Security Basics mailing list archives
Re: security against dba´s
From: Andre Rodrigues <acastanheira2001 () yahoo com br>
Date: Wed, 11 Feb 2009 03:50:42 -0800 (PST)
Hi Pax, We have Oracle databases. I was thinking about informing the dbas: 1- The security regulations our enterprise is obliged to. 2- The controls we are implmenting: 2.1- Log all the access the dba do on the database. 2.2- Open an access to the security team. 2.3- Make regular audits on the database access. What else can I do? Thanks, André --- On Tue, 2/10/09, Pax Nwo <paxnwo () yahoo com> wrote:
From: Pax Nwo <paxnwo () yahoo com> Subject: Re: security against dba´s To: acastanheira2001 () yahoo com br Date: Tuesday, February 10, 2009, 2:58 PM need more info. what kind of db ? oracle, mysql ? the dba can remote connect to the db through connection clients like sqlyog and navicat. if the dba uses mysql, he can also login to the phpmyadmin panel. how can you protect the dba from the db ? temporarily, change the password (althou he will get it back ). how ? get detailes like host, username, password. email the sysadmin that administrates the hosting server ( i think you will need the dba's email address ). if phpmyadmin allows you to change the admin password, go ahead. how can you find out the password ? using a cookie grabber, keylogging, scamming. i dont think that you can restrict an admin's privileges to acces his db. you can at least delay him. use your brain. get inside his pc, scramble his data, kill his wife, do something :) regards, pax. ________________________________ From: Andre Rodrigues <acastanheira2001 () yahoo com br> To: security-basics () securityfocus com Sent: Tuesday, February 10, 2009 10:15:08 PM Subject: security against dba´s Hi, How can I protect the database from the dba? As far as I know they don´t need to access the database data in order to do their job. Any related material appreciated. Thanks, André
Current thread:
- security against dba´s Andre Rodrigues (Feb 10)
- Re: security against dba´s K. Brian Kelley (Feb 10)
- Re: security against dba´s Nikhil Wagholikar (Feb 11)
- Re: security against dba´s Nick Owen (Feb 11)
- Re: security against dba´s Ihor Kravchuk (Feb 12)
- <Possible follow-ups>
- Re: security against dba´s Andre Rodrigues (Feb 11)