Security Basics mailing list archives
Re: security against dba´s
From: rohnskii () gmail com
Date: Wed, 11 Feb 2009 14:54:12 -0700
re your points: 1- inform all employees, not just DBA 2.1- log all access, not just DBA 2.2- what sort of access Look, if you don't trust your DBA's, hire/promote someone you can trust. Another part of the access you should monitor is separate from just the CRUD access to, and monitored by, the DB. Track files/data downloaded to USB devices, in other words network endpoint control (NAC). For example, it could be natural for me as a DBA to Read production to my terminal. But it is probably NOT natural for me to download the READ data to a USB device. Again, that type of access control should not be exclusive to DBA, it should be corporate wide.
Current thread:
- Re: security against dba´s rohnskii (Feb 11)
- <Possible follow-ups>
- Re: security against dba´s dan . crowley (Feb 11)
- Re: security against dba´s Andre Rodrigues (Feb 12)
- Re: security against dba´s rohnskii (Feb 11)
- RE: security against dba´s Nick Vaernhoej (Feb 12)
- RE: security against dba´s Scott Richardson (Feb 12)
- RE: security against dba´s Nick Vaernhoej (Feb 12)
- Re: security against dba?s Ansgar Wiechers (Feb 12)
- Re: security against dba?s Ray Van Dolson (Feb 12)
- Message not available
- Re: security against dba?s Ray Van Dolson (Feb 13)
- RE: security against dba?s Nick Vaernhoej (Feb 13)
- RE: security against dba´s Nick Vaernhoej (Feb 12)
- Re: security against dba´s Adam Pal (Feb 12)
- Re: security against dba´s Andre Rodrigues (Feb 12)