Who audits "auditors"?
"Ron Thomas"
<rthomas@hype To: Multiple recipients of list ORACLE-L
rcom.com> <[EMAIL PROTECTED]>
Sent by: cc:
root@fatcity. Subject: RE: How do you audit a DBA?
com
09/05/2001
01:31 PM
Please
respond to
ORACLE-L
Who was the Auditing Co? If they think that NT is more secure than unix, I
don't want them around
any company I work for...
Ron Thomas
Hypercom, Inc
[EMAIL PROTECTED]
"Either lead by example, or become a terrible warning"
JayMiller@TDWate
rhouse.com To: [EMAIL PROTECTED]
Sent by: cc:
[EMAIL PROTECTED] Subject: RE: How do you
audit a DBA?
09/05/01 09:15
AM
Please respond
to ORACLE-L
You mean you think DBAs should do things? My company's auditors were
aghast
when I told them that I did things such as write Unix scripts to monitor
the
database. They were firmly of the opinion that DBAs should not be allowed
to write code, only developers should write code. That was a major audit
violation right there. We eventually finessed the issue (we didn't bring
it
up again and they forgot about it as they pursued more important things
such
as trying to convince the company to drop Unix since it wasn't as secure as
NT), but for a while I started speaking to headhunters again in case all
the
things the auditors were insisting on were actually put in place.
-----Original Message-----
Sent: Wednesday, September 05, 2001 9:06 AM
To: Multiple recipients of list ORACLE-L
What is the purpose of having a dba if he is not allowed to do anything?
"Do not criticize someone until you walked a mile in their shoes, that way
when you criticize them, you are a mile a way and have their shoes."
Christopher R. Spence
Oracle DBA
Phone: (978) 322-5744
Fax: (707) 885-2275
Fuelspot
73 Princeton Street
North, Chelmsford 01863
-----Original Message-----
Sent: Thursday, August 23, 2001 1:12 PM
To: Multiple recipients of list ORACLE-L
Dave,
Your question is somewhat puzzling. Anyone with DBA privileges can get
to any table they want since the DBA role contains the 'select any table',
'update any table', 'delete any table', and 'insert any table' system
privileges. You would not require the sys or system passwords to
accomplish
that task. Is the person asking the question suspicious of one person or
all of the DBA's at your site? At any rate it would be best to audit all
activity against the tables in question and then filter the data after the
fact. This is somewhat more important since a trigger cannot catch a
select, but database auditing can.
Also, if it's a DBA who is questionable he/she would have access to empty
out the sys.aud$ table of any activity they created.
Dick Goulet
____________________Reply Separator____________________
Author: Dave Leach <[EMAIL PROTECTED]>
Date: 8/23/2001 7:56 AM
Anyone who can help,
I've been asked if Oracle can somehow audit the DBA ie. Raise an alert if
the DBA were to execute DML statements against sensitive tables, this
assumes the DBA has the SYS password. I thought this was a pretty
reasonable question but couldn't think of an answer. My trail of though
was
maybe an email alert to a designated member of staff sent via a trigger on
the table.
Any comments would be very appreciated.
Dave Leach
**********************************************************************
The above information is confidential to the addressee and may be
privileged. Unauthorised access and use is prohibited.
Internet communications are not secure and therefore this Company does not
accept legal responsibility for the contents of this message.
If you are not the intended recipient, any disclosure, copying,
distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful.
Claybrook Computing Limited is a subsidiary of
Claybrook Computing (Holdings) Limited
Registered Office: Abbey House. 282 Farnborough Road, Farnborough,
Hampshire
GU14 7NJ Registered in England and Wales No 1287205
A Hogg Robinson plc company
**********************************************************************
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Dave Leach
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the
message BODY, include a line containing: UNSUB ORACLE-L (or the name of
mailing list you want to be removed from). You may also send the HELP
command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author:
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the
message BODY, include a line containing: UNSUB ORACLE-L (or the name of
mailing list you want to be removed from). You may also send the HELP
command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Christopher Spence
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Miller, Jay
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Ron Thomas
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author:
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
