]]
Sent: Friday, September 07, 2001 12:37 PM
To: Multiple recipients of list ORACLE-L
Subject:RE: How do you audit a DBA?
I think the president should be the only one in charge, he just
tells the
dba what to do, i.e., alter the freelists on this table
There is an administrator account, but individual users can configure
access control lists on their files (right-click, properties, security)
that would prevent the administrator from reading them. The only way
that an administrator could then read them would be to take ownership
first. Unlike
point of failure again! so... the auditor is more
trusted than the DBA?
Who audits the auditor?
From: Guy Hammond [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED]
Subject: RE: How do you audit a DBA?
Date: Fri, 07 Sep 2001 01:45:06 -0800
-To: [EMAIL PROTECTED]
To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED]
Subject: RE: How do you audit a DBA?
Date: Fri, 07 Sep 2001 01:45:06 -0800
There is an administrator account, but individual users can configure
access control lists on their files (right-click, properties, security
is more
trusted than the DBA?
Who audits the auditor?
From: Guy Hammond [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED]
Subject: RE: How do you audit a DBA?
Date: Fri, 07 Sep 2001 01:45:06 -0800
There is an administrator account
]
To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED]
Subject: RE: How do you audit a DBA?
Date: Fri, 07 Sep 2001 01:45:06 -0800
There is an administrator account, but individual users can configure
access control lists on their files (right-click, properties, security)
that would prevent
: How do you audit a DBA?
Date: Fri, 07 Sep 2001 01:45:06 -0800
There is an administrator account, but individual users can configure
access control lists on their files (right-click, properties, security)
that would prevent the administrator from reading them. The only way
that an administrator
:
ail.com Subject: RE: How do you audit a DBA?
Sent
PROTECTED]]
Sent: Friday, September 07, 2001 12:37 PM
To: Multiple recipients of list ORACLE-L
Subject:RE: How do you audit a DBA?
I think the president should be the only one in charge, he just
tells the
dba what to do, i.e., alter the freelists
Does the manager three levels above you know you by name?
yup... and he's the CEO of the company too!
From: Boivin, Patrice J [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED]
Subject: RE: How do you audit a DBA?
Date: Fri, 07 Sep 2001 12
That is correct. For example, in NT you can assign a role to a user and
make them a Print Administrator - they can stop and start queues, set
permissions and priorities and so forth, do anything to do with
printers, but they can't, say create user accounts. There is another
role, Backup Operator,
but doesn't there have to be ONE account/role in NT that can assign all the
others? how else could you set up a role or continue to set them up?
From: Guy Hammond [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED]
Subject: RE: How do you
but doesn't there have to be ONE account/role in NT that can assign all
the
others? how else could you set up a role or continue to set them up?
From: Guy Hammond [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED]
Subject: RE: How do you
They were auditing all functions and software in IS.
-Original Message-
Sent: Wednesday, September 05, 2001 11:51 PM
To: Multiple recipients of list ORACLE-L
Your company's auditors auditing DBA or ORACLE database ?
-Original Message-
Sent: Thursday, 6 September 2001 12:16
What is the purpose of having a dba if he is not allowed to do anything?
Do not criticize someone until you walked a mile in their shoes, that way
when you criticize them, you are a mile a way and have their shoes.
Christopher R. Spence
Oracle DBA
Phone: (978) 322-5744
Fax:(707) 885-2275
You mean you think DBAs should do things? My company's auditors were aghast
when I told them that I did things such as write Unix scripts to monitor the
database. They were firmly of the opinion that DBAs should not be allowed
to write code, only developers should write code. That was a major
: Miller, Jay [SMTP:[EMAIL PROTECTED]]
Sent: Wednesday, September 05, 2001 1:16 PM
To: Multiple recipients of list ORACLE-L
Subject:RE: How do you audit a DBA?
You mean you think DBAs should do things? My company's auditors
were aghast
when I told
To: Multiple recipients of list ORACLE-L
Subject:RE: How do you audit a DBA?
You mean you think DBAs should do things? My company's auditors
were aghast
when I told them that I did things such as write Unix scripts to
monitor the
database. They were firmly
]
Sent by:cc:
[EMAIL PROTECTED]Subject: RE: How do you audit a DBA
warning
JayMiller@TDWate
rhouse.com To: [EMAIL PROTECTED]
Sent by:cc:
[EMAIL PROTECTED]Subject: RE: How do you
audit a DBA
rcom.com[EMAIL PROTECTED]
Sent by: cc:
root@fatcity.Subject: RE: How do you audit a DBA?
com
and the administrator account on a NT system can't do everything too?
From: Miller, Jay [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED]
Subject: RE: How do you audit a DBA?
