Advisers Group (ISAG) applied its specialized expertise in IT security to ensuring that DataDirect’s software is free of known security vulnerabilities. |
To learn more:
The Internet Security Advisors Group (ISAG), an international information security firm specializing in security assessment, conducted a review of the architecture and functionality of the DataDirect Connect products. Read their report to get a deeper understanding of the technologies involved and DataDirect’s implementation of them.
Heard enough? Ready to try our products? Visit the download page for a free 15-day trial.
If you’d prefer to speak with an expert about your data connectivity needs, call 1-800-876-3101 or submit a Request for Information form and an account executive will contact you.
