Re: Auditing Oracle Database

From: Stefan Knecht <knecht.stefan_at_gmail.com>
Date: Wed, 16 Sep 2015 04:09:42 +0700
Message-ID: <CAP50yQ-j_kZtbVhQM5uo0TshfpgmLj+GPM=n0V+3yfcJro0-Qw_at_mail.gmail.com>



What Hans already suggested - and on top of that I'd ask myself who I'd want to audit , and what am I going to do with the data?

Just turning on auditing is easy. Making sure your audit data is used properly (anomalies are caught and acted upon) and your audit data is protected from being tampered with ( if I'm SYS and I have access to the "oracle" user, try to audit what I want to hide from you if I'm a malicious DBA) is the hard part, and is where your auditing implementation can shine or fall.

Stefan

On Wed, Sep 16, 2015 at 12:46 AM, Hans Forbrich <fuzzy.graybeard_at_gmail.com> wrote:

> The first question that comes to mind is: what is the purpose of the
> audit? There are a large number of purposes, and the best approach to
> auditing really depends on the scope and duration of the audit.
>
> I encourage you to work through the Oracle provided docs, especially the
> Oracle Security Guide. For 11gR2, use
> http://docs.oracle.com/cd/E11882_01/network.112/e36292/auditing.htm#DBSEG006
>
> I also encourage jumping on the Oracle Enterprise Manager Cloud Control
> bandwagon and using the built-in Compliance tools, which are basically an
> ongoing 'configuration and security' based on best practices. See the
> 'Compliance Standards' document hidden in the Reference section of the
> Enterprise Manager Cloud Control docs at http://docs.oracle.com (Why
> they make this so complicated to find, I'll never understand!)
>
> If your concern is Security, then consider reviewing the white papers at
> http://petefinningan.com or http://red-database-security.com
>
> And I have been pleasantly surprised by the 'Best Practice' PDF
> presentations by various consultancies as found by Googling "Best Practices
> Audit Oracle Database"
>
> HTH/
> Hans
> The opinions expressed are my own and do not necessarily reflect the
> opinions of Oracle Corp.
>
>
> On 15/09/2015 10:44 AM, carlos castro wrote:
>
>> Hello List,
>>
>> Can anyone point me in the right direction on how should i audit an
>> Oracle Database.
>> I will audit all the tiers and being the database one of those tiers i
>> am here looking for some help on the Db side
>> .
>> Is there a list of things i need to check?
>>
>> Or is a security and performance troubleshooting enough?
>>
>> Regards,
>>
>> Arestas
>> --
>> http://www.freelists.org/webpage/oracle-l
>>
>>
>>
>>
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>

--
http://www.freelists.org/webpage/oracle-l
Received on Tue Sep 15 2015 - 23:09:42 CEST

Original text of this message