Securing the database from the DBA

From: David M. Lee (leedm777_at_hotmail.com)
Date: 03/30/04 

Date: 30 Mar 2004 07:51:25 -0800

I've been thinking a lot lately about the additional security
requirements that the recent onslaught of legislations placed on
databases (HIPAA, Sarbanes-Oxley, Gramm-Leach-Bliley, California SB
1386).

Specifically, consider the requirements for keeping an audit trail of
data accesses and modifications. Within Oracle, triggers can be used
to track DDL, DML, logon, logoff, and a myriad of other interesting
events. Fine Grain Auditing can be used to audit SQL queries, and can
be coupled with Flashback so that you can see exactly what was seen by
those queries.

All of these methods, and many of Oracle's other security features,
put the responsibility on the shoulders of the DBA. But doesn't this
also give the DBA the powers to circumvent these measures? Can't he
delete rows from the audit logs? Can't he disable triggers or FGA
policies before doing something sneaky? When using the database's
facilities as your audit trail tool, doesn't the DBA have the
knowledge and ability to circumvent and cover up _anything_?

What do you do if you want to protect the data from the DBA?

Many companies now have separate security departments, as seen by the
rise of the 'Chief Security Officer'. If they wanted to put the
responsibilities of maintaining the database audit trail in the
security department, would they hire a DBA in that department to watch
the DBA in the IT department? Or should they use mechanisms outside
of Oracle for securing the database, such as some third party tool?

Maybe these concerns too far from the real world. Do most companies
simply let the DBA handle the database security, and worry about
whether he _should_ be the one handling security only after there is
an incident?

Thanks for your opinions!
dave
<><

Relevant Pages

  • =?iso-8859-1?Q?Re=3A_security_against_dba=B4s?=
    ... 1- The security regulations our enterprise is obliged to. ... 2.1- Log all the access the dba do on the database. ...
    (Security-Basics)
  • Re: External tables. Security concerns.
    ... the file system via the database - due to security concerns. ... means no external tables, no directory objects, no utl_file. ... the DBA can create the directory object and then grant READ and WRITE permissions to other database users. ... So the DBA does have a lot of control over security of the directory object. ...
    (comp.databases.oracle.server)
  • [NT] Multiple Vulnerabilities in Adaptive Server Anywhere Network Server
    ... Get your security news from a reliable source. ... database at the core of SQL Anywhere Studio 8, ... vulnerabilities, buffer overflows, and denial of service vulnerabilities). ... attack allowing an authenticated user to escalate privileges to 'dba' ...
    (Securiteam)
  • Sarbanes, anyone?
    ... done from a database security perspective and am trying to ... the DBA has system administrator rights and the DBA can be ... Server audit traces, but it seems that is an expensive ... monitoring requirements or if there are other options I'm ...
    (microsoft.public.sqlserver.security)
  • Re: Securing the database from the DBA
    ... IT Security professionals have responsibilities to setup security standards ... > also give the DBA the powers to circumvent these measures? ... > facilities as your audit trail tool, ...
    (comp.security.misc)