数据库安全审计L04DBAuditing.ppt

Database Auditing Objectives After completing this lesson, you should be able to do the following: Implement basic database auditing Implement auditing of the privileged user Implement DML and DDL auditing Monitoring for Suspicious Activity Monitoring or auditing should be an integral part of your security procedures. The built-in audit tools in Oracle Database 10g include: Database auditing Value-based auditing Fine-grained auditing (FGA) Audit Tool Comparisons Standard Database Auditing Is enabled through the AUDIT_TRAIL parameter NONE: Disables collection of audit records DB: Enables auditing with records stored in the database OS: Enables auditing with records stored in the OS audit trail Can audit: Login events Exercise of system privileges Exercise of object privileges Use of SQL statements Specifying Audit Options SQL statement auditing: System-privilege auditing (nonfocused and focused): Object-privilege auditing (nonfocused and focused): Specifying Audit OptionsFull Notes Page Auditing Sessions Audit unsuccessful attempts to connect: Monitor DBA_AUDIT_SESSION: Check DBA_AUDIT_TRAIL.COMMENT_TEXT. Viewing Auditing Options Standard Database Auditing Viewing Auditing Results Auditing the SYSDBA and SYSOPER Users Control auditing of privileged users with the following parameters: audit_sys_operations enables additional auditing of the SYSDBA or SYSOPER actions. audit_file_dest controls the location of the audit trail. The default is: $ORACLE_HOME/rdbms/audit (UNIX or Linux) Windows Event Log (Windows) Viewing the SYSDBA Audit Trails Value-Based Auditing Value-Based AuditingFull Notes Page Triggers and Autonomous Transactions Further enhance and protect the auditing by: Capturing DML changes to shadow table Replicating audit records to another table Capturing attempts to change audit records Summary In this lesson, you should have learned how to: Implement basic database auditing Implement auditing of the privileged user Implement DML and DDL a