Solved

oracle database auditing

Posted on 2014-03-27
2
443 Views
Last Modified: 2014-04-11
I appreciate this falls into the realms of "it depends on company policy" etc. But when it comes to enabling auditing on oracle databases that process PII data, are there any best practices on what exactly you should be auditing, or what specific events you should monitor for access abuse/misuse, data theft etc. I didnt no whether there are any best practices in this area, or any examples on what you log and monitor in your databases.
0
Comment
Question by:pma111
2 Comments
 
LVL 12

Accepted Solution

by:
praveencpk earned 250 total points
ID: 39959683
0
 
LVL 23

Assisted Solution

by:David
David earned 250 total points
ID: 39960726
Perhaps my best practice approach is to identify risk, and mitigate it -- not particularly an audit issue.  Or rather, one may turn on, and might even have the personnel to track, all manner of audit -- but that's not the target -- data integrity is, or should be.

Another view, auditing reports what happened, but doesn't do a blessed thing to prevent the attack from happening.

The sfisaca paper had a lot of marketing fluff but did mention some good points.  For example, data that is encrypted at rest, and encrypted in transit, is going to address the major part of your risk.  Hardening the system, and the network, to least access, follows next.  The U.S. federal government publishes their security technical implementation guides (STIG) at http://iase.disa.mil/stigs/ (unclassified).  Before a new server can be staged in production, for example, it is tested for federal best practices -- one of which, for example, is that the oracle installation user and o/s group must exclude the oracle DBAs.  The DBAs can read logs, etc., but don't need to modify nor execute the binaries.  

Another good point about the DISA checklist is that they provide gradients:  a category one violation is a showstopper to us; twos require a formal, management approved exception, and threes are more likely to be documented if they can't be resolved.  Under this approach one may focus upon covering (auditing) the risk of known weaknesses.

In some shops, developers may want a copy of production data in test and QA environments, so that they "can work with current conditions".  Non-production environments may relax security requirements -- no one willingly maintains a 16-character password every 30 days.......  As a former developer, I am aware of how easily Oracle can provide profiles and execution plans from production, and workload playback, to simulate those conditions.  In Oracle 12c, PII data can be (should be) masked and / or redacted to change PII data into simple random strings.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Oracle RAC 12c 8 54
SQL anywhere 11 databases 1 65
Insert with SET how to handle join 6 56
How to SQL Trace a SPECIFIC query 24 56
SQL Command Tool comes with APEX under SQL Workshop. It helps us to make changes on the database directly using a graphical user interface. This helps us writing any SQL/ PLSQL queries and execute it on the database and we can create any database ob…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
Via a live example, show how to restore a database from backup after a simulated disk failure using RMAN.

948 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now