chapter 9
TRANSCRIPT
![Page 1: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/1.jpg)
Database Security and Database Security and Auditing: Protecting Data Auditing: Protecting Data Integrity and AccessibilityIntegrity and Accessibility
Chapter 9Auditing Database Activities
![Page 2: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/2.jpg)
Database Security and Auditing 2
ObjectivesObjectives
• Use Oracle database activities• Learn how to create DLL triggers with Oracle• Audit database activities using Oracle
![Page 3: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/3.jpg)
Database Security and Auditing 3
Objectives (continued) Objectives (continued)
• Audit server activities with Microsoft SQL Server 2000
• Audit database activities using Microsoft SQL Profiler
• Use SQL Server for security auditing
![Page 4: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/4.jpg)
Database Security and Auditing 4
Using Oracle Database ActivitiesUsing Oracle Database Activities
• Several types of activities:– Application activities: SQL statements issued
against application tables
– Administration activities: commands issued for maintenance and administrative purposes
– Database events: events that occur when a specific activity occurs
![Page 5: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/5.jpg)
Database Security and Auditing 5
Creating DDL Triggers with OracleCreating DDL Triggers with Oracle
• Audit program provides:– Audit trail for all activities
– Opportunity for using process controls
• Database activities statements (in addition to DML):– Data Definition Language (DDL)
– Data Control Language
– Database events
– SQL statements audit trail
![Page 6: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/6.jpg)
Database Security and Auditing 6
Creating DDL Triggers with Oracle Creating DDL Triggers with Oracle (continued)(continued)
• Use CREATE TRIGGER:– DDL statements
– Database events
![Page 7: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/7.jpg)
Database Security and Auditing 7
Example of LOGON and LOGOFF Example of LOGON and LOGOFF Database EventsDatabase Events
• Steps:– Log on as SYSTEM
– Create the APP_AUDIT_LOGINS table
– Create two triggers:• One that fires after the logon event• One that fires before the logoff event
– Log on as DBSEC; disconnect after a few minutes
– Log on as SYSTEM to check the auditing table
![Page 8: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/8.jpg)
Database Security and Auditing 8
DDL Event ExampleDDL Event Example
• Steps:– Log on as SYSTEM
– Create a trigger that fires before an ALTER statement is completed
– Log on as DBSEC and alter a table
• Pseudocolumns:– ora_dict_obj_name
– ora_dict_obj_owner
– ora_sysevent
![Page 9: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/9.jpg)
Database Security and Auditing 9
Auditing Code with OracleAuditing Code with Oracle
• Steps:– Log on as DBSEC
– Create an auditing table
– Create a table and populate it with two records
– Create a trigger to track code
– Update the new table
– Look at the contents of the APP_AUDIT_SQLS table
![Page 10: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/10.jpg)
Database Security and Auditing 10
Auditing Database Activities with Auditing Database Activities with OracleOracle
• Oracle provides mechanisms for auditing all:– Who creates or modifies the structure
– Who is granting privileges to whom
• Two types of activities based on the type of SQL command statement used:– Defined by DDL (Data Definition Language)
– Defined by DCL (Data Control Language)
![Page 11: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/11.jpg)
Database Security and Auditing 11
Auditing DDL ActivitiesAuditing DDL Activities
• Use a SQL-based AUDIT command• Verify auditing is on:
– Check the AUDIT_TRAIL parameter
– Values:• DB• DB_EXTENDED• OS• NONE
![Page 12: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/12.jpg)
Database Security and Auditing 12
Auditing DDL Activities (continued)Auditing DDL Activities (continued)
![Page 13: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/13.jpg)
Database Security and Auditing 13
DDL Activities Example 1DDL Activities Example 1
• Steps:– Use any user other than SYS or SYSTEM to
create a table
– Add three rows into the table
– Log on as SYSTEM or SYS to enable auditing: For ALTER and DELETE
– Log in as DBSEC:• Delete a row• Modify the structure of the table
![Page 14: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/14.jpg)
Database Security and Auditing 14
DDL Activities Example 1 (continued)DDL Activities Example 1 (continued)
• Steps (continued):– Check the audit records
– Log in as SYSTEM and view the DBA_AUDIT_TRAIL table
– Turn off the auditing option
– Check the content of the DBA_AUDIT_OBJECT to see auditing metadata
