Chapter 8: Effective Auditing for Accountability

Overview

Auditing is one of those not-so-exciting areas of security that everyone knows they should do but rarely ever does. There are many reasons for this. Some don’t know what to audit; some don’t know how to audit; some don’t know what to do with the audit records once they have audited; and some believe the audit performance overhead is a penalty that doesn’t justify the process.

This chapter explores each of these issues. You’ll see why auditing is not only possible, but also invaluable. Manual ways to audit will be examined as well as looking at database standard auditing and the improved fine-grained auditing technology. You’ll see how the audit records will show you who, what, where, when, and how. You have to determine why and may be able to based on the captured SQL. You’ll also explore how auditing can be used as a tool to show how popular an application is, what features are used, and who is using them, and you can establish usage patterns over time. In fine-grained auditing, you’ll learn how to control the audit fidelity as well as how to invoke an event handler.

Now a bit of philosophy on how auditing fits and why it’s important. Later extensive code examples show various methods and aspects to auditing. You’ll see that auditing is a complementary process of the security cycle, and when done effectively it can act as an invaluable tool in your security toolbox.