Databases Reference
In-Depth Information
right level of detail is logged before you need it. It's always a problem to say “Yes, we
should've been logging these events” after the events have occurred.
Auditing can be thought of as event logging and analysis. Most programming lan-
guages have functions that add events to a log file, so almost all custom applications
can be configured to add data to event logs at the application layer. There are some
exceptions to this rule, for example, when you're using third-party applications where
source code can't be modified. In these situations database triggers can be used to add
logging information.
Most mature databases come with an extensive set of auditing reports that show
detailed activity of security-related transactions, such as
Web page requests
—What web pages were requested, by what users (or
IP
addresses), and when they were accessed. Additional data, such as the response
time, can also be added to the log files. This function is typically done by differ-
ent web servers and merged into central access logs.
Last logins
—The last user to log in to the database sorted with the most recent
logins at the top of the report.
Last updates
—The last user to make updates to the database. These reports can
have options for sorting by date or collections modified.
Failed login attempts
—The prior login attempts to the database that failed.
Password reset requests
—A list of the most recent password reset requests.
Import/upload activity
—A list of the most recent database imports or bulk loads.
Delete activity
—A list of the most recent records removed from the database.
Search
—A list of the most recent searches performed on the database. These
reports can also include the most frequent queries over given periods of time.
Backup activity
—When data was backed up or restored from backup.
In addition to these standard audit reports, there may be specialized reports that are
dependent on the security model you implement. For example, if you're using role-
based access control, you might want a detailed accounting of which user was assigned
a role and when.
Applications might also require special audit information be added to log files,
such as actions that have high impact on the organization. This information can be
added at the application level, and if you have control of all applications, this method
is appropriate. There's some additional logging that should be done at the database
layer. In
RDBMS
s, triggers can be written to log data when an insert, update, or delete
operation occurs. In NoSQL databases that use collections, triggers can be added to
collections as well. Trigger-based logging is ideal when there are many applications
that can change your data.
11.2.4
Encryption and digital signatures
The final concern of NoSQL security is how a database encrypts and digitally signs
documents to verify they haven't been modified. These processes can be done at the