![Page 15: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/15.jpg)
Database Security and Auditing 15
DDL Activities Example 1 (continued)DDL Activities Example 1 (continued)
![Page 16: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/16.jpg)
Database Security and Auditing 16
DDL Activities Example 1 (continued)DDL Activities Example 1 (continued)
![Page 17: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/17.jpg)
Database Security and Auditing 17
DDL Activities Example 2DDL Activities Example 2
• Steps:– Log in as SYSTEM or SYS to enable auditing for
the TABLE statement; ALTER, CREATE, and DROP TABLE statements
– Log on as DBSEC and create a table, then drop the table
– Log on as SYSTEM; view the content of DBA_AUDIT_TRAIL
– Turn off auditing for the TABLE statement
![Page 18: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/18.jpg)
Database Security and Auditing 18
DCL Activities ExampleDCL Activities Example
• Steps:– Log on as SYSTEM or SYS and issue an AUDIT
statement
– Log on as DBSEC and grant SELECT and UPDATE to SYSTEM
– Log on as SYSTEM and display the contents of DBA_AUDIT_TRAIL
– Review audit data dictionary
![Page 19: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/19.jpg)
Database Security and Auditing 19
DCL Activities Example (continued)DCL Activities Example (continued)
![Page 20: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/20.jpg)
Database Security and Auditing 20
Example of Auditing User ActivitiesExample of Auditing User Activities
• Steps:– Log on as SYSTEM or SYS, to issue an audit
statement
– Log on as DBSEC and create a temporary table
– Go back to SYSTEM to view the contents of DBA_AUDIT_TRAIL
![Page 21: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/21.jpg)
Database Security and Auditing 21
Audit Trail File DestinationAudit Trail File Destination
• Steps:– Modify the initialization parameter file, INIT.ORA;
set parameter AUDIT_TRAIL to the value OS
– Create a folder/directory
– Set AUDIT_FILE_DEST to the new directory
– Shut down and restart the database
– Connect as DBSEC
![Page 22: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/22.jpg)
Database Security and Auditing 22
Oracle Alert LogOracle Alert Log
• Audits database activities:– Errors:
• Errors related to physical structure are recorded in the Alert log
• Monitor errors every five to ten minutes; can be done using a Windows or UNIX script
• Syntactical errors are not recorded
– Startup and shutdown• Date and time of each occurrence
![Page 23: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/23.jpg)
Database Security and Auditing 23
Oracle Alert Log (continued)Oracle Alert Log (continued)
![Page 24: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/24.jpg)
Database Security and Auditing 24
Oracle Alert Log (continued)Oracle Alert Log (continued)
• Database activities (continued):– Modified initialization parameters, each time a
database is started
– Checkpoints: configure Oracle to record checkpoint time
– Archiving: view the timing for all redo log sequences, as well as archiving times
– Physical database changes
![Page 25: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/25.jpg)
Database Security and Auditing 25
Oracle Alert Log (continued)Oracle Alert Log (continued)
![Page 26: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/26.jpg)
Database Security and Auditing 26
Auditing Server Activity with Microsoft Auditing Server Activity with Microsoft SQL Server 2000SQL Server 2000
• Way to track and log activity for each SQL Server occurrence
• Must be a member of the sysadmin fixed server role
• Two types of auditing for server events:– Auditing
– C2 auditing
• Auditing affects performance and can be costly
![Page 27: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/27.jpg)
Database Security and Auditing 27
Implementing SQL ProfilerImplementing SQL Profiler
• User interface for auditing events• For each event you can audit:
– Date and time of the event
– User who caused the event to occur
– Type of event
– Success or failure of the event
– Origin of the request
– Name of the object accessed
– Text SQL statement
![Page 28: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/28.jpg)
Database Security and Auditing 28
Implementing SQL Profiler (continued)Implementing SQL Profiler (continued)
![Page 29: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/29.jpg)
Database Security and Auditing 29
Security Auditing with SQL ServerSecurity Auditing with SQL Server
• Steps for setting security auditing level:– Open Enterprise Manager
– Expand the appropriate SQL Server group
– Right-click on the desired server
– Click Properties
– On the security tab, select the desired security level
