Security Basics mailing list archives
RE: security against dba´s
From: "Nick Vaernhoej" <nick.vaernhoej () capitalcardservices com>
Date: Thu, 12 Feb 2009 08:44:19 -0600
I am curious about the repeated argument "if you don't trust your DBA's, hire/promote someone you can trust". Is that a common perception? I am personally of the belief that no one is to be trusted and my system designs should be reflecting this. Nick - -----Original Message----- - From: rohnskii () gmail com - Subject: Re: security against dba´s - - re your points: - - 1- inform all employees, not just DBA - 2.1- log all access, not just DBA - 2.2- what sort of access - - Look, if you don't trust your DBA's, hire/promote someone you can - trust. - - Another part of the access you should monitor is separate from just - the CRUD access to, and monitored by, the DB. Track files/data - downloaded to USB devices, in other words network endpoint control - (NAC). - - For example, it could be natural for me as a DBA to Read production to - my terminal. But it is probably NOT natural for me to download the - READ data to a USB device. - - Again, that type of access control should not be exclusive to DBA, it - should be corporate wide. This electronic transmission is intended for the addressee (s) named above. It contains information that is privileged, confidential, or otherwise protected from use and disclosure. If you are not the intended recipient you are hereby notified that any review, disclosure, copy, or dissemination of this transmission or the taking of any action in reliance on its contents, or other use is strictly prohibited. If you have received this transmission in error, please notify the sender that this message was received in error and then delete this message. Thank you.
Current thread:
- Re: security against dba´s rohnskii (Feb 11)
- <Possible follow-ups>
- Re: security against dba´s dan . crowley (Feb 11)
- Re: security against dba´s Andre Rodrigues (Feb 12)
- Re: security against dba´s rohnskii (Feb 11)
- RE: security against dba´s Nick Vaernhoej (Feb 12)
- RE: security against dba´s Scott Richardson (Feb 12)
- RE: security against dba´s Nick Vaernhoej (Feb 12)
- Re: security against dba?s Ansgar Wiechers (Feb 12)
- Re: security against dba?s Ray Van Dolson (Feb 12)
- Message not available
- Re: security against dba?s Ray Van Dolson (Feb 13)
- RE: security against dba?s Nick Vaernhoej (Feb 13)
- RE: security against dba´s Nick Vaernhoej (Feb 12)
- Re: security against dba´s Adam Pal (Feb 12)
- Re: security against dba´s Andre Rodrigues (Feb 12)