Search Results

Search found 250 results on 10 pages for 'auditing'.

Page 5/10 | < Previous Page | 1 2 3 4 5 6 7 8 9 10  | Next Page >

  • Tracking SQL Server 2008 Timeout Errors

    - by SDReyes
    we got some connections timeouts running a stored procedure in a SQL Server 2008 instance. after a while, the DB started to work as usual, and there weren't any additional timeout errors. So I'm trying to get additional info about the error. Does SQL server 2008 have any kind of error log that I can look into? Do exist any auditing/logging features that I can activate to trace the error (if it happens again)?

    Read the article

  • Steps to Mitigate Database Security Worst Practices

    - by Troy Kitch
    The recent Top 6 Database Security Worst Practices webcast revealed the Top 6, and a bonus 7th , database security worst practices: Privileged user "all access pass" Allow application bypass Minimal and inconsistent monitoring/auditing Not securing application data from OS-level user No SQL injection defense Sensitive data in non-production environments Not securing complete database environment These practices are uncovered in the 2010 IOUG Data Security Survey. As part of the webcast we looked at each one of these practices and how you can mitigate them with the Oracle Defense-in-Depth approach to database security. There's a lot of additional information to glean from the webcast, so I encourage you to check it out here and see how your organization measures up.

    Read the article

  • New Article on OTN: Tips for Securing an Oracle Linux Environment

    - by Lenz Grimmer
    Some time ago, we published Tips for Hardening an Oracle Linux Server on the Oracle Technology Network. This article focused on hardening an Oracle Linux system right after the initial installation, exploring administrative approaches that help to minimize vulnerabilities. This week we issued a second part,Tips for Securing an Oracle Linux Environment, which focuses on the operational part: detecting intrusion attempts, auditing and keeping systems up-to date and protected. If you manage Oracle Linux systems in your environment, check out these articles for some invaluable hints and suggestions on how to improve and maintain security of these servers!

    Read the article

  • Announcing Oracle Audit Vault and Database Firewall

    - by Troy Kitch
    Today, Oracle announced the new Oracle Audit Vault and Database Firewall product, which unifies database activity monitoring and audit data analysis in one solution. This new product expands protection beyond Oracle and third party databases with support for auditing the operating system, directories and custom sources. Here are some of the key features of Oracle Audit Vault and Database Firewall: Single Administrator Console Default Reports Out-of-the-Box Compliance Reporting Report with Data from Multiple Source Types Audit Stored Procedure Calls - Not Visible on the Network Extensive Audit Details Blocking SQL Injection Attacks Powerful Alerting Filter Conditions To learn more about the new features in Oracle Audit Vault and Database Firewall, watch the on-demand webcast.

    Read the article

  • Improved Database Threat Management with Oracle Audit Vault and ArcSight ESM

    - by roxana.bradescu
    Data represents one of the most valuable assets in any organization, making databases the primary target of today's attacks. It is important that organizations adopt a database security defense-in-depth approach that includes data encryption and masking, access control for privileged users and applications, activity monitoring and auditing. With Oracle Audit Vault, organizations can reliably monitor database activity enterprise-wide and alert on any security policy exceptions. The new integration between Oracle Audit Vault and ArcSight Enterprise Security Manager, allows organizations to take advantage of enterprise-wide, real-time event aggregation, correlation and response to attacks against their databases. Join us for this live SANS Tool Talk event to learn more about this new joint solution and real-world attack scenarios that can now be quickly detected and thwarted.

