| |
 |
|
Oracle Tips by Burleson |
Chapter 3 Introducti
on
to Oracle Auditing
a legitimate reason such as a bad password, but
it could also be a hacker trying to break in with multiple attempts
at guessing the password. It could even be an insider, a disgruntled
employee trying to access information he or she is not authorized
for. Whatever the reason may be, this kind of activity arouses
suspicion and should be investigated. Oracle can audit such
attempts, even if they are not successful.
HIPAA requirements clearly state that user
accesses to the database be recorded and monitored for possible
abuse. Remember, this intent is not just to catch hackers but also
to document the accesses to medical databases by legitimate users.
In most cases, the very fact that the access is recorded is
deterrent enough for malicious activity, much like the presence of a
surveillance camera in a parking lot. In Chapter 8, we will explore
the details of this type of auditing, with scripts on how to set up
and retrieve details to find patterns of abuse and potential
threats.
After the auditing system is set up, the
resulting report can show the times the users logged on and off,
along with other information. An example report is provided below.
The above text is
an excerpt from:
Oracle Privacy Security Auditing
The
Final Word on Oracle Security
This is the only authoritative
book on Oracle Security, Oracle Privacy, and Oracle Auditing written
by two of the world’s leading Oracle Security experts.
This indispensable book is only
$39.95
and has an
immediate download of working security scripts:
|
