Best practices advise that database administrators should never log on to the production database and access sensitive table content that resides across instances unless there is an application maintenance request or other approved business need. If there is a user login with SYS privilege, whether it was a successful or failed logon, you need to be aware of it, because it could be the first sign of privilege abuse or identity theft. You need comprehensive Oracle auditing that includes not only Oracle audit of logon and logoff activity, but tracking of all actions performed within each session, with details about system configuration or privilege changes, data access, data deletions, and more. With such insights at hand, you can take proactive steps to minimize risks to your information privacy and security through users misusing their privileges.
You can use native tools to stay on top of successful and failed logon attempts and all logoffs, but you’ll have to use your SQL scripting skills to create specific commands in SQL Developer. Before you execute the scripts, make sure Oracle user login audit is enabled and a log audit trail is being written to a database for later DBA audit, so your script will log all logon attempts in the database audit trail. Then you’ll need to write and execute additional scripts to pull together a report that provides details of the audit sessions, such as username, terminal and timestamp. However, be ready to expend a great deal of time and effort, because the data is in a hard-to-read format and there are no comprehensive reports, so every time you need one from a certain date range, you’ll have to run the script all over again and then export the data into an Excel file for further review. Plus, you’ll have to consider where you are going to securely keep the login history for compliance checks. Are you sure you want to spend your precious time on these tedious and error-prone tasks?
Although native tools can help you enable audit of logon in Oracle Database, a complete security strategy requires a more efficient and streamlined analysis of what’s going on across your databases from a comprehensive and easy-to-use software solution. Top-to-bottom visibility is required to monitor privileged accounts, ensure that no DBAs use their credentials to log on to databases without a business need, and spot and block insider and outsider threats in their early stages before a breach occurs.
With Netwrix Auditor for Oracle Database, you can: