Re: OT - Getting fired for database oops

• From: Niall Litchfield <niall.litchfield@xxxxxxxxx>
• To: dbvision@xxxxxxxxxxxx, oracle-l@xxxxxxxxxxxxx
• Date: Thu, 28 May 2009 18:12:58 +0100

The biggest danger is *always* internal. The political and
sociological dynamics of organisations will always make this so.
People tend to trust people they work with and know too much, and
those they don't too little. Even where they don't there are always
political exceptions - for example the finance guy always can run the
finances, the ceo doesn't get audited - until after the event and so
on.

On 5/28/09, Nuno Souto <dbvision@xxxxxxxxxxxx> wrote:
> Frits Hoogland wrote,on my timestamp of 28/05/2009 5:37 AM:
>> But even if it's done in the most perfect way, if not *all* components
>> involved (network, operating system, database, applications) are tightly
>> secured, a mistake in another layer could easily lead to compromise.
>> Also, in the cases I encountered, the security auditor has no/little
>> technical knowledge, which means that with some suggesting and some
>> omitting of details it's quite easy to pass the audit.
>>
>> It reminds me of a saying in the network world about firewalls: 'the
>> harder on the outside, the softer on the inside'. At least until two
>> years ago, the default operator interface of networking components like
>> switches and routers, but disturbingly even firewalls is telnet. SSH
>> (encrypted) access is an option...
>>
>
>
> Good points.  It's always surprised me in some sites to see intranet
> security
> trusted almost exclusively to the firewall.
> Then when asked about intruder detection, the reply is "uh?".
> Many others as well trust monitoring/management to SNMP over UDP...
>
> Then again, how far does one take the paranoia?
> ("paranoia" in the sense of obsession over security, not the clinical one)
> Like someone else said: the biggest danger is often internal!
>
> --
> Cheers
> Nuno Souto
> in sunny Sydney, Australia
> dbvision@xxxxxxxxxxxx
> --
> //www.freelists.org/webpage/oracle-l
>
>
>

-- 
Sent from Google Mail for mobile | mobile.google.com

Niall Litchfield
Oracle DBA
http://www.orawin.info
--
//www.freelists.org/webpage/oracle-l

• References:
  • Re: Fw: OT - Getting fired for database oops
    • From: Jared Still
  • Re: Fw: OT - Getting fired for database oops
    • From: Nuno Souto
  • Re: Fw: OT - Getting fired for database oops
    • From: Andre van Winssen
  • Re: Fw: OT - Getting fired for database oops
    • From: Nuno Souto
  • RE: Fw: OT - Getting fired for database oops
    • From: Tanel Poder
  • Re: Fw: OT - Getting fired for database oops
    • From: Andre van Winssen
  • RE: Fw: OT - Getting fired for database oops
    • From: Tanel Poder
  • RE: Fw: OT - Getting fired for database oops
    • From: Andre van Winssen
  • Re: Fw: OT - Getting fired for database oops
    • From: Frits Hoogland
  • Re: Fw: OT - Getting fired for database oops
    • From: Nuno Souto

Other related posts:

• » OT - Getting fired for database oops- Newman, Christopher
• » Re: OT - Getting fired for database oops- Mayen . Shah
• » Re: OT - Getting fired for database oops- Howard Latham
• » Re: OT - Getting fired for database oops- Maureen English
• » RE: OT - Getting fired for database oops- Freeman, Donald
• » RE: OT - Getting fired for database oops- Goulet, Richard
• » Re: OT - Getting fired for database oops- Howard Latham
• » Re: OT - Getting fired for database oops- Jared Still
• » Re: OT - Getting fired for database oops- Mike Haddon
• » Re: OT - Getting fired for database oops- Guillermo Alan Bort
• » Re: OT - Getting fired for database oops- Nuno Souto
• » Re: OT - Getting fired for database oops- LS Cheng
• » RE: OT - Getting fired for database oops- Bobak, Mark
• » Re: OT - Getting fired for database oops- Riyaj Shamsudeen
• » RE: OT - Getting fired for database oops- John Hallas
• » RE: OT - Getting fired for database oops- alever\@libero\.it
• » RE: OT - Getting fired for database oops- Goulet, Richard
• » Re: OT - Getting fired for database oops- Stephen Booth
• » RE: OT - Getting fired for database oops- alever\@libero\.it
• » RE: OT - Getting fired for database oops- Taylor, Chris David
• » RE: OT - Getting fired for database oops- Goulet, Richard
• » Re: OT - Getting fired for database oops- Joey D'Antoni
• » RE: OT - Getting fired for database oops- Bobak, Mark
• » Re: OT - Getting fired for database oops- Charles Schultz
• » RE: OT - Getting fired for database oops- Goulet, Richard
• » Re: OT - Getting fired for database oops- Stephen Booth
• » Re: OT - Getting fired for database oops- Howard Latham
• » RE: OT - Getting fired for database oops- Johnson, George
• » Re: OT - Getting fired for database oops- Mathias Magnusson
• » RE: OT - Getting fired for database oops- Goulet, Richard
• » RE: OT - Getting fired for database oops- Rich Jesse
• » Re: OT - Getting fired for database oops- Jared Still
• » RE: OT - Getting fired for database oops- Matthew Zito
• » Re: OT - Getting fired for database oops- Jared Still
• » RE: OT - Getting fired for database oops- Bobak, Mark
• » Re: OT - Getting fired for database oops- Andrew Kerber
• » Re: OT - Getting fired for database oops- Robert Freeman
• » Re: OT - Getting fired for database oops- Jared Still
• » Re: OT - Getting fired for database oops- Tony van Lingen
• » Re: OT - Getting fired for database oops- Guillermo Alan Bort

1. Home
2. oracle-l
3. Archive
4. 05-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---