Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re:RE: How do you audit a DBA?

Re:RE: How do you audit a DBA?

From: Rachel Carmichael <carmichr_at_hotmail.com>
Date: Thu, 23 Aug 2001 12:11:35 -0700
Message-ID: <F001.00375C3A.20010823113656@fatcity.com>

Dick,

Actually, many states are "work at will" -- which means the company can fire you because. No reason, just because.

The idea of sending the DBA off on a training course -- NYS has a similar concept in the state banking laws. Anyone working for a state-chartered bank who has more than 2 weeks of vacation is required to take two weeks consecutively, those with 2 weeks or less have to take a week. The theory is, if you are "cooking the books" it should come to light in that time period.

Rachel

>From: dgoulet_at_vicr.com
>Reply-To: ORACLE-L_at_fatcity.com
>To: Multiple recipients of list ORACLE-L <ORACLE-L_at_fatcity.com>
>Subject: Re:RE: How do you audit a DBA?
>Date: Thu, 23 Aug 2001 09:36:29 -0800
>
>Waleed,
>
> Regrettably in our 'legalistic' world this is not possible if all you
>have
>is a suspicion, you need facts to back them up. And getting facts in this
>case
>can be very difficult at best. What could be a solution in this case is
>that
>someone has a suspicion that this person is modifying data inside these
>sensitive tables during some time frame. Well it may be wise to send them
>off
>for a week to a training class where they would be isolated from the
>database in
>question. If the alteration of data records ceases then there is probable
>cause
>for a more direct line of questioning, etc... If not you may be suspecting
>someone who is really a front for an other person who has acquired that
>DBA's
>password. My first line would be to have all of the DBA's change their
>passwords as well as the passwords for sys and system.
>
> I wonder, if I tried to connect to that database as
>sys/change_on_install or
>system/manager, would I succeed??
>
>Dick Goulet
>
>____________________Reply Separator____________________
>Author: "Khedr; Waleed" <Waleed.Khedr_at_FMR.COM>
>Date: 8/23/2001 9:11 AM
>
>If you don't trust the DBA then fire him!
>
>DBA has access to do everything including the audit records which he/she
>can
>modify easily!
>
>Waleed
>
>-----Original Message-----
>Sent: Thursday, August 23, 2001 12:52 PM
>To: Multiple recipients of list ORACLE-L
>
>
>you'd better audit changes to the trigger, and then changes to SYS.AUD$
>
>otherwise the DBA could disable the trigger, make the changes and re-enable
>it
>
>
>
>
> >From: Dave Leach <Dave.Leach_at_claybrook.co.uk>
> >Reply-To: ORACLE-L_at_fatcity.com
> >To: Multiple recipients of list ORACLE-L <ORACLE-L_at_fatcity.com>
> >Subject: How do you audit a DBA?
> >Date: Thu, 23 Aug 2001 07:56:29 -0800
> >
> >Anyone who can help,
> >
> >I've been asked if Oracle can somehow audit the DBA ie. Raise an alert if
> >the DBA were to execute DML statements against sensitive tables, this
> >assumes the DBA has the SYS password. I thought this was a pretty
> >reasonable question but couldn't think of an answer. My trail of though
> >was
> >maybe an email alert to a designated member of staff sent via a trigger
>on
> >the table.
> >
> >Any comments would be very appreciated.
> >
> >Dave Leach
> >
> >
> >
> >
> >**********************************************************************
> >The above information is confidential to the addressee and may be
> >privileged. Unauthorised access and use is prohibited.
> >
> >Internet communications are not secure and therefore this Company does
> >not accept legal responsibility for the contents of this message.
> >
> >If you are not the intended recipient, any disclosure, copying,
> >distribution or any action taken or omitted to be taken in reliance on
> >it, is prohibited and may be unlawful.
> >
> >Claybrook Computing Limited is a subsidiary of
> >Claybrook Computing (Holdings) Limited
> >Registered Office: Abbey House. 282 Farnborough Road, Farnborough,
> >Hampshire GU14 7NJ
> >Registered in England and Wales No 1287205
> >
> >A Hogg Robinson plc company
> >**********************************************************************
> >--
> >Please see the official ORACLE-L FAQ: http://www.orafaq.com
> >--
> >Author: Dave Leach
> > INET: Dave.Leach_at_claybrook.co.uk
> >
> >Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
> >San Diego, California -- Public Internet access / Mailing Lists
> >--------------------------------------------------------------------
> >To REMOVE yourself from this mailing list, send an E-Mail message
> >to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> >the message BODY, include a line containing: UNSUB ORACLE-L
> >(or the name of mailing list you want to be removed from). You may
> >also send the HELP command for other information (like subscribing).
>
>
>_________________________________________________________________
>Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
>
>--
>Please see the official ORACLE-L FAQ: http://www.orafaq.com
>--
>Author: Rachel Carmichael
> INET: carmichr_at_hotmail.com
>
>Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
>San Diego, California -- Public Internet access / Mailing Lists
>--------------------------------------------------------------------
>To REMOVE yourself from this mailing list, send an E-Mail message
>to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
>the message BODY, include a line containing: UNSUB ORACLE-L
>(or the name of mailing list you want to be removed from). You may
>also send the HELP command for other information (like subscribing).
>--
>Please see the official ORACLE-L FAQ: http://www.orafaq.com
>--
>Author: Khedr, Waleed
> INET: Waleed.Khedr_at_FMR.COM
>
>Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
>San Diego, California -- Public Internet access / Mailing Lists
>--------------------------------------------------------------------
>To REMOVE yourself from this mailing list, send an E-Mail message
>to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
>the message BODY, include a line containing: UNSUB ORACLE-L
>(or the name of mailing list you want to be removed from). You may
>also send the HELP command for other information (like subscribing).
>--
>Please see the official ORACLE-L FAQ: http://www.orafaq.com
>--
>Author:
> INET: dgoulet_at_vicr.com
>
>Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
>San Diego, California -- Public Internet access / Mailing Lists
>--------------------------------------------------------------------
>To REMOVE yourself from this mailing list, send an E-Mail message
>to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
>the message BODY, include a line containing: UNSUB ORACLE-L
>(or the name of mailing list you want to be removed from). You may
>also send the HELP command for other information (like subscribing).



Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Rachel Carmichael
  INET: carmichr_at_hotmail.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Thu Aug 23 2001 - 14:11:35 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US