Monitoring Data Access A practical guide to on the wire data access monitoring Kevin Else, Senior Consultant NoFools Ltd.

Slides:



Advertisements
Similar presentations
Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
Advertisements

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Privileged Account Management Jason Fehrenbach, Product Manager.
Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.
1 Visualizer for Firewall Display & Analysis Tool.
FlareCo Ltd ALTER DATABASE AdventureWorks SET PARTNER FORCE_SERVICE_ALLOW_DATA_LOSS Slide 1.
Guide to Network Defense and Countermeasures Second Edition
Toolbox Mirror -Overview Effective Distributed Learning.
Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Department Of Computer Engineering
Week 5 – Chap. 5 Data Transfer DBAs often must transfer data to and from text files, Excel spreadsheets, Access, Oracle or other SQL Server databases This.
Understanding and Managing WebSphere V5
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
1 Visualizer for Firewall Graphical Business Intelligence Display & Analysis Tool.
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.
10-Conducting Security Audits. Privilege Auditing Person’s access level over an object – User should be given minimal amount of privilege necessary to.
MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
Maintaining a Microsoft SQL Server 2008 Database SQLServer-Training.com.
Principles of Secure Account Management By Chuck Connell
COEN 252 Computer Forensics
What is FORENSICS? Why do we need Network Forensics?
DATABASE ADMINISTRATION WHAT IS IT?. THE GIST Database administrators are responsible for creating and maintaining the databases that form the core of.
DBA’s, Oracle Designer and the Development Life Cycle By Peter Wilkinson, Mercury International Ltd. Leslie Tierstein, SCI Consulting, Inc.
A337 File Design Computerized and Manual Systems 11/10/2009.
Forensic and Investigative Accounting Chapter 14 Digital Forensics Analysis © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.
1 Visualizer for Firewall Display & Analysis Tool.
Distributed IDS The implementation of a Distributed Intrusion Detection System over a medium scale open network where the focus is availability of services.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 10 Conducting Security Audits.
Classification 10/24/2015 Presenter Name Presenter Title Threat Discovery Appliance 2.0 Debug feature and troubleshooting.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
Network Security Technologies CS490 - Security in Computing Copyright © 2005 by Scott Orr and the Trustees of Indiana University.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 5: Managing and Monitoring DHCP.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 10 Case Study: Conducting an Information Systems Audit.
JINI Coordination-Based System By Anthony Friel * David Kiernan * Jasper Wood.
Foundations of Business Intelligence: Databases and Information Management.
MySQL and GRID status Gabriele Carcassi 9 September 2002.
1 Intro stored procedures Declaring parameters Using in a sproc Intro to transactions Concurrency control & recovery States of transactions Desirable.
Copy to Tape TOI. 2 Copy to Tape TOI Agenda Overview1 Technical Feature Implementation2 Q&A3.
So you think you know pub/sub ? Udi Dahan in
Web Server Security: Protecting Your Pages NOAA OAR WebShop 2001 August 2 nd, 2001 Jeremy Warren.
Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model.
What ICT specialists need to know about information and records Christine Johnston.
Putting Your Head in the Cloud Working with SQL Azure David Postlethwaite 19/09/2015David Postlethwaite.
Integrating the Healthcare Enterprise The Integration Profiles: Basic Security Profile.
Firewalls Definition: Device that interconnects two or more networks and manages the network traffic between those interfaces. Maybe used to: Protect a.
Barracuda SSL VPN 2012.
Copyright Joel Rosenblatt 2010
Tables and Triggers.
Module Overview Installing and Configuring a Network Policy Server
Chapter 13 Business Intelligence and Data Warehouses
Chapter 6 Integrity Policies
Don't gamble when it comes to reliability
Server Concepts Dr. Charles W. Kann.
Outline Introduction Characteristics of intrusion detection systems
Introduction to Networking
Computerized and Manual Systems
Auditing in SQL Server 2008 DBA-364-M
SPC April 12, 2018 Joel Rosenblatt
Computer-Based Processing: Developing an Audit Assessment Approach
Oracle HFM Implementation Boot Camp
Cyber Security - Protecting Information
Chapter 6: Integrity Policies
04 | Always On High Availability
Presentation transcript:

Monitoring Data Access A practical guide to on the wire data access monitoring Kevin Else, Senior Consultant NoFools Ltd

Why data access monitoring is a pain  Multiple routes to data  Multiple tools to access data  Multiple authentication methods  Multiple user types  Multiple locations  Multiple PAINS

Why its not a problem  Application auditing captures it all  Its behind a Firewall  We have IDS  They can’t get through the Website

Traditional Audit Methods  Application audit  Database Audit  Keystroke logs  SU logs  Event logs

What is NORMAL!!!!!!  Data extraction  Off server data manipulation  Data Caching  Data mirroring  Cluster Sync

Data Classification  What is the important data?  Putting a value on data is hard  If it doesn’t have a value to your organisation, why have you got it………..

Appliance based auditing

Another example

What it does  Examine data at a packet level to see if it is SQL  If it is copy the command to an Appliance  Appliance implements a set of rules to see if it is normal  If not either stores for later analysis or raises an incident  If it is traffic it has not seen before store for later comparison  Does this for 7.5 million transactions a second.  Supports segregation of duties and extensive reporting facilities.  Can also store/analyse the responses if required

Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.