Security Basics mailing list archives
Re: security against dba´s
From: Andre Rodrigues <acastanheira2001 () yahoo com br>
Date: Thu, 12 Feb 2009 10:36:02 -0800 (PST)
I agree with you, We have almost no turnover. The enterprise trust the dba´s, me too. But it´s necessary to improve the controls in our environment, and we should avoid some personal disagreement. Thanks, André --- On Tue, 2/10/09, dan.crowley () gmail com <dan.crowley () gmail com> wrote:
From: dan.crowley () gmail com <dan.crowley () gmail com> Subject: Re: security against dba´s To: security-basics () securityfocus com Date: Tuesday, February 10, 2009, 3:21 PM I used to have a professor who was a DBA for a long time. She said: Be a DBA. The closer you are to the data, the more dangerous you are, and the more they'll pay you. While that's funny, it's also kinda scary and true. Whoever is administrating your database will actually need access to your database. In this case, the security measures you need probably aren't ones that will protect your database from your DBA. That's only going to make their job harder, and consequently, they'll find some way to circumvent the measures so that they can do their job easier. Instead, you need auditing measures and access restrictions, if possible. Have systems in place that will log database transactions. This way, the DBA can access the data, but it will always be known what data is being accessed, and by whom. Secondly, deny read access to the data your DBA can't see if you REALLY must. Finally, I hope you trust your DBA and have done some background checks, but based on your post I have a feeling this isn't the case. Hope this helps!
Current thread:
- Re: security against dba´s rohnskii (Feb 11)
- <Possible follow-ups>
- Re: security against dba´s dan . crowley (Feb 11)
- Re: security against dba´s Andre Rodrigues (Feb 12)
- Re: security against dba´s rohnskii (Feb 11)
- RE: security against dba´s Nick Vaernhoej (Feb 12)
- RE: security against dba´s Scott Richardson (Feb 12)
- RE: security against dba´s Nick Vaernhoej (Feb 12)
- Re: security against dba?s Ansgar Wiechers (Feb 12)
- Re: security against dba?s Ray Van Dolson (Feb 12)
- Message not available
- Re: security against dba?s Ray Van Dolson (Feb 13)
- RE: security against dba?s Nick Vaernhoej (Feb 13)
- RE: security against dba´s Nick Vaernhoej (Feb 12)
- Re: security against dba´s Adam Pal (Feb 12)