Re: Oracle Security Tool
- From: Pete Finnigan <oracle_list@xxxxxxxxxxxxxxxxxxxxxxxxx>
- To: oracle-l@xxxxxxxxxxxxx
- Date: Wed, 21 Jul 2004 22:44:29 +0100
In article <OF0DC352ED.0E879B05-ON86256ED7.007812C1-86256ED7.00792D40@ip
c.us.aexp.com>, Tracy Rahmlow <tracy.rahmlow@xxxxxxxx> writes
>Currently, our IS support staff have full access to the production
>database. To minimize risk and to satisfy audit concerns, we need to
>address the issue. Preferably as automated as possible. Does a tool
>exist, whereby a support staff member could request update access on table
>abc for x hours and then have the request forwarded for approval and then
>implemented? The access would then be automatically revoked after the
>timeout period. Auditing would be invoked, blah, blah, blah.... Any
>thoughts??
Hi Tracy,
There is a commercial product from OR Solutions called "Trusted Orange"
that works on an authorisation server, all access to the database is in
effect submitted to the authorisation server first and some member of
the authorisation team approves it. If its approved the users SQL is
sent to the database for execution. Its quite an interesting idea for a
product. I don't know if DDL can be controlled, i suspect it can. I have
looked at the documentation for this product about 1 year ago but not
seen it in real life. I don't remember the URL off hand but there is a
link on my tools page http://www.petefinnigan.com/tools.htm - it may be
of interest.
Of course a home grown solution to your issue could be created as well.
kind regards
Pete
--
Pete Finnigan
email:pete@xxxxxxxxxxxxxxxx
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.
----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx
put 'unsubscribe' in the subject line.
--
Archives are at //www.freelists.org/archives/oracle-l/
FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------
Other related posts:
