Apparently it's possible to seperate certain functions out on NT. I don't
know the details since my NT knowledge is limited to setting up Oracle
Client software on it.
-----Original Message-----
Sent: Wednesday, September 05, 2001 4:13 PM
To: Multiple recipients of list ORACLE-L
and the administrator account on a NT system can't do everything too?
>From: "Miller, Jay" <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
>Subject: RE: How do you audit a DBA?
>Date: Wed, 05 Sep 2001 10:55:33 -0800
>
>It was our Internal Audit department. And their issue with Unix is the
>same
>issue they have with Oracle. root can do anything, sys can do anything.
>This is evil incarnate.
>
>External security problems aren't nearly as important. And yes, it's
>crazy.
>
>Jay Miller
>
>-----Original Message-----
>Sent: Wednesday, September 05, 2001 1:32 PM
>To: Multiple recipients of list ORACLE-L
>
>
>
>Who was the Auditing Co? If they think that NT is more secure than unix, I
>don't want them around
>any company I work for...
>
>Ron Thomas
>Hypercom, Inc
>[EMAIL PROTECTED]
>"Either lead by example, or become a terrible warning"
>
>
>
>
> JayMiller@TDWate
>
> rhouse.com To: [EMAIL PROTECTED]
>
> Sent by: cc:
>
> [EMAIL PROTECTED] Subject: RE: How do you
>audit a DBA?
>
>
>
>
> 09/05/01 09:15
>
> AM
>
> Please respond
>
> to ORACLE-L
>
>
>
>
>
>
>
>
>
>You mean you think DBAs should do things? My company's auditors were
>aghast
>when I told them that I did things such as write Unix scripts to monitor
>the
>database. They were firmly of the opinion that DBAs should not be allowed
>to write code, only developers should write code. That was a major audit
>violation right there. We eventually finessed the issue (we didn't bring
>it
>up again and they forgot about it as they pursued more important things
>such
>as trying to convince the company to drop Unix since it wasn't as secure as
>NT), but for a while I started speaking to headhunters again in case all
>the
>things the auditors were insisting on were actually put in place.
>
>
>-----Original Message-----
>Sent: Wednesday, September 05, 2001 9:06 AM
>To: Multiple recipients of list ORACLE-L
>
>
>What is the purpose of having a dba if he is not allowed to do anything?
>
>"Do not criticize someone until you walked a mile in their shoes, that way
>when you criticize them, you are a mile a way and have their shoes."
>
>Christopher R. Spence
>Oracle DBA
>Phone: (978) 322-5744
>Fax: (707) 885-2275
>
>Fuelspot
>73 Princeton Street
>North, Chelmsford 01863
>
>
>
>
>-----Original Message-----
>Sent: Thursday, August 23, 2001 1:12 PM
>To: Multiple recipients of list ORACLE-L
>
>
>Dave,
>
> Your question is somewhat puzzling. Anyone with DBA privileges can
>get
>to any table they want since the DBA role contains the 'select any table',
>'update any table', 'delete any table', and 'insert any table' system
>privileges. You would not require the sys or system passwords to
>accomplish
>that task. Is the person asking the question suspicious of one person or
>all of the DBA's at your site? At any rate it would be best to audit all
>activity against the tables in question and then filter the data after the
>fact. This is somewhat more important since a trigger cannot catch a
>select, but database auditing can.
>Also, if it's a DBA who is questionable he/she would have access to empty
>out the sys.aud$ table of any activity they created.
>
>Dick Goulet
>
>____________________Reply Separator____________________
>Author: Dave Leach <[EMAIL PROTECTED]>
>Date: 8/23/2001 7:56 AM
>
>Anyone who can help,
>
>I've been asked if Oracle can somehow audit the DBA ie. Raise an alert if
>the DBA were to execute DML statements against sensitive tables, this
>assumes the DBA has the SYS password. I thought this was a pretty
>reasonable question but couldn't think of an answer. My trail of though
>was
>maybe an email alert to a designated member of staff sent via a trigger on
>the table.