Date: Wed, 05 Sep 2001 10:55:33 -0800
It was our Internal Audit
and the administrator account on a NT system can't do everything too?
From: Miller, Jay [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED]
Subject: RE: How do you audit a DBA?
Date: Wed, 05 Sep 2001 10:55:33 -0800
It was our Internal Audit department
Your company's auditors auditing DBA or ORACLE database ?
-Original Message-
Sent: Thursday, 6 September 2001 12:16 AM
To: Multiple recipients of list ORACLE-L
You mean you think DBAs should do things? My company's auditors were aghast
when I told them that I did things such as write
[SMTP:[EMAIL PROTECTED]]
Sent: Thursday, August 23, 2001 6:30 PM
To: Multiple recipients of list ORACLE-L
Subject:RE: RE: How do you audit a DBA?
Why don't you get some Conan the Barbarian lookinn fella to
stand
behind
Title: RE: OT RE: RE: How do you audit a DBA?
I
went to see that movie, The Mummy Returns, when it came out, 'cos The Rock was
in it, and I was hoping for some long, rambling monologues from the Scorpion
King about how he planned to lay the smackdown on the Egyptians' candy asses,
shut your
)
-Original Message-
From: Kevin Kostyszyn [SMTP:[EMAIL PROTECTED]]
Sent: Thursday, August 23, 2001 6:30 PM
To: Multiple recipients of list ORACLE-L
Subject:RE: RE: How do you audit a DBA?
Why don't you get some Conan
Title: RE: OT RE: RE: How do you audit a DBA?
C'mon. I'd vote for The Rock instead, along with all The Rock's witty comments. That would be awfully darn distracting, and you could be sure your DBA would get NOTHING done :)
Honestly, if there's a need to audit the dba, maybe he or she should
Title: RE: OT RE: RE: How do you audit a DBA?
It
would be like in the SNL episode, where the Rock was Nicotrol, to help people
stop smoking. That was very funny!!!
-Original Message-From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Koivu, LisaSent:
Monday, August
If you're a DBA long enough, you
can grow your own. :)
Jared
On Friday 24 August 2001 06:16, Thater, William wrote:
Scott Shafer wrote:
If the folding metal chair at my computer desk wasn't so cold, I wouldn't
bother...
--Scott
two words: seat cushion.;-)
--
Please see the official
Thanks for all the serious and amusing replies on this, superb stuff!!
Seriously, I raised this question just to cover my back so when I give my
answer (the answer being NO!!) then no other bright spark can justifiably
contradict it.
Thanks again for your time,
Dave Leach
I have no direct experience of this on Oracle, but I do know that
trusted operating systems make it possible to prevent the sysadmin from
reading files. They can be backed up to tape and restored, but they
couldn't be opened by a regular process such as a text editor without
the operating system
Germany, lived there also, 3 years, beautiful and the only place where
trash was laying around in the street was where the American military
housing was. go figure.
joe
Scott Shafer wrote:
You know, I lived in Berlin for 2 years, and if I could figure out all the
Scott Shafer wrote:
If the folding metal chair at my computer desk wasn't so cold, I wouldn't
bother...
--Scott
two words: seat cushion.;-)
--
--
Bill Shrek Thater ORACLE DBA
Telergy,Inc. [EMAIL PROTECTED]
Trusted Oracle is very much like regular Oracle. Most of the
security actually comes from the OS. That being said it does have
row level security so you have to match or superseed the privilage
that the row has to see the row but sys has the ability to change
to the higher level and you
I have same impression for Amsterdam, Netherlands where I lived for 3 years
1984-87 and enjoyed my time Got married and had 2 beautiful
baby girls
Have a nice weekend
Regards
MOHAMMAD RAFIQ
Reply-To: [EMAIL PROTECTED]
To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED]
This has been discussed before, I'll try to summarize it as I remember.
Sure, you could put triggers, turn on auditing, whatever. But the DBA
by nature of his job function, can disable, remove, whatever you turn
on.
So it basically comes down to trusting your DBA, or getting a new DBA.
Oh hell, if you don't trust him, just fire him, not the trigger.
-Original Message-
Sent: Thursday, August 23, 2001 11:56 AM
To: Multiple recipients of list ORACLE-L
Anyone who can help,
I've been asked if Oracle can somehow audit the DBA ie. Raise an alert if
the DBA were to
you'd better audit changes to the trigger, and then changes to SYS.AUD$
otherwise the DBA could disable the trigger, make the changes and re-enable
it
From: Dave Leach [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED]
Subject: How do
If you don't trust the DBA then fire him!
DBA has access to do everything including the audit records which he/she can
modify easily!
Waleed
-Original Message-
Sent: Thursday, August 23, 2001 12:52 PM
To: Multiple recipients of list ORACLE-L
you'd better audit changes to the trigger,
I think i see where this thread is going.
