Blue Core Research - DBA Guide to database Auditing

articles: 

The Problem
===========
The longer you've been working as a DBA, the more you've encountered things like these:

The time on a table changed and you don't remember doing it. You poke around but can't figure out who changed it.

There's someone you don't trust that you have to give access to. They are the kind of person that will look at things they are not supposed to, but you have to give them access.

There's someone who always messes things up when they get access. You know they'll do it again and you'll have to undo the damage. Would be nice to know what they are doing.

There's a contractor or a new employee that need access. You don't know them yet and not sure how reliable they are. It would be nice to be able to keep an eye on them.

Too many people have too much access and you're losing control. You try to figure out how to reduce the access they have or revoke some privileges, but this is pretty much what everyone claims they need to do their jobs.

You've been through an audit and the auditor wanted to know all sorts of things about the activity. Questions you just don't have the information needed to answer.

You probably spent many days chasing down the answers to these questions or try to find ways to collect it. The security in the database is set properly. The problem is that you need to know what people are doing with the access they have. This knowledge will give you more control.

The Solution
============
You might think there are no perfect solutions, but lets try to imagine one:

Low Overhead. The most important requirement is that it doesn't affect database performance. You want something that has such a low overhead that you wouldn't even know it's there.

Full Capture. You want an auditing tool that cannot be bypassed. We call that Full Capture. So even if you give access to one of those developers that read hacker magazines, you'll be able to see everything he does no matter how hard he tries to cover his tracks.

Easy Compliance. The compliance people that want you to audit your database want daily reports on many things. You want the reports to automatically generate and forget about them. When they ask for another column in the report, it's best if they can do it themselves. Second best is if you spend less than 2 minutes doing it for them.

To download the full DBA's guide to database auditing, goto http://www.bluecoreresearch.com/education/whitepapers/