Databases Reference
In-Depth Information
enforces a control process around schema changes. Another can be auditing
of grants and revokes in the context of control over changes in security and
permissions. In a different scenario you might want to closely audit every-
thing that comes from certain nodes on the network (e.g., all access to the
database other than access through the application server, usually because
you're also auditing the application server).
You'll learn much more on these topics in Chapters 11 through 13.
One
of the things you'll see is that beyond defining conditions and events that
cause you to monitor, you also need to define the form in which the audit
data will be maintained and what detail you need to keep this data in. For
example, in many cases it will be good enough (and actually preferable) to
monitor database usage but save it in a “scrubbed” format. A scrubbed for-
mat is one where the actual data values are omitted when keeping the data.
For example, if an INSERT request from a database client looks like:
INSERT INTO CREDIT_CARDS
VALUES('12','1111111111111111','0110')
then the scrubbed format will look like:
INSERT INTO CREDIT_CARDS VALUES (?,?,?)
As another example, the SQL strings shown in Figure 9.6 were all
scrubbed and do not show data values.
Clearly, the scrubbed format contains much less information. In scenar-
ios that involve a forensic investigation, the scrubbed format may not be
enough. However, for many other uses, the scrubbed format is useful. For
example, if you have a baseline that defines normal behavior and alerts you
on divergence, a scrubbed format will usually be more than enough. If, for
example, the application server normally does SELECTs and DML com-
mands and suddenly there is a DDL command, this action will be flagged
just as well when using a scrubbed format. As another example, when you
need to monitor who is touching a certain table, a scrubbed format is again
enough. If you're looking for row-level security, however, a scrubbed format
is not enough.
Assuming that I've managed to convince you that a scrubbed format is
often good enough, you may be wondering why it is worth the bother. The
main reason why you should consider using a scrubbed format in every case
where it is sufficient is that it does not create an additional potential secu-
rity vulnerability. If you use a full data format, all data is available to the
Search WWH ::
Custom Search