Re: Anyone Have Experience With McAfee DB Products?
Date: Tue, 18 Feb 2014 08:05:10 +0000
Message-ID: <CABe10saixE-iADQQ9razFDZYNvJ5_Ld-OS9EhHsntwfXT30QYQ_at_mail.gmail.com>
Actually now I look at the description "Database Vulnerability Scanner" that looks like Sentrigo functionality that we do use and I described below.
On Feb 18, 2014 7:19 AM, "Niall Litchfield" <niall.litchfield_at_gmail.com> wrote:
> We use DAM here and I'm pretty happy with it. You will likely find, much
> as anyone who has ever turned on auditing finds, a large number of alerts
> to start with until you get your rules sorted - each *use* of a privilege
> or potentially insecure feature gets flagged - so you probably want to
> limit access to the console to start with. If you search for Sentrigo
> Hedgehog you'll no doubt find more user reviews and opinion. We don't yet
> use it against SQL and we don't use the other product you mention so I'll
> not comment on them
> On Feb 17, 2014 8:01 PM, "Scott Canaan" <srcdco_at_rit.edu> wrote:
>
>> Our security office is looking at having the McAfee Database Activity
>> Monitor and McAfee Database Vulnerability Scanner installed on all of our
>> Oracle and SQL Server databases and servers. This is not the standalone
>> configuration, but the configuration with the ePo server that would collect
>> all of the information from each server and database and consolidate the
>> information into a standard console that many people would have access to.
>>
>>
>>
>> Has anyone had any experience with either or both of these products? If
>> so, do you have any concerns about the level of access the user has on the
>> server and in the database?
>>
>>
>>
>> Thank you,
>>
>>
>>
>> Scott Canaan '88 (srcdco_at_rit.edu)
>>
>> (585) 475-7886 - work
>>
>> "Life is like a sewer, what you get out of it depends on what you put
>> into it." - Tom Lehrer
>>
>>
>>
>
-- http://www.freelists.org/webpage/oracle-lReceived on Tue Feb 18 2014 - 09:05:10 CET