Security Basics mailing list archives

Re: security against dba´s

From: rohnskii () gmail com
Date: Wed, 11 Feb 2009 14:54:12 -0700

re your points:

1- inform all employees, not just DBA
2.1- log all access, not just DBA
2.2- what sort of access

Look, if you don't trust your DBA's, hire/promote someone you can trust.

Another part of the access you should monitor is separate from just the CRUD access to, and monitored by, the DB.  
Track files/data downloaded to USB devices, in other words network endpoint control (NAC).

For example, it could be natural for me as a DBA to Read production to my terminal.  But it is probably NOT natural for 
me to download the READ data to a USB device.

Again, that type of access control should not be exclusive to DBA, it should be corporate wide.

Current thread:

Re: security against dba´s rohnskii (Feb 11)
- <Possible follow-ups>
- Re: security against dba´s dan . crowley (Feb 11)
  - Re: security against dbaÂ´s Andre Rodrigues (Feb 12)
- Re: security against dba´s rohnskii (Feb 11)
  - RE: security against dbaÂ´s Nick Vaernhoej (Feb 12)
    - RE: security against dbaÂ´s Scott Richardson (Feb 12)
    - RE: security against dbaÂ´s Nick Vaernhoej (Feb 12)
    - Re: security against dba?s Ansgar Wiechers (Feb 12)
    - Re: security against dba?s Ray Van Dolson (Feb 12)
    - Message not available
    - Re: security against dba?s Ray Van Dolson (Feb 13)
    - RE: security against dba?s Nick Vaernhoej (Feb 13)
  - Re: security against dbaÂ´s Andre Rodrigues (Feb 12)
    - Re: security against dbaÂ´s Adam Pal (Feb 12)
    - Re: security against dbaÂ´s Andre Rodrigues (Feb 12)

(Thread continues...)