RE: Database and System Security

RE: Database and System Security

 

  

Well, for one thing, how do you know that when that trustworthy employee
leaves, he didn't leave that vital access information on his home
computer, which could then get stolen or hacked? Or maybe he had a
'friend' looking over his shoulder, who stole the passwords, and
wouldn't have used it while his friend worked at the company, but now
that he's gone its fair game. There are many perfectly valid reasons
having nothing to do with trustworthiness and everything to do with
common sense precautions.

-----Original Message-----
From: Les Hollis
[mailto:oracledba-ezmlmshield-x88016194.[Email address protected]
Sent: Thursday, November 02, 2006 3:34 PM
To: LazyDBA Discussion
Subject: Re: Database and System Security

OK I agree that you need to change the passwords, access, etc

MY POINT was why is it assumed that EVERYONE that leaves is going to
cause problems....

Yes, there are some disgruntled, upset, fired employees that COULD cause
you problems and probably would...but it just seems that the assumption
is that they WILL....


And yes, SOX requires a procedure that is followed when an employee
leaves...

Key here is that SOX looks for is a procedure to be in place whether you
follow it or not.....




----- Original Message -----
From: "Dustin Hayden "
<oracledba-ezmlmshield-x97443370.[Email address protected]
To: "LazyDBA Discussion" <[Email address protected]
Sent: Thursday, November 02, 2006 12:18 PM
Subject: RE: Database and System Security


> Yes you may know that but how does the place you work know that?
> Besides Sox requires these measures be taken whenever someone leaves a
> company.
>
>
> -----Original Message-----
> From: Les Hollis
> [mailto:oracledba-ezmlmshield-x41053127.[Email address protected]
> Sent: Thursday, November 02, 2006 11:41 AM
> To: LazyDBA Discussion
> Subject: Re: Database and System Security
>
> why is it that everytime someone leaves a job it is ASSUMED that
he/she
> will
> try to get back in and do something 'malicious'?
>
> If I were to leave my current job, I'd want nothing to do with what I
> was
> doing here.
>
>
> Do you think that he is prone to do something?
>
> Change your oracle user password, system, sys root on the UNIX box and
> remove/disable any id created for him. That is about the best you can
> do.
> Depending on your application, you may be able to change the schema
> owner
> password...
>
> Do you not have a firewall? IF so, then he obviosuly had a VPN access
> method...make sure that is disabled
> ----- Original Message -----
> From: "Bommareddy Anil Kumar "
> <oracledba-ezmlmshield-x88206988.[Email address protected]
> To: "LazyDBA Discussion" <[Email address protected]
> Sent: Thursday, November 02, 2006 2:42 AM
> Subject: Database and System Security
>
>
>> Hi Gurus,
>> Our senior DBA is leaving job for good. He
>> remembers most the critical passwords[both databases and system] and
> ip
>> addresses. He is also technically sound from Network and OS
> perspective.
>> How to prevent any mischief or security as a result of this in near
>> future?
>>
>> Thanks,
>> Anil
>>
>>
>> ---------------------------------------------------------------------
>> TO REPLY TO EVERYBODY , PLEASE CLICK REPLY-ALL, NOT JUST REPLY
>> To post a dba job: http://jobs.lazydba.com
>> To Subscribe : http://www.LazyDBA.com
>> To unsubscribe: http://www.lazydba.com/unsubscribe.html
>>
>>
>
>
>
> ---------------------------------------------------------------------
> TO REPLY TO EVERYBODY , PLEASE CLICK REPLY-ALL, NOT JUST REPLY
> To post a dba job: http://jobs.lazydba.com
> To Subscribe : http://www.LazyDBA.com
> To unsubscribe: http://www.lazydba.com/unsubscribe.html
>
>
>
>
> ---------------------------------------------------------------------
> TO REPLY TO EVERYBODY , PLEASE CLICK REPLY-ALL, NOT JUST REPLY
> To post a dba job: http://jobs.lazydba.com
> To Subscribe : http://www.LazyDBA.com
> To unsubscribe: http://www.lazydba.com/unsubscribe.html
>
>



---------------------------------------------------------------------
TO REPLY TO EVERYBODY , PLEASE CLICK REPLY-ALL, NOT JUST REPLY
To post a dba job: http://jobs.lazydba.com
To Subscribe : http://www.LazyDBA.com
To unsubscribe: http://www.lazydba.com/unsubscribe.html



-----------------------------------------
CONFIDENTIALITY NOTICE

This message and any attachments are from the NAIC and are intended
only for the addressee. Information contained herein is
confidential, and may be privileged or exempt from disclosure
pursuant to applicable federal or state law. This message is not
intended as a waiver of the confidential, privileged or exempted
status of the information transmitted. Unauthorized forwarding,
printing, copying, distribution or use of such information is
strictly prohibited and may be unlawful. If you are not the
addressee, please promptly delete this message and notify the
sender of the delivery error by e-mail or by calling the NAIC Help
Desk at (816)783-8500.


Oracle LazyDBA home page