What part of *DATABASE* Administrator don't they understand?
Jared
DENNIS WILLIAMS <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
06/10/2002 04:14 PM
Please respond to ORACLE-L
To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
cc:
Subject: RE: grant access to another user's objects?
Jesse - On another list today someone mentioned that auditors were upset
that the DBA had access to the application tables (like payroll tables,
for
example). I was just curious whether this new feature would eliminate the
autitors' concern. I trust you, but man, those auditors are tough.
Dennis Williams
DBA, 20% OCP
Lifetouch, Inc.
[EMAIL PROTECTED]
-----Original Message-----
Sent: Monday, June 10, 2002 6:01 PM
To: Multiple recipients of list ORACLE-L
I'm after the audits as a point of tracking my DDL/DCL as SYSDBA more than
for intrusion detection. As you've eluded to, the truly paranoid would
add
more layers of protection and monitoring via triggers, audit opts,
DBMS_JOB/cron jobs, etc. to provide increased accountability and tracking.
Since I only have time to be somewhat paranoid, I've only implemented a
few
of these. :)
And Oracle Support asked me why I would want to audit SYS. ;)
Rich Jesse System/Database Administrator
[EMAIL PROTECTED] Quad/Tech International, Sussex, WI
USA
> -----Original Message-----
> From: DENNIS WILLIAMS [mailto:[EMAIL PROTECTED]]
> Sent: Monday, June 10, 2002 5:34 PM
> To: Multiple recipients of list ORACLE-L
> Subject: RE: grant access to another user's objects?
>
>
> Jesse - Does the DBA have access to the audit tables? If so, just edit
> yourself back out. I was reading a book about someone that tracks down
> hackers on the Internet. One of his security methods is to
> copy the system
> logs over to another system every few minutes. He checks to
> see if the log
> ever gets smaller, which would mean that a hacker erased
> his/her tracks.
> Dennis Williams
> DBA 20% OCP
> Lifetouch, Inc.
> [EMAIL PROTECTED]
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Jesse, Rich
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: DENNIS WILLIAMS
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author:
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