You'd better audit change to the trigger that audits changes to the data
that
audits the DBA that you don't trust.
Maybe throwing another trigger at it will help?
Maybe installing a 24x7 DBA-cam above his cube?
Maybe feeding him a higher grade of
'..fire him, not the trigger.'
ver-y clever.
-Original Message-
Sent: Thursday, August 23, 2001 9:47 AM
To: Multiple recipients of list ORACLE-L
Oh hell, if you don't trust him, just fire him, not the trigger.
-Original Message-
Sent: Thursday, August 23, 2001 11:56 AM
To:
Write a letter to the IRS stating that he did not report
all his income last year. They will be happy to audit
him.
Ken Janusz, CPIM
I think i see where this thread is going.
You'd better audit change to the trigger that audits changes to the data
that
audits the DBA that you don't
DBA-cam now there's a kewl concept :)
Then we can see what the goddess's desk looks like.
Whether Lisa looks like Laura or not, etc.
This has serious potential
joe
[EMAIL PROTECTED] 08/23/01 01:11PM
I think i see where this thread is going. You'd better
audit change to the trigger that
LOL!!! The IRS Audit trigger! New in Oracle 10i!!!
-Original Message-
Sent: Thursday, August 23, 2001 2:23 PM
To: Multiple recipients of list ORACLE-L
Write a letter to the IRS stating that he did not report
all his income last year. They will be happy to audit
him.
Ken Janusz,
Maybe too clever?
Hell, they haven't fired me yet!
Of course, every time i type something, my network card lights up and my
hard drive
whirs, but other than that, I have no reason to suspect my every breath is
being monitored!
-Original Message-
Sent: Thursday, August 23, 2001 1:27 PM
It's shocking to me that you would consider
such a thing, Young Joseph!
;-)
-Original Message-From: JOE TESTA
[mailto:[EMAIL PROTECTED]]Sent: Thursday, August 23, 2001 2:23
PMTo: Multiple recipients of list ORACLE-LSubject: OT
RE: How do you audit a DBA?
DBA-cam now
If it's really that bad, then we are talking about setting something up that
the DBA wouldn't know about!
I do not know if the logminer could help here!
Regards,
Waleed
-Original Message-
Sent: Thursday, August 23, 2001 1:36 PM
To: Multiple recipients of list ORACLE-L
Waleed,
PROTECTED] mailto:[EMAIL PROTECTED]
-Original Message-
From: Khedr, Waleed [SMTP:[EMAIL PROTECTED]]
Sent: Thursday, August 23, 2001 2:12 PM
To: Multiple recipients of list ORACLE-L
Subject:RE: How do you audit a DBA?
If you
: JOE TESTA [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED]
Subject: OT RE: How do you audit a DBA?
Date: Thu, 23 Aug 2001 10:23:09 -0800
DBA-cam now there's a kewl concept :)
Then we can see what the goddess's desk looks like.
Whether Lisa
2001 2:23
PMTo: Multiple recipients of list ORACLE-LSubject: OT
RE: How do you audit a DBA?
DBA-cam now there's a kewl concept :)
Then we can see what the goddess's desk looks like.
Whether Lisa looks like Laura or not, etc.
This has serious potential
joe
[EMAIL PROTEC
At 03:02 PM 8/23/2001, you wrote:
You might want to take a peek at the relatively old Oracle Security book by
O'Reilly Press, it talks about triggers.
or you might just want to wait for the new security 101 book due out RSN.
--
Bill Shrek Thater ORACLE DBA
Telergy,Inc.
Dave,
If the DBA is competent, he or she cannot be audited by the database.
Any skillful DBA can work around anything you do to the database.
Maybe if you sniffed the network for SQL*Net packets you could look
for suspicious activity, and severely limit access to the console that
would avoid
maybe/maybe not, here is why,
if i'm going to make changes(and try not to get caught),i'd be granting
update on table to someone else, change their password, login as them, change
the password back and it would totally look like someone else did it.
If you can't trust the DBA, there is
Without the DBA knowing it. Install a program that logs every keystork on all the DBA
workstations.
And since you are at it, might as well install it on every computer within the
company. This way you can audit the CEO if you want. :)
[EMAIL PROTECTED] 08/23/01 04:10PM
maybe/maybe not,
I once told a user - on a dumb terminal - (or was that a dumb user
on a terminal...) that the character mode computer system monitors
what they do at their desks.
I was kidding, I promise. Maybe I even smiled.
Within hours I was called in to the CFO. The users were revolting.
Oy vey.
yosi
not Security 101 -- Oracle8i Security Handbook
it's on the Osborne site, should be out soon
From: Thater, William [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED]
Subject: RE: How do you audit a DBA?
