Re: Question re security

From: Hans Forbrich <fuzzy.graybeard_at_gmail.com>
Date: Wed, 15 Jan 2014 07:37:16 -0700
Message-ID: <52D69D1C.2060104_at_gmail.com>



On 15/01/2014 3:58 AM, Nuno Souto wrote:
> Strange audit requirements... Are you sure the auditors had a vague
> notion what a
> network connection between an app server and a db server does and how
> it works?
> Our auditors haven't got a clue, so we just ignore ANY of their
> recommendations
> on the subject. They are the kind that "tut-tut" at select access on
> ALL_TABLES
> given to PUBLIC. Mostly because they trust blindly the output of
> "security check"
> scripts they have been sold by "experts" who hadn't a clue in the
> first place...

What I am sure of wrt auditor knowledge is that that the auditors can fail the organization if their recommendations are not followed, and that can get the org tossed from the NYSE/TSE and other exchanges. In such a situation, DBAs with attitude are expendable.

But in this case, the organization has a legit reason for keeping and analyzing the network traffic logs. I don't agree with the way they did it, nor do I agree in general with the architecture the vendor has chosen, but that is - according to the principal consultant - irrelevant.

--
http://www.freelists.org/webpage/oracle-l
Received on Wed Jan 15 2014 - 15:37:16 CET

Original text of this message