Databases Reference
In-Depth Information
In addition, when you use advanced replication in Oracle, you can
monitor a set of internal system objects that are created for you. For a table
T1, Oracle uses a T1$RP package to replicate transactions that involve the
table and a package called T1$RR to resolve replication conflicts.
Finally, to complete the discussion for DB2, Figures 8.16 and 8.17 list
the tables used in DB2 UDB replication schemes that you should monitor
for protecting your replication environment. The color coding in Figure
8.16 shows you which tables are used by the capture program, by the cap-
ture triggers, and by the apply program.
8.5.5
Monitor other potential leakage of replication
information
As database environments become integrated with other corporate infra-
structure, administration becomes simpler and more convenient. As an
example, SQL Server allows you to maintain publication information
within Active Directory. This means that any information leakage through
Active Directory can expose your replication environment. Therefore, if
you choose to go that route, make sure you understand how your informa-
tion is protected and what auditing features exist to ensure that this data is
not accessed by an attacker.
One simple way to monitor whether you are publishing to Active Direc-
tory is to monitor SQL streams. When you add or remove SQL Server objects
from Active Directory, you are really activating a stored procedure called
sp_ActiveDirectory_SCP
or using procedures such as
sp_addpublication
(with
@add_to_active_directory='TRUE'
) and
sp_addmergepublication
(with
@property=publish_to_ActiveDirectory, @value='TRUE'
).
8.6
Map and secure all data sources and sinks
There are many complexities in dealing with distributed data, and the
architectures put in place vary widely. The one thing that is common to all
of these architectures and options is that the security issues are many and
always difficult to deal with. In this section you'll learn about two addi-
tional environments that can increase the need for monitoring, security,
and audit: log shipping and mobile databases. More important, you should
realize that while the topics covered in this chapter were many, they proba-
bly do not cover all of the distributed data architectures you may be
employing. Therefore, one of the most important things you can do is map
out all of the data flows in your environment and review how data is stored,
Search WWH ::
Custom Search