tailieunhanh - Implementing Database Security and Auditing phần 10

bạn có thể thiết lập một đường cơ sở xác định cơ sở dữ liệu SAMPLE đã theo dõi sự kiện với các chi tiết kỹ thuật được hiển thị trong hình . Sau đó, bạn có thể xác định một thủ tục tự động sẽ truy vấn theo dõi, giám sát sự kiện trong cơ sở dữ liệu của bạn mỗi ngày và cảnh báo bạn khi danh sách đã thay đổi. | 378 Architectures for external audit systems ---------------- Figure Auditing by inspecting inmemory database data structures. abstracted as user-visible tables and views. As an example in Oracle this information is available through the V views. Rather than polling the internal data structure an auditing system can connect to the database using an administrator account and poll these views tables. Note that in both cases the auditing system needs to poll the data structures views fast enough so as not to miss any data but not too fast so as not to overwork the database. The second auditing architecture involves inspecting all communication streams that are terminated by the database. A database is a server that accepts connection requests and all activities are eventually initiated using such connections. Therefore by monitoring these communication streams you can audit everything the database is being asked to do. Connections can be local or come from the network. Database clients connect to the database process either using network protocols or by using interprocess communication IPC mechanisms if the client resides on the same server as the database. An auditing system that inspects database communications see Figure can use network-based inspection . packet inspection to audit all networked connections and use a probe running on the local operating system to monitor IPC communications. Some auditing systems give you extra flexibility in terms of how network inspection is done. One option is to use network capabilities and devices such as network taps hubs or switch port mirroring. In the last case the auditing system uses facilities within a switch that create mirror packets for every packet that is delivered to the database or uses the fact that it can promiscuously read the packets off the wire without interfering with the packet streams to the database. The auditing system may even function as a net- Architectures for external audit .