TAILIEUCHUNG - Applied Oracle Security: Developing Secure Database and Middleware Environments- P10
Applied Oracle Security: Developing Secure Database and Middleware Environments- P10:Computer security is a field of study that continues to undergo significant changes at an extremely fast pace. As a result of research combined with increases in computing capacity, computer security has reached what many consider to be “early adulthood.” From advances in encryption and encryption devices to identity management and enterprise auditing, the computer security field is as vast and complex as it is sophisticated and powerful | 64 Part I Oracle Database Security New Features When considering when to audit the guiding principle is to audit whenever something destructive occurs and when critical actions take place. A critical action is admittedly a nebulous term but here it s meant to imply any action that can have significant impact. For example consider an application in which the update of a field column and or row update allows a user to join a membership group that then gives her privileges to execute important and sensitive tasks. This would be considered a critical action. Note that it s not the fact that a data field value changed but what the change in the value meant. Audit Patterns As mentioned earlier auditing offers ever-increasing value. Many organizations are obtaining valuable information from their auditing capabilities because they have figured out how to audit what to audit and when and not just from a security perspective. We call this collection of auditing actions audit patterns to signify that a grouping exists and that the grouping occurs frequently. Recognizing the grouping tells us that auditing does not have to be considered at a statement-by-statement or action-by-action level. Aggregating and grouping related statements or actions is a more effective auditing technique as the actions can be grouped into patterns which subsequently tell us intent. Consider this example You need to audit important information and you decide to audit the table containing financial data. If you simply look at it from a statement-by-statement level all you may see in the audit logs are a bunch of INSERT UPDATE and DELETE statements. These don t tell you everything however and they may not tell you anything insightful. It may be difficult to tell whether an update is OK from a security policy perspective since some table updates could be OK and others might be problematic. It all depends on the context of the update. Now consider auditing from the perspective of a financial .
đang nạp các trang xem trước