With the frequent occurrence of information leakage incidents, database security products are gradually known to the public. Among database security products, database audit is probably the most familiar product for users. Without affecting the normal operation of the business system, the audit products can track and the operation access behavior of the database. Which is also an important reason why most users use it as a standard purchase of database security. This article mainly focuses on what is database audit, the role and principle of database audit, and the main characteristics of database audit.
Database auditing refers to reviewing audit logs and transaction logs to track changes in data and database structure. The database can be set up to capture changes in data and metadata, as well as modifications made by the database that stores the information. A typical audit report should include the following: completed operation, changed data value, the person performing the operation, and several other attributes. These audit functions are embedded in all relational platforms and ensure that the generated record files have high accuracy and completeness, just like the data stored in the database. In addition, the audit trail can also transform a series of statements into reasonable transactions and provide the business environment required for business process forensic analysis.
However, there are some limitations of an audit, such as the inability to audit data access statements (often called SELECT statements). In addition, local audits can hardly capture the original queries and variables recognized by users, and can only record events from a comprehensive perspective, while logs can capture data values before and after changes. This also makes the audit trail more effective in detecting changed content than in detecting accessed content.
CISA as in Certified Information Systems Auditor is of the best auditor certification you can get. 591lab has a wide certcollection to help professionals to get certified with awesome study materials.
The role of database audit
Through the bypass deployment, database audit can record the activities on the network in real-time, manage the compliance of database operation with fine-grained audit, and alarm the risk behavior of the database. By recording, analyzing, and reporting the user’s behavior of accessing the database, it is used to help users generate compliance search reports afterward and trace the source afterward. At the same time, it strengthens the internal and external database network behavior records and improves the security of data assets.
Principle of database audit
The system comprehensively audits the access behavior of the application system client and DBA to the database, not only audit SQL statements, but also remote access such as FTP, Telnet, etc. The system records the query, delete, add, repair, change, and other behaviors and operation results in detail. It can also give real-time early warning and stop the dangerous operation in time, so as to achieve the good and good effect of protecting the database.
Database audit system
The audit system is a set of the system which takes the security incident as the center, takes the comprehensive audit and the accurate audit as the foundation, through the comprehensive management which runs through the security incident processing life cycle as the means, can comprehensively reduce the security risk, comprehensively and accurately record the security event in the audit system.
1. Comprehensive database audit
The system can record all kinds of operations of current mainstream databases (Oracle, MSSQL, Mysql, PostgreSQL, cache, etc.) in detail and in real-time, and present them to customers in the form of reports and database lists.
The contents that can be audited include:
Audit user’s login and log out of the database
Audit user’s query, insertion, modification, deletion, and creation of database tables.
Monitor the operation of various databases to connect customers
2. Remote server operation audit
The audit system supports mainstream remote server access operations, including auditing of Telnet, FTP, Rlogin, X11, and other operations, and can record all operations of remote access users throughout the process.
3.Various alarm settings
Users can customize various alarm events and set the categories of alarm events. When the database encounters an attack and the customized alarm strategy is triggered, the system will automatically alarm. At present, the alarm is four levels: high level, high level, medium level, and low level.
4. Flexible audit strategy
The system uses an engine to audit all database activities and remote operations of the database server in a real-time and dynamic way. According to the information from the client (IP, MAC, user name), middle-ware (operation statement), and server (return value and response time) information, the audit system can realize visualization and management of audit.
5. System management
The management console of the audit system centrally manages the application audit system. Through the management and control platform, the auditors can monitor the various stages of the application audit equipment in real-time, including the system running status, the consumption of CPU, memory, and hard disk.