SoftTree Technologies SoftTree Technologies
Technical Support Forums
RegisterSearchFAQMemberlistUsergroupsLog in
DB Audit - Best practices

 
Reply to topic    SoftTree Technologies Forum Index » DB Audit, DB Mail, DB Tools View previous topic
View next topic
DB Audit - Best practices
Author Message
Magnet



Joined: 11 May 2007
Posts: 3

Post DB Audit - Best practices Reply with quote
What are the best practices in light of present day compliance scenario, for the installation infrastructure of DB audit.

I mean, I have heard that Audit trails storage and generation should be independent of DB Admin authority. I realise that the way DB Audit functions is that it generates triggers on tables and reports values. How do I enable a condition that would also report the incident where DB Admin chooses to disable a particular trigger?

Can I log all the events on a separate database outside the realm of current DB Admin? I am talking from the perspective of being an internal IT Auditor for a financial firm and the server where DB Audit logs and reports instances would only have me as it's DB Admin.

Is this possible?
Fri May 11, 2007 10:17 pm View user's profile Send private message
SysOp
Site Admin


Joined: 26 Nov 2006
Posts: 7838

Post Reply with quote
Let's start here.

1. DB Audit provides several auditing methods. Using triggers is only one of them. This method should be used when you need to have a trail of data-changes, in other words to be able to produce for auditors what was there before the change and how it got changed.

2. Regarding the separation of the audit trail and the database access - DB Audit provides methods for storing the audit trail in a separate database system. We typically refer to this functionality as use of "central repository". Mechanism can be setup to move the audit trail from audited servers to a remote location to which local users and DBAs have no access.

3. DB Audit provides monitoring functions for tracking changes in the database including pre-designed alerts for monitoring changes in the audit configuration. The alerts can be used to notify auditors whenever somebody attempts to change the auditing settings.

4. Regarding your last question. The answer is "yes", please see above for details.
Sat May 12, 2007 11:15 am View user's profile Send private message
Magnet



Joined: 11 May 2007
Posts: 3

Post Solutions!? Reply with quote
Thanks for the reply!

Asides, I was wondering, Is there a solution by softtree that would enable me to implement preventive, rather than detective controls over the activities of DB Admin at an economical price. I know of DB Vault which is quite in the news recently but prohibitively priced.

Anything else...that you can think of!!
Just thought of having an expert opinion, so I asked!
Rgds
Sat May 12, 2007 3:04 pm View user's profile Send private message
SysOp
Site Admin


Joined: 26 Nov 2006
Posts: 7838

Post Reply with quote
From the DB Vault name I am assuming you are talking about Oracle databases. Have you looked at built-in data encryption and obfuscation methods? If not, take a look at this article
http://www.jaredstill.com/content/oracle-encryption.html that can give you an idea how to secure the data – kind of proactive security and unauthorized access prevention.
Sat May 12, 2007 3:42 pm View user's profile Send private message
Magnet



Joined: 11 May 2007
Posts: 3

Post DB vault Reply with quote
Db vault's usage is a bit different.

It locks out Db Admin of Oracle from undertaking changes to the database from backend unless explicitly authorised. DB Vault claims to lock the DB Admin out from undertaking 'Drop''Alter' activities from the backend.

The cheaper alternative is to share DB Admin password between two entities where, whenever DB Admin needs to logon and do jobs like 'Drop' Alter' on tables, he needs physical presence of the other guy (can be security analyst etc.).

I was seeking help in that area.

Data encryption/obfuscation is an option but out data is not so much classified/secret so as to undertake this procedure.

Any other suggestions..?
Also, you mentioned that "DB Audit provides monitoring functions for tracking changes in the database including pre-designed alerts for monitoring changes in the audit configuration..", is there a write up on how to accomplish this? It's quite important for me!!

Regards
Sun May 13, 2007 12:52 am View user's profile Send private message
SysOp
Site Admin


Joined: 26 Nov 2006
Posts: 7838

Post Reply with quote
DB Audit manual is available on-line, follow links here http://www.softtreetech.com/help/index.htm
In the manul see chapters for the Alert Center
Sun May 13, 2007 10:35 am View user's profile Send private message
Display posts from previous:    
Reply to topic    SoftTree Technologies Forum Index » DB Audit, DB Mail, DB Tools All times are GMT - 4 Hours
Page 1 of 1

 
Jump to: 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


 

 

Powered by phpBB © 2001, 2005 phpBB Group
Design by Freestyle XL / Flowers Online.