Re: Securing the database from the DBA

From: Barry Margolin (barmar_at_alum.mit.edu)
Date: 03/30/04 

Date: Tue, 30 Mar 2004 14:12:44 -0500

In article <8df1fe79.0403300751.5d4ff344@posting.google.com>,
 leedm777@hotmail.com (David M. Lee) wrote:

> All of these methods, and many of Oracle's other security features,
> put the responsibility on the shoulders of the DBA. But doesn't this
> also give the DBA the powers to circumvent these measures? Can't he
> delete rows from the audit logs? Can't he disable triggers or FGA
> policies before doing something sneaky? When using the database's
> facilities as your audit trail tool, doesn't the DBA have the
> knowledge and ability to circumvent and cover up _anything_?

The database should log the actions that can be used to disable any of
these features. So if something suspicious happens with the database,
and you see this in the log, it's strong circumstantial evidence that
the DBA was responsible.

Logs can be sent to remote devices or hardcopy that only the security
department has physical access to.

If you really need a high level of checks and balances, I suppose you
could implement something analogous to the way nuclear missiles are
launched: two keys have to be turned simultaneously, and they're located
far enough apart that one person can't do it by himself. Something
analogous would be a requirement that two people in different rooms
enter commands to disable the database logging/auditing policies. 

-- 
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
Quantcast