Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: audit response

Re: audit response

From: Niall Litchfield <n-litchfield_at_audit-commission.gov.uk>
Date: Mon, 28 Jul 2003 16:32:36 +0100
Message-ID: <3f254215$0$15036$ed9e5944@reading.news.pipex.net> 





"Quarkman" <quarkman_at_myrealbox.com> wrote in message
news:oprsvw9bw0r9lm4d_at_haydn...


> I disagree with Brian, actually. Trust doesn't have to come into it, and

if


> security is really needed, it shouldn't.




I tend to agree with Brian. You can have more and less secure actions but
whatever system you have in the end relies on people whom you have to trust.



>

> For example, in 9i Release 2, you can audit SYS actions (set

> AUDIT_SYS_OPERATIONS=TRUE). That produces a trace file at the O/S level,

> and one presumes that it would be possible (and sensible) to arrange for

> the file to be written to a directory to which the DBA doesn't have

rights.


> In Windows, the audit trail thus produced goes into the Event Viewer...

and


> again, one hopes that the DBA doesn't also have the ability to wipe that.

>

> In other words, by separating the functions of sysadmins and DBAs, and by

> investing in the latest releases of the software, you *can* audit SYS

> activity, reliably and securely.




And what happens if the sysadmins and dbas give each other trusted access?
You can audit this if they grant it, but if the one is allowed to jump on
the others machine 'just to do X its easier than a formal request' the
system is circumvented. It also doesn't address issues of compatibility and
support.



>

> Sure, the DBA could modify the init.ora, and set the audit option to

> false... but then you make that a disciplinary offence.




But that isn't saying you don't trust the DBA, but that you have sanctions
if trust is broken. That is fair enough and the normal way trust works. For
example most people are trusted not to steal stuff, if they do and are
caught they suffer sanctions.



> So there are technical ways to do it. And, more importantly perhaps, there

> are managerial approaches, to job differentiation and acceptable practice,

> which can do it, too.

>

> In this day and age, any secure system that relies ultimately on trust

> isn't secure.




I don't think Brian suggested that you just trusted your DBA or SYSADMIN and
then left it at that, just that pure technological solutions will always
fail.



-- 
Niall Litchfield
Oracle DBA
Audit Commission UK


Received on Mon Jul 28 2003 - 10:32:36 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US