Audit log (trail) tampering in databases
https://stackoverflow.com/questions/8276379
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianسؤال
Lets say we have a application which has a database - MySQL, SQL Server, or Oracle, for example. And let's assume that we have multiple people, like db and audit administrators, who have admin access privileges to the database. Let's say one of the people modifies a record and change the audit trail(since they have admin privileges I think they could do anything to the database, but correct me if I am wrong).
Is there any other way to detect this? Since changing the audit trail will cover up the tampering of the database record.
Do any of the database vendors has a solution for this? I guess this goes under the audit log tampering detection under the Database Forensics.
المحلول
When the database is sufficiently important to mandate an audit, it will probably also have a backup schedule.
One possible way (i may be wrong) would be to compare the suspect database against the backup dump; this may not be feasible if the admin/audit users are also assigned backup privileges.
نصائح أخرى
The standard approach is to get dedicated server at your company or rent a virtual server from a reliable supplier (like Amazon). Make sure that credentials for your app are different from credentials to the server. Whenever user deletes a record - backend should archive it instead. This makes it difficult to tamper the records.
Backup the database. You need backups in case someone breaks bd by mistake.
Use hash chains.