Date: Thu, 23 Aug 2001 11:43:43 -0800
Marlene Theriault wrote that book... and she's got a new one coming out soon
from Oracle Press, Oracle8i Security Handbook
From: Boivin, Patrice J [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED]
Subject: RE: How do you audit a DBA?
Date
At 04:17 PM 8/23/2001, JOE TESTA wrote:
But I was NOT the one who brought up DBAing in my pajamas ;)
joe
all i say is the goddess is very attractive, IMNSHO. and i ain't gonna
touch the pajamas line with an 11' Hungarian!
and if they started any of this auditing here, and i'd know, i'd walk
You don't need to install a program, seems govt agencies are capable of
using EMI techniques to capture (the keystrokes) what you are typing,
sitting outside your home. There is a case against in the court right now
where judge asked to explain the technology recently.
What the heck, believe in
If the dba is worth their paycheck, there isn't much you can install without
them finding it.
Do not criticize someone until you walked a mile in their shoes, that way
when you criticize them, you are a mile a way and have their shoes.
Christopher R. Spence
Oracle DBA
Phone: (978) 322-5744
recipients of list ORACLE-L
[EMAIL PROTECTED]
erger.com cc:
Sent by: Subject: RE: OT RE: How do you audit a
DBA
:17
PMTo: Multiple recipients of list ORACLE-LSubject: RE:
OT RE: How do you audit a DBA?
But I was NOT the one who brought up "DBAing in my pajamas" ;)
joe
[EMAIL PROTECTED] 08/23/01 03:16PM
It's shocking to me that you would
consider such a thing, Yo
recipients of list ORACLE-LSubject: RE:
OT RE: How do you audit a DBA?
But I was NOT the one who brought up "DBAing in my pajamas" ;)
joe
[EMAIL PROTECTED] 08/23/01 03:16PM
It's shocking to me that you would
consider such a thing, Young Joseph!
;-)
---
sorry, that's Oracle Security Handbook
From: Rachel Carmichael [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED]
Subject: RE: How do you audit a DBA?
Date: Thu, 23 Aug 2001 12:25:48 -0800
Marlene Theriault wrote that book... and she's got
ORACLE-L [EMAIL PROTECTED]
erger.com cc:
Sent by: Subject: RE: OT RE: How do you
audit a DBA?
[EMAIL PROTECTED]
om
08/23/01 03:17
PM
Yea, and in 13i we won't need the data.
Then, in 14i, we won't need the Internet.
In 15, we'll just sit at home and rot.
-Original Message-
Sent: Thursday, August 23, 2001 5:10 PM
To: Multiple recipients of list ORACLE-L
You don't need to install a program, seems govt agencies are
-LSubject: OT
RE: How do you audit a DBA?
That sounds more like Rachel or Lisa.
G
Let's hope it wasn't Shrek, Dorothy, or
any of the other members
of the trans-species gang that pulled me
onto their flying saucer last night.
-Original Message-From: JOE TESTA
I want to be required to take 2 weeks vacation.
-Original Message-
From: Rachel Carmichael [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 23, 2001 3:37 PM
To: Multiple recipients of list ORACLE-L
Subject: Re:RE: How do you audit a DBA?
Dick,
Actually, many states are
Move to Germany. They actually have to come up with a justification for NOT
taking vacation!
Kip
|I want to be required to take 2 weeks vacation.
| -Original Message-
| From: Rachel Carmichael [mailto:[EMAIL PROTECTED]]
| Sent: Thursday, August 23, 2001 3:37 PM
| To: Multiple
-To: [EMAIL PROTECTED]
To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED]
Subject: RE: OT RE: How do you audit a DBA?
Date: Thu, 23 Aug 2001 13:48:02 -0800
Don't we all at some point in time. Although I am just in shorts and tee
shirt
now. Felt that I should not work in the office so soon
you'd be surprised, it's not always that great. I ended up doing all sorts
of chores
From: Anderson, Brian [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED]
Subject: RE: RE: How do you audit a DBA?
Date: Thu, 23 Aug 2001 14:29:23 -0800
I
You know, I lived in Berlin for 2 years, and if I could figure out all the
employment/health-care/housing laws I would move back in a heartbeat.
Scott Shafer
Converse, TX
- Original Message -
To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED]
Sent: Thursday, August 23, 2001
[EMAIL PROTECTED]
Subject: RE: OT RE: How do you audit a DBA?
Date: Thu, 23 Aug 2001 13:48:02 -0800
Don't we all at some point in time. Although I am just in shorts and tee
shirt
now. Felt that I should not work in the office so soon after coming off
vacation.
-Original Message
74 matches
Mail list logo