    Read the article

  • ING: Scaling Role Management and Access Certification to Thousands of Applications

    - by Tanu Sood
    Organizations deal with employee and user access certifications in different ways.  There’s collation of multiple spreadsheets, an intense two-week exercise by managers or use of access certification tools to do so across a handful of applications. But for most organizations compliance is about certifying user access for thousands of employees across hundreds of systems. Managing and auditing millions of entitlement combinations on a periodic basis poses a huge scale challenge. ING solved the compliance scale challenge using an Identity Platform approach. Join the live webcast featuring ING’s enterprise architect, Mark Robison, as he discusses how a platform approach offers value that is greater than the sum of its parts and enables ING to successfully meet their security and compliance goals. Mark will also share his implementation experiences and discuss the key requirements to manage the complexity and scale of access certification efforts at ING. Mark will be joined by Neil Gandhi, Principal Product Manager for Oracle Identity Analytics. Live WebcastING: Scaling Role Management and Access Certification to Thousands of ApplicationsWednesday, April 11th at 10 am Pacific/ 1 pm EasternRegister Today

    Read the article

  • Aus 2 mach 1: Oracle Audit Vault and Database Firewall

    - by Heinz-Wilhelm Fabry (DBA Community)
    Gestern hat Oracle bekanntgegeben, dass die beiden Produkte Oracle Audit Vault und Oracle Database Firewall zu einem Produkt werden. Der neue Produktname wird "Oracle Audit Vault and Database Firewall" sein. Software und Dokumentation werden in den nächsten Tagen zum Download verfügbar sein. Das Zusammenlegen macht durchaus Sinn, denn die ursprünglichen Produkte wiesen im Bereich der Protokollierung und des Berichtswesens deutliche Überschneidungen auf. Damit lag es nahe, die Repositories für das Speichern des Protokolls zu vereinheitlichen. Endlich wird es im Bereich Auditing durch die Einführung eines Development Kits auch möglich sein, Systeme anzubinden, für die Oracle keine vorgefertigten Konnektoren / Kollektoren liefert. Mit der Zusammenlegung verbunden ist ein völlig neues Lizenzierungsmodell, das zu deutlichen Kostensenkungen für kleinere und mittlere Installationen führt.

    Read the article

  • How To See Who Logged Into a Computer and When

    - by Chris Hoffman
    Have you ever wanted to monitor who’s logging into your computer and when? On Professional editions of Windows, you can enable logon auditing to have Windows track which user accounts log in and when. The Audit logon events setting tracks both local logins and network logins. Each logon event specifies the user account that logged on and the time the login took place. You can also see when users logged off. How to Get Pro Features in Windows Home Versions with Third Party Tools HTG Explains: Is ReadyBoost Worth Using? HTG Explains: What The Windows Event Viewer Is and How You Can Use It

    Read the article

  • ISO 12207: SQA as a supporting process?

    - by user970696
    I have been following ISO12207 for the sake of my thesis dealing with software quality. Now I should explain quality assurance and here comes the problem: according to this norm, QA is a supporting process, separated but on the same level with verification, validation and auditing processes. According to other sources, Quality Assurance is basically high level activity making sure that standards, norms etc. are being followed. Usually the part of Quality Assurance is the Quality Control (testing, reviewing, inspections also V&V) which measures the quality and provides QA with this information so it can be acted upon. I somehow do not understand how QA is thought to be according to this ISO and what activities should it perform. Also it does not mention QC except for a footnote.

    Read the article

  • Inventory management system design problem

    - by Steve F
    What are the conventions for item batch identifiers in inventory management systems? For example: A retail supermarket can order 'Item X' from either 'Supplier A' or 'Supplier B'. When it completes an order for the item from either supplier, it needs to store the record of the receipt. Inventory quantity for the item is increased upon receipt of the order. However it is also required to store some record of the supplier. Thus some sort of batch identifier is required. This batch identifier will uniquely identify the item received and the supplier from whom it is received. A new batch is created each time items are received in stock (for example, after an order). Hence, for purposes of accounting / auditing, information available to identify an item after it was sold comprises of ITEM_CODE, ITEM_NAME, BATCH_CODE. The BATCH_CODE is unique and is associated with DATE_RECEIVED, SUPPLIER_CODE, QTY_RECEIVED. Is this a complete system specification for the above scenario or has anything significant been left out?

