Buy | Newsletters | Search
Products Solutions Downloads Support Resources Lookups Contact Us

  
 News

 Database Logging Security Management

Buried deep within enterprise IT infrastructures, databases can be said to hold the “crown jewels” of an organization. Unfortunately, database security is often lacking, leaving sensitive, business-critical information such as customer data, financial details and more, vulnerable to hackers. Anton Chuvakin of DM Direct, discusses the security importance of database logging.

It is common that database administrators (DBAs) are assigned the task of database security, but this is an issue that should be of utmost importance to any business that wants to stay in business.

Databases are now becoming one of the most voluminous log generators in the enterprise – rivaling firewalls for the top spot. Most databases (i.e., Oracle, Microsoft SQL Server, IBM DB2, MySQL, etc.) will log system starts, stops and restarts by default, but database logging isn’t merely about keeping the system running, particularly when your databases contain sensitive, private information. Security and compliance requirements must therefore be considered when configuring your database and managing your logs.

Database logging thereby becomes an essential (and required) component of database security – and it makes sense to not only focus on “keeping the bad guys out,” but also to take a “what’s going on in here?” approach. After all, you may not know who the “bad guys” are. Logs can provide a continuous fingerprint of everything that happens in your IT systems and with your data, and will point you to the “who, what, when, where” information of any breach – whether the malicious behavior comes from outside hackers, a disgruntled employee, or another source.

Typical database log events may include:

• User logins and logouts;
• Database system starts, stops and restarts;
• Various system failures and errors;
• User privilege changes;
• Database structure (metadata) changes;
• Most other DBA actions; and
• Select or all database data access (if configured to be so).

As we know, hackers are always looking for new ways to break through security barriers to access your sensitive information, and all preventative security measures fail at some point. Thus, because you are not able to guard against every malicious hacker, logs will at least allow you to detect such security breaches as well as actually figure out how it was done during the incident investigation. At a minimal level, logs must be collected and archived, but log analysis makes the data significantly more useful. In more explicit terms, log monitoring and management should include:

Collection: Gathering log data where it is being generated via an agent or remotely;

Transfer: Securely transmitting log data to a central server for analysis and storage;

Alerts: Issuing real-time alerts to database administrators if needed;

Reporting and analysis: Providing reports and analytics based on log data, and;

Storage: Securely storing logs as long as prescribed by your retention policy and then, just as safely, destroying them.

The above examples for managing your log data will help you keep tabs on the activities occurring in your business. Regularly collecting log data is a best practice for incident response and can save you during crunch time after a server crash, data theft, or surprise visit by your friendly auditor. Alternatively, if someone is downloading an entire table or changing a database schema while being logged on from a remote connection, a real-time alert will catch your attention. Further, reports may help you track and analyze login failures and successes or after-hours access to better evaluate insider privilege abuse. In other words, database logs can help you catch unusual behavior before a problem gets out of hand and into headline news.

Database log management is becoming a best practice for database security – you should be aware of who is accessing or changing your data, when they are accessing it, and where they are accessing it. Luckily, you can combine database log management with other similar projects (such as firewall or UNIX server syslog management) and use a single automated Log Management and Intelligence (LMI) platform to enable efficient and reliable log collection, reporting analysis, and retention. As long as you grow your LMI deployment in phases rather than trying to cover all logs on day one, you will be on the path to overall greater IT security within your organization.

---Source: Excerpts from DM News December 2007article “Tips and Trends on Database Log Management” (www.dmreview.com).

 
Melissa Data


 
Enhance your website, software or database with easy-to-integrate data quality programming tools and web services.


 
Save money on postage using leading mail preparation software and other direct marketing products.


 
Update & standardize addresses and find out more about contacts in your database.

 


 
Find new customers perfect for your business with our online and specialty mailing lists.
 


 
Locate the business information you need such as ZIP Codes, address verification, maps.
 


           


Article Library | Direct Mail | Copywriting | Data Quality | eMail | Case Studies | Technical | Postal
Marketing Strategies | Internet & Web | Industry News | Subscript to Newsletters