| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: How do you audit a DBA?
Dave,
If the DBA is competent, he or she cannot be audited by the database.
Any skillful DBA can work around anything you do to the database.
Maybe if you sniffed the network for SQL*Net packets you could look for suspicious activity, and severely limit access to the console that would avoid using TCP.
If you are using Advanced Security, sniffing the network won't work.
Maybe the DBA's should be trusted?
Either that, or let upper management manage the database.
And since when has management proved to be more trustworthy than the DBA's ?
I think it must be very difficult to audit someone that has the
responsibility
to manage not only the technical medium in which a company's data is
stored, but also responsible for the care and safekeeping of that same
data, at least from an operational perspective.
Jared
Dave Leach
<Dave.Leach_at_CLAYBR To: Multiple recipients of list
ORACLE-L <ORACLE-L_at_fatcity.com>
OOK.CO.UK> cc:
Sent by: Subject: How do you audit a DBA?
root_at_fatcity.com
08/23/01 08:56 AM
Please respond to
ORACLE-L
Anyone who can help,
I've been asked if Oracle can somehow audit the DBA ie. Raise an alert if
the DBA were to execute DML statements against sensitive tables, this
assumes the DBA has the SYS password. I thought this was a pretty
reasonable question but couldn't think of an answer. My trail of though
was
maybe an email alert to a designated member of staff sent via a trigger on
the table.
Any comments would be very appreciated.
Dave Leach
Internet communications are not secure and therefore this Company does not accept legal responsibility for the contents of this message.
If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful.
Claybrook Computing Limited is a subsidiary of
Claybrook Computing (Holdings) Limited
Registered Office: Abbey House. 282 Farnborough Road, Farnborough,
Hampshire GU14 7NJ
Registered in England and Wales No 1287205
A Hogg Robinson plc company
-- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Dave Leach INET: Dave.Leach_at_claybrook.co.uk Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-LReceived on Thu Aug 23 2001 - 14:10:58 CDT
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: Jared.Still_at_radisys.com Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
 |
 |