    Read the article

  • How to Add Policy-based Audit Compliance to you existing MySQL applications

    - by Rob Young
    As a follow up to an earlier blog on the subject, please join us today at 0900 US PT to learn how to easily add policy-based auditing compliance to your existing MySQL applications.  This brief, informative session will provide an overview of the new MySQL Enterprise Audit plugin and will include a simple, practical step-by-step "how to" approach to get up and running with the new functionality. You can learn more and secure your seat for the presentation here.  Thanks for your continued support of MySQL!

    Read the article

  • Avoid External Dependencies in SQL Server Triggers

    I sometimes want to perform auditing or other actions in a trigger based on some criteria. More specifically, there are a few cases that may warrant an e-mail; for example, if a web sale takes place that requires custom or overnight shipping and handling. It is tempting to just add code to the trigger that sends an e-mail when these criteria are met. But this can be problematic for two reasons: (1) your users are waiting for that processing to occur, and (2) if you can't send the e-mail, how do you decide whether or not to roll back the transaction, and how do you bring the problem to the attention of the administrator?

    Read the article

  • What's a standard productive vs total office hours ratio? [migrated]

    - by marianov
    So it goes like this: we are keeping track of tasks using Redmine. We log time spent doing tasks, but at the end of the week if we add up all the time spent at those tasks there is no way a person has spent 40hs working. I think that's correct because offices have overhead (reading emails, politics, coffee, distractions). What would be a normal productive time vs total time spent ratio? Other areas in the organization just measure time spent in the office (with the rfid badges that open the door) but we don't like that approach and we are trying to convince Auditing to measure us using redmine instead.

    Read the article

  • Which VCS is efficient for storing small changes to big text files?

    - by MiguelM
    A government agency publishes a text file with thousands of records. The entire file is about 60MB. Every day the file has about 60 new or changed records. We need to validate some info against that file, and for auditing purposes, we may need to recover the file as it was in certain date. I thought I could use a VCS to store the file using git, but I understand git stores the entire text file gzipped, so the 60BM file will still need about 30MB to store everyday version. I wonder if one of the free VCS stores only diff/patch files.

    Read the article

  • What operation type invoked a trigger in SQL Server 2008?

    - by Neil Moss
    I'm contemplating a single SQL trigger to handle INSERT, UPDATE and DELETE operations as part of an auditing process. Is there any statement, function or @@ variable I can interrogate to find out which operation type launched the trigger? I've seen the following pattern: declare @type char(1) if exists (select * from inserted) if exists (select * from deleted) select @Type = 'U' else select @Type = 'I' else select @Type = 'D' but is there anything else a little more direct or explicit? Thanks, Neil.

    Read the article

  • SQL Server authentication - limit access to database to only connect through application

    - by Mauro
    I have a database which users should not be able to alter data in unless they use the specific app. I know best practice is to use windows authentication however that would mean that users could then connect to the database using any other data enabled app and change values which would then not be audited. Unfortunately SQL 2008 with its inbuilt auditing is not available. Any ideas how to ensure that users cannot change anything unless its through the controlling app?

    Read the article

  • How to determine who changed a file?

    - by Cocowalla
    In Windows, how can I programmatically determine which user account last changed or deleted a file? I know that setting up object access auditing may be an option, but if I use that I then have the problem of trying to match up event log entries to specific files... sounds messy! I can't think of any other way, so does anyone either have any tips for this approach or any alternatives?

    Read the article

  • Automating an SSRS 2008 R2 Report Snapshots and run report with most recent data

    - by Mr Shoubs
    I would like to automate a report snapshot, but there is only an option to take a snapshot in the Report History Tab. All the resources I've found suggest I need to go to processing options and select "Render this report from a snapshot". But I don't want to do that - when I go to a report, I want to get the most recent data. However daily at midnight I'd like to take a snapshot and store it in the history in case I want to compare the reports as of midnight for the last few weeks. Or am I doing this wrong and have to create a subscription instead? Note: this is for an auditing database and has way to much data in to query a range with more than 1 day in it - reports are restricted as such. (1 day has over 1 million rows on it's own).

