Video: SelectViews #105: Login Audits, Accidental DBA Quick Performance Checks, SQL Injection and Upcoming Events. Also, Find Out About Noise and News in the DB World and the 60-Second SQL Server Tip of the Day.
> Watch The Show
Other Video Programs/Shows available:
[Watch] SQLonCall – Staying on Top as a DBA
[Watch] SelectViews – Accidental DBAs, 60-second tip of the day, More
The DBA’s Mirror?
Chris wrote in about the Data Shoplifting discussions:
"I looked at our access logs (we log reads as well as updates) and found some areas in our highest-security database environment that seemed to have a lot of ad-hoc data access. Much of this was related to contact information, but some were related to employee benefits options, upcoming marketing initiatives, and even what I would consider to be "insider information" in our industry. Cross-referencing these logs with our payroll system, I found that most of the snooping had been done by some of our higher-paid employees! And did you know that the my director makes $300k a year … for his BASE PAY? Man, wait ’til I get some of this information to ComputerWorld…
OK, I made that up. :o) I do think it’s interesting, though, to have us discussing a problem that we, your loyal readers, are a big part of. If you think about this from a security point of view, we are frequently among the very highest-risk employees, since we often have the kind of privileged access required to do this kind of thing. If you give that kind of access to the lower-paid among us, the pressure to cave to an offer of cash-for-info could be really great. I know that we have had at least a dozen social engineering penetration attempts identified in the past year, and do you know who they are always trying to get into contact with? The DBAs, of course. And I’m NOT making that up."
It’s a good point, of course (tongue in cheek though it may be). I’ve heard from a lot of people writing in that are saying essentially the same thing – how do you protect the systems from the people that are responsible for setting them up and policing them? It’s a bit like the dual-key system for firing significant missiles. Can’t do anything without a code, two keys that are farther apart than a single person can activate. Perhaps we need that for logging into DBO roles with databases? (Kidding)
Featured White Paper(s)
7 Steps to Successful SQL Server Auditing
This easy-to-read guide will explain and simplify the basic steps associated with successful SQL Server auditing & give you t… (read more)
Making Databases Explorable
This paper looks at common difficulties encountered when maintaining a large number of databases and how the products in the … (read more)