Auditing in an Oracle database encompasses a number of different levels of monitoring in the
database. At a high level, auditing can record both successful and unsuccessful attempts to log in,
access an object, or perform an action. As of Oracle9i, not only can fine-grained auditing (FGA)
record what objects are accessed, but what columns of a table are accessed when an insert, update,
or delete is being performed on the data in the column. Fine-grained auditing is to auditing what
fine-grained access control is to standard authorization: more precise control and information
about the objects being accessed or actions being performed.
DBAs must use auditing judiciously so as not to be overwhelmed by audit records or create
too much overhead by implementing continuous auditing. On the flip side, auditing can help to
protect company assets by monitoring who is using what resource, at what time, and how often,
as well as whether the access was successful or not. Therefore, auditing is another tool that the
DBA should be using on a continuous basis to monitor the security health of the database.
T
Chapter 9: Database Security and Auditing 279
Non-Database Security
All the methodologies presented later in the chapter are useless if access to the operating system
is not secure or the physical hardware is not in a secure location. In this section, we??™ll discuss a
few of the elements outside of the database itself that need to be secure before the database can
be considered secure.
Pages:
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471