    Read the article

  • SQL Server Snapshot Replication Subscriber (Editable or Read-Only)

    - by NateReid
    I need to create a copy of my SQL 2008 R2 Enterprise database and have it located on the same server as the original. I will be using this second copy of the database as the target of a mostly read-only website. I understand that if I create this copy of the database using snapshot replication that all data changes in the subscriber database will be overwriten in the event of the next replication. The web application will try to write to this database to record login attempts, etc and will fail if its source database is read-only. In my case I do not need to keep these auditing records and they can therefore be overwriten each time a new snapshot is applied. My question is whether SQL Server forces the subcriber database to be read-only and is there any way around this? Thank you, Nate

    Read the article

  • Tracking changes to firewall configs?

    - by jmreicha
    Myself and one other indivdual will be taking over some of the daily firewall management duties soon and I'm looking for a way to track changes on our firewall configurations for auditing purposes and need some ideas on a good way to track changes the changes that are made. I don't have a lot of specific criteria but here are some of the basic things I would like to be able to do: Access to previous revisions of firewall configs Access to changes made and by whom When specific changes were made I'm wondering if some sort of revision control software would work here as a way to track the the changes? Or if some other approach would work better for managing the change control in this situation. I'm open to any and all suggestions at this point. EDIT: We are using a Checkpoint pair, one passive one active configuration. I will update again with specific model numbers when I get a chance.

    Read the article

  • Prevent registry changes by users

    - by graf_ignotiev
    Background: I run a small computer lab of 10 computers using Windows 7 x64 Enterprise. Our users are set up as limited users. For additional restrictions, I set up local group policy for non-administrators using the microsoft management console. Problem: Recently, I found out that some of these restrictions had been removed. Reviewing the settings MMC and in ntuser.pol showed that the settings should still be in place. However, the related registry settings were missing in ntuser.dat. I already have registry editing disabled in the GPO (though not in silent mode). Question: What is the best way to deal with this situation? Should I look into preventing registry setting changes? Should I set up registry auditing to found out how these keys are getting changed in the first place? Or should I give up the ghost and write some kind of logon script that enforces registry values if they've been change? Any other ideas?

    Read the article

  • Windows Filtering Platform not turning off until admin logon. Win2008R2sp1

    - by rjt
    Just installed Windows Server 2008R2 SP1 to see if it would fix this problem, but it didn't. Until an administrator logs onto the domain controller, there are many events that WFP blocked a connection from Server60 to Server60 or Server60 to Server70. Both server60 and server70 are the domain controllers. One the admin logs on, the WFP events stop. The firewall is off by default GPO. Yes, i know that the WFP kicks in during the boot up sequence until the firewall takes over or in my case does not take over (since Vista), but i clearly should not have to autologon to a domain controller and call autolock or something. Example event LEVEL = Information Source = Microsoft Windows Security Auditing EventID = 5152 "Filtering Platform Packet Drop" and its evil twin id = 5157 "Filtering Platform Connection" "The Windows Filtering platform has blocked a connection." Direction %%14593 SourceAddress 192.168.10.60 SourcePort 49677 DestAddress 192.168.10.60 DestPort 389 Protocol 6 FilterRTID 65667 LayerName %%14611 LayerRTID 48 RemoteUserID S-1-0-0 RemoteMachineID S-1-0-0 windows-server-2008-r2 WFP BFE WindowsFilteringPlatform BaseFilteringEngine

    Read the article

  • Prevent member of administrator group loging in via Remote Desktop

    - by Chris J
    In order to support some build processes on our Server 2003 development servers, we require a common user account that has administrative privs. Unfortuantly, this also means that anyone that knows the password can also gain admin privs on a server. Assume that trying to keep the password secret is a failed exercise. Developers that need admin privs already have admin privs so should be able to log in as themselves. So the question is a simple one: is there anything I can configure to prevent people (ab)using the account to gain administrator on servers they shouldn't have administrator on? I'm aware that devs could disable anything that is put in place, but that's then down to process and auditing to track and manage. I don't mind where or how: it can be via the local security policy, group policy, a batch file executed in the user's profile, or something else.

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10  | Next Page >