![Page 30: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/30.jpg)
Database Security and Auditing 30
Security Auditing with SQL Server Security Auditing with SQL Server (continued)(continued)
![Page 31: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/31.jpg)
Database Security and Auditing 31
Security Auditing with SQL Server Security Auditing with SQL Server (continued)(continued)
• Auditable events:– ADD DB USER
– ADD LOGIN TO SERVER ROLE
– ADD MEMBER TO DB ROLE
– ADD ROLE
– APP ROLE CHANGE PASSWORD
– BACKUP/RESTORE
– CHANGE AUDIT
![Page 32: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/32.jpg)
Database Security and Auditing 32
Security Auditing with SQL Server Security Auditing with SQL Server (continued)(continued)
• Auditable events (continued):– DBCC
– LOGIN
– LOGOUT
– LOGIN CHANGE PASSWORD
– LOGIN CHANGE PROPERTY
– LOGIN FAILED
– Login GDR (GRANT, DENY, REVOKE)
![Page 33: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/33.jpg)
Database Security and Auditing 33
Security Auditing with SQL Server Security Auditing with SQL Server (continued)(continued)
• Auditable events (continued):– Object Derived Permissions
– Object GDR
– Object Permissions
– Server Start and Stop
– Statement GDR
– Statement Permission
![Page 34: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/34.jpg)
Database Security and Auditing 34
Security Auditing with SQL Server Security Auditing with SQL Server (continued)(continued)
![Page 35: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/35.jpg)
Database Security and Auditing 35
Security Auditing with SQL Server Security Auditing with SQL Server (continued)(continued)
• New trace information:– A name for the trace
– The server you want to audit
– The base template to start with
– Where to save the audit data, either to a file or to a database table
– A stop time, if you don’t want the trace to run indefinitely
![Page 36: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/36.jpg)
Database Security and Auditing 36
Security Auditing with SQL Server Security Auditing with SQL Server (continued)(continued)
![Page 37: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/37.jpg)
Database Security and Auditing 37
Security Auditing with SQL Server Security Auditing with SQL Server (continued)(continued)
![Page 38: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/38.jpg)
Database Security and Auditing 38
Security Auditing with SQL Server Security Auditing with SQL Server (continued)(continued)
• Steps to add Login Change Password event– Expand the Security Audit node under Available
event classes
– Click Audit Login Change Password Event
– Click the Add button
![Page 39: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/39.jpg)
Database Security and Auditing 39
Security Auditing with SQL Server Security Auditing with SQL Server (continued)(continued)
![Page 40: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/40.jpg)
Database Security and Auditing 40
Data Definition AuditingData Definition Auditing
• Audit DDL statements:– Object:Created
– Object:Deleted
– Will audit all CREATE and DROP statements
![Page 41: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/41.jpg)
Database Security and Auditing 41
Data Definition Auditing (continued)Data Definition Auditing (continued)
![Page 42: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/42.jpg)
Database Security and Auditing 42
Database Auditing with SQL ServerDatabase Auditing with SQL Server
![Page 43: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/43.jpg)
Database Security and Auditing 43
Database Errors Auditing with SQL Database Errors Auditing with SQL ServerServer
![Page 44: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/44.jpg)
Database Security and Auditing 44
SummarySummary
• Activities types:– Application activities
– Administration activities
– Database events
• Oracle triggers provide a way to create an audit trail
• Auditable Oracle database activities: logon, logoff, startup and shutdown
![Page 45: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/45.jpg)
Database Security and Auditing 45
Summary (continued)Summary (continued)
• Oracle provides the SQL AUDIT command: initialization parameter AUDIT_TRAIL
• NOAUDIT used to stop auditing• DBA_AUDIT_TRAIL data dictionary view• Oracle Alert Log:
– Database errors
– Modified initialization parameters
– Checkpoints
![Page 46: Chapter 9](https://reader035.vdocuments.net/reader035/viewer/2022062405/555092fbb4c9051e5b8b525f/html5/thumbnails/46.jpg)
Database Security and Auditing 46
Summary (continued)Summary (continued)
• Microsoft SQL Server 2000: way to track and log SQL Server activity
• Must be a member of sysadmin fixed role to enable or modify auditing
• SQL Profiler:– Visualization tool
– Audit errors that occur within the database