TAILIEUCHUNG - Applied Oracle Security: Developing Secure Database and Middleware Environments- P11

Applied Oracle Security: Developing Secure Database and Middleware Environments- P11:Computer security is a field of study that continues to undergo significant changes at an extremely fast pace. As a result of research combined with increases in computing capacity, computer security has reached what many consider to be “early adulthood.” From advances in encryption and encryption devices to identity management and enterprise auditing, the computer security field is as vast and complex as it is sophisticated and powerful | 74 Part I Oracle Database Security New Features Data changes The ability to capture data values as they change. The updated values are shown in the redo logs. You therefore must enable Archive Log Mode to ensure that you extract data out of the logs before they are overwritten. Using redo logs saves you from having to capture data value changes yourself often attempted as a collection of table triggers that copy the OLD and NEW values to custom built application audit tables . A final point regarding auditing becomes apparent with the preceding parenthetical comment. While the Oracle Audit Vault SDK is not yet available you can still capture your application audits by turning on auditing for the tables and objects your application manipulates. The auditing functions will pick up changes made by your application. Both OSAUD and DBAUD will capture those changes. REDO will capture the data values that were changed. Table 3-2 shows three types of Oracle database collectors. An X indicates the actions the auditing will capture. Collection Agent Location If a collection agent is installed on a separate server that is not on the server running the database being audited then the collectors cannot read any audit files written to the file system. This configuration therefore obviates the OSAUD and REDO collectors. In this case the audit source will be only the database tables AUD FGA_LOG DVSYS .AUDIT_TRAIL that can be accessed remotely via Java Database Connectivity JDBC . When Oracle RAC is being used only one instance of the DBAUD and REDO collector is required to collect audit activity. For auditing in a RAC architecture gathering operating system activity requires an OSAUD collector on each node participating in the cluster to audit operating system activity. The advantage to installing the collection agent on the audit server is that you end up with a single consolidated environment for your auditing however it won t allow collection of OSAUD and REDO. From a .