tailieunhanh - Implementing Database Security and Auditing phần 8
lựa chọn là sự kiện Màn hình thư mục, trong đó liệt kê tất cả các sự kiện giám sát được xác định và cho thấy tình trạng của họ như một phần của cửa sổ bảng bên phải. Trong xem xét này cửa sổ tôi có thể thấy rằng tôi chỉ có một sự kiện theo dõi và trong trường hợp này đó là những gì tôi mong đợi. | 290 Monitor and audit job creation and scheduling options is the Event Monitors folder which lists all event monitors defined and shows their status as part of the tabular pane on the right. In reviewing this pane I can see that I have only one event monitor and in this case that s what I expect. Manually inspecting event monitors and traces can become tedious and is not sustainable in the long run. Therefore you should either revert to real-time monitoring of event monitor and trace creation or at least periodically audit them and compare activity with a baseline. For the example shown in Figure you can set a baseline that defines that the SAMPLE database has only one event monitor with the specifications shown in Figure . You can then define an automated procedure that will query the event monitors in your database every day and alert you when the list has changed. Monitor and audit job creation and scheduling When a Trojan is injected into your database to collect information to be used by an attacker the attacker can either connect into the database or have the Trojan deliver the information to the attacker. If a connection is made to the database you can resort to methods you have already seen for monitoring and blocking rogue database connections. If the Trojan is also responsible for delivering the information you need to monitor jobs that are running in the database. The delivery of the stolen data may be external to the database. For example a Trojan can write the information to a file where the delivery mechanism is based on other programs such as FTP e-mails and so on. While you can monitor activities at the host level if your primary responsibility is the database this may be off-limits to you. In addition to the use of event monitors and traces as described in the previous section database Trojans will often use scheduled jobs. In this way they can insert the data quickly into a table whenever an event fires and then periodically move
đang nạp các trang xem trước