Abstract: On July 22, 2021, the Redis official and the open source Redis community successively issued announcements, disclosing the CVE-2021-32761 Redis (32-bit) remote code execution vulnerability. So, how to prevent such database security vulnerabilities before they happen?
On July 22, 2021, the official Redis and the open source Redis community issued announcements, disclosing the CVE-2021-32761 Redis (32-bit) remote code execution vulnerability. In 32-bit Redis, an attacker can use the BIT command and the proto-max-bulk-len configuration parameter in the case of unauthorized access to Redis, which may cause plastic overflow and eventually lead to remote code execution. This vulnerability level is high risk level. It should be noted that this open source Redis security vulnerability does not affect any instances of Huawei Cloud GaussDB (for Redis) on the live network. Users who are already using Huawei Cloud GaussDB (for Redis), please continue to use it with confidence.
Through this vulnerability, it can be found that the open source Redis has problems in the code implementation of commands such as BITFIELD, which leads to security risks in the operation of the string data type. At any time, it may be maliciously triggered plastic overflow BUG, or even malicious execution of remote code. Therefore, hackers are given an opportunity. The code fix for this vulnerability has been released, and users are officially recommended to upgrade to the open source Redis 6.2.5, 6.0.15, and 5.0.13 as soon as possible.
So, how to prevent such database security vulnerabilities before they happen?
Database vulnerabilities are a kind of software vulnerabilities, which are mainly used to break through the security strategy of the system. Database vulnerabilities often affect a large area. In addition to affecting the database itself, it also includes the overall security of the operating system where the database is located and the local area network where the database is located. Generally speaking, the preventive and remedial measures are: 1. Follow the official notice, check and upgrade the database to a safe version. In this vulnerability incident, open-source Redis users should complete the upgrade as soon as possible; 2. If the upgrade is not possible in a short time, open access restrictions from the server and disable dangerous commands; 3. Use security policies such as whitelisting to access IP to increase the difficulty of intrusion 4. Choosing a reliable cloud service provider, such as migrating to Huawei cloud database GaussDB (for Redis), can guarantee the safety and reliability of data in all aspects.
Huawei Cloud GaussDB (for Redis) eliminates security vulnerabilities from the source
1. New data encoding is more secure: Huawei cloud database GaussDB (for Redis) adopts an advanced storage and calculation separation architecture, is compatible with the Redis protocol, and provides persistent storage of massive data. Completely self-developed in code implementation, using new data encoding, more efficient, and higher space utilization. The implementation of each internal command does not rely on open source Redis, so it will not be affected by security vulnerabilities similar to this open source Redis.
2. Comprehensive security protection system: based on HUAWEI CLOUD's reliable live network security system. Users who use GaussDB (for Redis) can formulate their own whitelist IP access policies at any time. Multi-layer security protection systems such as virtual private clouds, subnets, security groups, DDoS protection, and SSL secure access can also be used to effectively combat various malicious attacks, ensure data security, and leave no opportunities for malicious access from unknown sources.
No worries about going to the cloud, GaussDB (for Redis) provides one-stop migration service
Huawei Cloud Database GaussDB (for Redis) is a completely self-developed flagship product. It is a NoSQL database that supports the Redis protocol, not a cache. The biggest difference from open source Redis is that it has a storage-calculation separation architecture and provides powerful data storage capabilities, including advanced features such as strong consistency and elastic expansion and contraction. GaussDB (for Redis) brings users an excellent product experience with lower cost, larger capacity, higher reliability, and elastic scaling.
For users who are using open source Redis 2.6 and above, GaussDB (for Redis) also provides a one-stop migration service, which does not require technical thresholds, and is simple and quick to operate. It only takes minutes to set up a migration task and make the entire environment Build "efficient and fast" to escort enterprises to go to the cloud without worrying about safety.
As the value of data continues to increase, as the carrier of massive data, the hidden dangers and risks faced by databases are also increasing. However, both DBA and cloud service vendors should establish a good security awareness to better protect database security. Huawei Cloud Database will continue to meet the security protection requirements of different databases, provide strong support for the development of database and data security, and allow users to use data more freely and securely!
Click to follow and learn about Huawei Cloud's fresh technology for the first time~
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。