RE: Database and System Security

RE: Database and System Security

 

  

The key here is that SOX "verifies you are following the procedure".
The procedure doesn't have to be right, and as your 'create' you
procedure, you modify it to suit your exceptions. Perhaps someday your
company will enjoy utopia, but for now you do the best you can, and then
document your exceptions.

So SOX people will ask for something, get a response and put it in there
procedures. Later they will come back and attempt to follow the
'procedures'. Good luck then.

Joel Patterson
Database Administrator
joel.[Email address protected]
x72546
904 727-2546

-----Original Message-----
From: Les Hollis
[mailto:oracledba-ezmlmshield-x13519582.[Email address protected]
Sent: Thursday, November 02, 2006 5:44 PM
To: LazyDBA Discussion
Subject: Re: Database and System Security

gee then the last 4 years of SOX audit that all I had to do was provide
verbage and logfiles and show thenm documents to erify we had a
procedure
wasn't a real audit.....


gosh I sure feel slighted that the audiotors they sent to visit me were
so
stupid as to not know what they were looking at and I could tell them
about
anything I wanted as long as it sounded right.

These people are TYPICALLY notice I said TYPICALLY not ALWAYS, straight
out
of college with accounting degrees and are handed a boilerplate of
questions
to ask and have NO clue what hey are looking at/for.

Many the time that I wasn't really in compliance, but provided them with
so
much data that they thought I was. Not to say we didn;t get in
compliance
later..but just not at that time.


So, NO they don't always verify what you say.........


----- Original Message -----
From: "Dustin Hayden "
<oracledba-ezmlmshield-x44481429.[Email address protected]
To: "LazyDBA Discussion" <[Email address protected]
Sent: Thursday, November 02, 2006 4:26 PM
Subject: RE: Database and System Security


> Actually sox verifies you are following the procedures.
> We are in the middle of an audit right now in fact.
>
> It is not assumed that the person leaving is going to do something but
> why take an unnecessary chance?
> The amount of long term damage someone with a high level of access
could
> do is just not worth the risk.
> I could probably put my company out of business if I put my mind to it
> with my access. So why on earth take that kind of chance?
>
> Personally I would prefer my company changed the passwords when I
left.
> That removes me as being a primary suspect if something were to happen
> shortly after I left.
>
> Been more than once in my career I thanked god I did not have a
password
> on a certain system. I watched two people get fired at my last job
just
> because they could not determine which one of them had done something
on
> a system.
>
> -----Original Message-----
> From: Les Hollis
> [mailto:oracledba-ezmlmshield-x88016194.[Email address protected]
> Sent: Thursday, November 02, 2006 4:34 PM
> To: LazyDBA Discussion
> Subject: Re: Database and System Security
>
> OK I agree that you need to change the passwords, access, etc
>
> MY POINT was why is it assumed that EVERYONE that leaves is going to
> cause
> problems....
>
> Yes, there are some disgruntled, upset, fired employees that COULD
cause
> you
> problems and probably would...but it just seems that the assumption is
> that
> they WILL....
>
>
> And yes, SOX requires a procedure that is followed when an employee
> leaves...
>
> Key here is that SOX looks for is a procedure to be in place whether
you
>
> follow it or not.....
>
>
>
>
> ----- Original Message -----
> From: "Dustin Hayden "
> <oracledba-ezmlmshield-x97443370.[Email address protected]
> To: "LazyDBA Discussion" <[Email address protected]
> Sent: Thursday, November 02, 2006 12:18 PM
> Subject: RE: Database and System Security
>
>
>> Yes you may know that but how does the place you work know that?
>> Besides Sox requires these measures be taken whenever someone leaves
a
>> company.
>>
>>
>> -----Original Message-----
>> From: Les Hollis
>> [mailto:oracledba-ezmlmshield-x41053127.[Email address protected]
>> Sent: Thursday, November 02, 2006 11:41 AM
>> To: LazyDBA Discussion
>> Subject: Re: Database and System Security
>>
>> why is it that everytime someone leaves a job it is ASSUMED that
> he/she
>> will
>> try to get back in and do something 'malicious'?
>>
>> If I were to leave my current job, I'd want nothing to do with what I
>> was
>> doing here.
>>
>>
>> Do you think that he is prone to do something?
>>
>> Change your oracle user password, system, sys root on the UNIX box
and
>> remove/disable any id created for him. That is about the best you
can
>> do.
>> Depending on your application, you may be able to change the schema
>> owner
>> password...
>>
>> Do you not have a firewall? IF so, then he obviosuly had a VPN
access
>> method...make sure that is disabled
>> ----- Original Message -----
>> From: "Bommareddy Anil Kumar "
>> <oracledba-ezmlmshield-x88206988.[Email address protected]
>> To: "LazyDBA Discussion" <[Email address protected]
>> Sent: Thursday, November 02, 2006 2:42 AM
>> Subject: Database and System Security
>>
>>
>>> Hi Gurus,
>>> Our senior DBA is leaving job for good. He
>>> remembers most the critical passwords[both databases and system]
and
>> ip
>>> addresses. He is also technically sound from Network and OS
>> perspective.
>>> How to prevent any mischief or security as a result of this in near
>>> future?
>>>
>>> Thanks,
>>> Anil
>>>
>>>
>>>
---------------------------------------------------------------------
>>> TO REPLY TO EVERYBODY , PLEASE CLICK REPLY-ALL, NOT JUST REPLY
>>> To post a dba job: http://jobs.lazydba.com
>>> To Subscribe : http://www.LazyDBA.com
>>> To unsubscribe: http://www.lazydba.com/unsubscribe.html
>>>
>>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> TO REPLY TO EVERYBODY , PLEASE CLICK REPLY-ALL, NOT JUST REPLY
>> To post a dba job: http://jobs.lazydba.com
>> To Subscribe : http://www.LazyDBA.com
>> To unsubscribe: http://www.lazydba.com/unsubscribe.html
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> TO REPLY TO EVERYBODY , PLEASE CLICK REPLY-ALL, NOT JUST REPLY
>> To post a dba job: http://jobs.lazydba.com
>> To Subscribe : http://www.LazyDBA.com
>> To unsubscribe: http://www.lazydba.com/unsubscribe.html
>>
>>
>
>
>
> ---------------------------------------------------------------------
> TO REPLY TO EVERYBODY , PLEASE CLICK REPLY-ALL, NOT JUST REPLY
> To post a dba job: http://jobs.lazydba.com
> To Subscribe : http://www.LazyDBA.com
> To unsubscribe: http://www.lazydba.com/unsubscribe.html
>
>
>
>
> ---------------------------------------------------------------------
> TO REPLY TO EVERYBODY , PLEASE CLICK REPLY-ALL, NOT JUST REPLY
> To post a dba job: http://jobs.lazydba.com
> To Subscribe : http://www.LazyDBA.com
> To unsubscribe: http://www.lazydba.com/unsubscribe.html
>
>



---------------------------------------------------------------------
TO REPLY TO EVERYBODY , PLEASE CLICK REPLY-ALL, NOT JUST REPLY
To post a dba job: http://jobs.lazydba.com
To Subscribe : http://www.LazyDBA.com
To unsubscribe: http://www.lazydba.com/unsubscribe.html



Oracle LazyDBA home page