Solved

oracle database auditing

Posted on 2014-03-27
2
458 Views
Last Modified: 2014-04-11
I appreciate this falls into the realms of "it depends on company policy" etc. But when it comes to enabling auditing on oracle databases that process PII data, are there any best practices on what exactly you should be auditing, or what specific events you should monitor for access abuse/misuse, data theft etc. I didnt no whether there are any best practices in this area, or any examples on what you log and monitor in your databases.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 12

Accepted Solution

by:
Praveen Kumar Chandrashekatr earned 250 total points
ID: 39959683
0
 
LVL 23

Assisted Solution

by:David
David earned 250 total points
ID: 39960726
Perhaps my best practice approach is to identify risk, and mitigate it -- not particularly an audit issue.  Or rather, one may turn on, and might even have the personnel to track, all manner of audit -- but that's not the target -- data integrity is, or should be.

Another view, auditing reports what happened, but doesn't do a blessed thing to prevent the attack from happening.

The sfisaca paper had a lot of marketing fluff but did mention some good points.  For example, data that is encrypted at rest, and encrypted in transit, is going to address the major part of your risk.  Hardening the system, and the network, to least access, follows next.  The U.S. federal government publishes their security technical implementation guides (STIG) at http://iase.disa.mil/stigs/ (unclassified).  Before a new server can be staged in production, for example, it is tested for federal best practices -- one of which, for example, is that the oracle installation user and o/s group must exclude the oracle DBAs.  The DBAs can read logs, etc., but don't need to modify nor execute the binaries.  

Another good point about the DISA checklist is that they provide gradients:  a category one violation is a showstopper to us; twos require a formal, management approved exception, and threes are more likely to be documented if they can't be resolved.  Under this approach one may focus upon covering (auditing) the risk of known weaknesses.

In some shops, developers may want a copy of production data in test and QA environments, so that they "can work with current conditions".  Non-production environments may relax security requirements -- no one willingly maintains a 16-character password every 30 days.......  As a former developer, I am aware of how easily Oracle can provide profiles and execution plans from production, and workload playback, to simulate those conditions.  In Oracle 12c, PII data can be (should be) masked and / or redacted to change PII data into simple random strings.
0

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SharePoint 2013 Search not working 9 75
Oracle SQL-Queries on a RAC Database 3 48
Oracle Date add 9 36
Format dates for use with Progress Database from Pyhton 1 29
This post first appeared at Oracleinaction  (http://oracleinaction.com/undo-and-redo-in-oracle/)by Anju Garg (Myself). I  will demonstrate that undo for DML’s is stored both in undo tablespace and online redo logs. Then, we will analyze the reaso…
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
This video shows, step by step, how to configure Oracle Heterogeneous Services via the Generic Gateway Agent in order to make a connection from an Oracle session and access a remote SQL Server database table.
Via a live example, show how to restore a database from backup after a simulated disk failure using RMAN.

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question