>
>Any comments would be very appreciated.
>
>Dave Leach
>
>
>
>
>**********************************************************************
>The above information is confidential to the addressee and may be
>privileged. Unauthorised access and use is prohibited.
>
>Internet communications are not secure and therefore this Company does not
>accept legal responsibility for the contents of this message.
>
>If you are not the intended recipient, any disclosure, copying,
>distribution
>or any action taken or omitted to be taken in reliance on it, is prohibited
>and may be unlawful.
>
>Claybrook Computing Limited is a subsidiary of
>Claybrook Computing (Holdings) Limited
>Registered Office: Abbey House. 282 Farnborough Road, Farnborough,
>Hampshire
>GU14 7NJ Registered in England and Wales No 1287205
>
>A Hogg Robinson plc company
>**********************************************************************
>--
>Please see the official ORACLE-L FAQ: http://www.orafaq.com
>--
>Author: Dave Leach
> INET: [EMAIL PROTECTED]
>
>Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
>San Diego, California -- Public Internet access / Mailing Lists
>--------------------------------------------------------------------
>To REMOVE yourself from this mailing list, send an E-Mail message
>to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the
>message BODY, include a line containing: UNSUB ORACLE-L (or the name of
>mailing list you want to be removed from). You may also send the HELP
>command for other information (like subscribing).
>--
>Please see the official ORACLE-L FAQ: http://www.orafaq.com
>--
>Author:
> INET: [EMAIL PROTECTED]
>
>Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
>San Diego, California -- Public Internet access / Mailing Lists
>--------------------------------------------------------------------
>To REMOVE yourself from this mailing list, send an E-Mail message
>to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the
>message BODY, include a line containing: UNSUB ORACLE-L (or the name of
>mailing list you want to be removed from). You may also send the HELP
>command for other information (like subscribing).
>--
>Please see the official ORACLE-L FAQ: http://www.orafaq.com
>--
>Author: Christopher Spence
> INET: [EMAIL PROTECTED]
>
>Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
>San Diego, California -- Public Internet access / Mailing Lists
>--------------------------------------------------------------------
>To REMOVE yourself from this mailing list, send an E-Mail message
>to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
>the message BODY, include a line containing: UNSUB ORACLE-L
>(or the name of mailing list you want to be removed from). You may
>also send the HELP command for other information (like subscribing).
>--
>Please see the official ORACLE-L FAQ: http://www.orafaq.com
>--
>Author: Miller, Jay
> INET: [EMAIL PROTECTED]
>
>Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
>San Diego, California -- Public Internet access / Mailing Lists
>--------------------------------------------------------------------
>To REMOVE yourself from this mailing list, send an E-Mail message
>to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
>the message BODY, include a line containing: UNSUB ORACLE-L
>(or the name of mailing list you want to be removed from). You may
>also send the HELP command for other information (like subscribing).
>
>
>
>
>--
>Please see the official ORACLE-L FAQ: http://www.orafaq.com
>--
>Author: Ron Thomas
> INET: [EMAIL PROTECTED]
>
>Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
>San Diego, California -- Public Internet access / Mailing Lists
>--------------------------------------------------------------------
>To REMOVE yourself from this mailing list, send an E-Mail message
>to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
>the message BODY, include a line containing: UNSUB ORACLE-L
>(or the name of mailing list you want to be removed from). You may
>also send the HELP command for other information (like subscribing).
>--
>Please see the official ORACLE-L FAQ: http://www.orafaq.com
>--
>Author: Miller, Jay
> INET: [EMAIL PROTECTED]
>
>Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
>San Diego, California -- Public Internet access / Mailing Lists
>--------------------------------------------------------------------
>To REMOVE yourself from this mailing list, send an E-Mail message
>to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
>the message BODY, include a line containing: UNSUB ORACLE-L
>(or the name of mailing list you want to be removed from). You may
>also send the HELP command for other information (like subscribing).
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Rachel Carmichael
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Miller, Jay
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
