Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: audit response

Re: audit response

From: Brian Peasland <dba_at_remove_spam.peasland.com>
Date: Mon, 28 Jul 2003 14:36:51 GMT
Message-ID: <3F253502.E565ADB@remove_spam.peasland.com> 





> I disagree with Brian, actually. Trust doesn't have to come into it, and if

> security is really needed, it shouldn't.




Someone has to have the keys to the kingdom. But you don't just give
those keys to anybody. 



There is some level of trust between the employer and the employee, no
matter what the job entails. The shareholders trust that the board and
the CEO will do the right things to make a profit. The CEO trusts the
VP's of the company to hire good managers. The managers hire DBAs, etc
and trust that they will do the right things for their company's
databases. Etc, etc, etc.



> In other words, by separating the functions of sysadmins and DBAs, and by

> investing in the latest releases of the software, you *can* audit SYS

> activity, reliably and securely.

> 

> Sure, the DBA could modify the init.ora, and set the audit option to

> false... but then you make that a disciplinary offence.




Right there is one level of trust. You know that the DBA can modify the
INIT.ORA. You know that they can take certain steps. If they bypass
those steps that are in your company's policies, you take appropriate,
maybe disciplinary, action. So even by your own words, you have placed a
certain level of trust in your DBAs hands and if they violate that
trust, you take appropriate action. 

 


> In this day and age, any secure system that relies ultimately on trust

> isn't secure.




I don't think that anyone said anything about relying ultimately on
trust. We have passwords. If we relied ultimately on trust, everyone
would be given the DBA account and allowed to roam freely. But we put
our database servers behind locked doors so that Joe Employee can't come
in and pull the plug. And as I said, "no system in our building does not
have an entry point that has complete control over that system." So
while an effort is made to make sure that the database is as secure as
possible, there is always at least one entry point that can bypass those
security measures. There is nothing to stop a DBA from deleting all of
the company's data. So you trust that DBA to not delete data that is not
supposed to be deleted. There is always a level of trust given to an
employee for some aspect of their job, until they violate that trust.



Cheers,


Brian





-- 
===================================================================

Brian Peasland
dba_at_remove_spam.peasland.com

Remove the "remove_spam." from the email address to email me.


"I can give it to you cheap, quick, and good. Now pick two out of
 the three"


Received on Mon Jul 28 2003 - 09:36:51 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US