1 / 11

Monitoring Data Access

Monitoring Data Access. A practical guide to on the wire data access monitoring Kevin Else, Senior Consultant NoFools Ltd. Why data access monitoring is a pain. Multiple routes to data Multiple tools to access data Multiple authentication methods Multiple user types Multiple locations

arin
Download Presentation

Monitoring Data Access

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Monitoring Data Access A practical guide to on the wire data access monitoring Kevin Else, Senior Consultant NoFools Ltd

  2. Why data access monitoring is a pain • Multiple routes to data • Multiple tools to access data • Multiple authentication methods • Multiple user types • Multiple locations • Multiple PAINS

  3. Why its not a problem • Application auditing captures it all • Its behind a Firewall • We have IDS • They can’t get through the Website

  4. Traditional Audit Methods • Application audit • Database Audit • Keystroke logs • SU logs • Event logs

  5. What is NORMAL!!!!!! • Data extraction • Off server data manipulation • Data Caching • Data mirroring • Cluster Sync

  6. Data Classification • What is the important data? • Putting a value on data is hard • If it doesn’t have a value to your organisation, why have you got it……….. Until you don’t have it

  7. Appliance based auditing

  8. Another example

  9. What it does • Examine data at a packet level to see if it is SQL • If it is copy the command to an Appliance • Appliance implements a set of rules to see if it is normal • If not either stores for later analysis or raises an incident • If it is traffic it has not seen before store for later comparison • Does this for 7.5 million transactions a second. • Supports segregation of duties and extensive reporting facilities. • Can also store/analyse the responses if required

  10. Kevin_Else@Nofools.co.uk Thank You

More Related