Solved

oracle database auditing

Posted on 2014-03-27
2
445 Views
Last Modified: 2014-04-11
I appreciate this falls into the realms of "it depends on company policy" etc. But when it comes to enabling auditing on oracle databases that process PII data, are there any best practices on what exactly you should be auditing, or what specific events you should monitor for access abuse/misuse, data theft etc. I didnt no whether there are any best practices in this area, or any examples on what you log and monitor in your databases.
0
Comment
Question by:pma111
2 Comments
 
LVL 12

Accepted Solution

by:
praveencpk earned 250 total points
ID: 39959683
0
 
LVL 23

Assisted Solution

by:David
David earned 250 total points
ID: 39960726
Perhaps my best practice approach is to identify risk, and mitigate it -- not particularly an audit issue.  Or rather, one may turn on, and might even have the personnel to track, all manner of audit -- but that's not the target -- data integrity is, or should be.

Another view, auditing reports what happened, but doesn't do a blessed thing to prevent the attack from happening.

The sfisaca paper had a lot of marketing fluff but did mention some good points.  For example, data that is encrypted at rest, and encrypted in transit, is going to address the major part of your risk.  Hardening the system, and the network, to least access, follows next.  The U.S. federal government publishes their security technical implementation guides (STIG) at http://iase.disa.mil/stigs/ (unclassified).  Before a new server can be staged in production, for example, it is tested for federal best practices -- one of which, for example, is that the oracle installation user and o/s group must exclude the oracle DBAs.  The DBAs can read logs, etc., but don't need to modify nor execute the binaries.  

Another good point about the DISA checklist is that they provide gradients:  a category one violation is a showstopper to us; twos require a formal, management approved exception, and threes are more likely to be documented if they can't be resolved.  Under this approach one may focus upon covering (auditing) the risk of known weaknesses.

In some shops, developers may want a copy of production data in test and QA environments, so that they "can work with current conditions".  Non-production environments may relax security requirements -- no one willingly maintains a 16-character password every 30 days.......  As a former developer, I am aware of how easily Oracle can provide profiles and execution plans from production, and workload playback, to simulate those conditions.  In Oracle 12c, PII data can be (should be) masked and / or redacted to change PII data into simple random strings.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains all about SQL Server Piecemeal Restore with examples in step by step manner.
Read about achieving the basic levels of HRIS security in the workplace.
This videos aims to give the viewer a basic demonstration of how a user can query current session information by using the SYS_CONTEXT function
Via a live example, show how to restore a database from backup after a simulated disk failure using RMAN.

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question