Dear Readers,
My name is Franz Devantier, creator of this blog. I am an Oracle Certified
Professional (OCP DBA 11g) Security DBA.
I will be sharing with you the basic duties of an Oracle DBA, and also
some of the undocumented, and not so well known tasks.
I will make a deal with you: If you refer me to a company that needs
database support, from a few hours per week to full time, and I am able to sign
a contract with them.
Then I will give you 10% of the monthly
contract or deal price every month. When
the contract ends, and we re-sign the contract, I will again give you 10% of
the monthly contract price. This will go
on until the company no longer employs or contracts me or my agents to look
after their databases.
I can do this, because that 10% is my
marketing budget. When we re-sign the
contract, in the future, it may depend on you giving the thumbs up again, and
that is worth 10% of the monthly contract price, to be given to you as
commission.
Contact:
Franz
Security,
Access control on tables, views, Synonyms or Rows - Part
5
Security Follow-up: Auditing and Prevention
Let’s say that you have carefully designed and implemented
security measures, using privileges, views and policies. However you need to monitor how these
measures perform in a live situation.
You can use auditing to notify you of any suspicious or questionable
activities.
Once your auditing is working properly, you will be in a
position to investigate in depth your defence systems, and judge their relative
effectiveness. You can then strengthen
your security measures if appropriate, or loosen up on some other areas that
are causing problems with too much security.
You can deal with inappropriate actions that you find on the data, and
the consequences of these changes. You
can identify the offenders and take appropriate actions or measures against
them.
Auditing can complement your access control in different
ways.
-> You can Audit important data to make sure that any changes
are recorded, and if suspicious or malicious action is suspected, you have the
audit trail or the meta-data to present a case.
-> You can use your auditing as a way of verifying that
your access control mechanisms are working the way they were designed to work.
-> You can design audit policies that are designed to
only fire when a security breach has been detected. The other controls that you have in place,
should prevent it ever drilling down to this policy, and firing it. If such a policy does fire, it could mean
that your security measures are not working as expected, or that you have had a
security breach. At least with such a
policy, you will be alerted to the possibility.
Franz Devantier,
Need a database health check, or a security audit?
devantierf@gmail.com
Classifieds
No comments:
Post a Comment