Books
in black and white
Main menu
Share a book About us Home
Books
Biology Business Chemistry Computers Culture Economics Fiction Games Guide History Management Mathematical Medicine Mental Fitnes Physics Psychology Scince Sport Technics
Ads

Introduction to the Teradata® RDBMS for UNIX® Version 2 Release 2.1 - NCR

NCR Introduction to the Teradata® RDBMS for UNIX® Version 2 Release 2.1 - NCR, 1998. - 315 p.
Download (direct link): inntroduktionteradata1998.pdf
Previous << 1 .. 48 49 50 51 52 53 < 54 > 55 56 57 58 59 60 .. 76 >> Next

Introduction to the Teradata RDBMS for UNIX

11-11
Security and Integrity

Establishing a Security Policy and Physical Access Control

Establishing a Security Policy and Physical Access Control

Introduction

This topic introduces the methods you can use to ensure physical access to your Teradata RDBMS and the hardware on which it runs.

Key Ingredients of a Security Policy

The security policy for your Teradata RDBMS should include two essential implementation elements:

• System-enforced security features

• Personnel-enforced security features

You should write a set of security policies and procedures to be distributed to all users of the system. Among the topics you should cover in this document are:

• Why security is needed

• Benefits of the security policy for the users and for the company

• Suggested security actions for users to follow

• Required security actions for users to follow

Establishing a Security Policy

The primary consideration for physical access control is establishing a security policy.

The security policy is based on two principal elements:

• Identification of security needs

• Identification of policies and procedures to meet those needs.

11-12

Introduction to the Teradata RDBMS for UNIX
Identifying Security Needs

Controlling Physical Access

Security and Integrity

Establishing a Security Policy and Physical Access Control

The following table illustrates a process flow for identifying security needs.

Stage Process
1 Identify the business importance of the data and its associated processing system.
2 Assign a security priority to the data based on the business case evaluation.
3 Identify the class of users who require access to the Teradata RDBMS and the date under its control.
4 Identify the system resources that require protection to ensure continued availability to all Teradata RDBMS users.

The Teradata RDBMS Security Administration Guide contains a wealth of suggestions for establishing a security policy for your Teradata RDBMS.

Physical access includes issues such as protecting the system and its components against deliberate damage and protecting the system console or Administration Workstation (multinode systems only) from unauthorized access.

The simplest way to accomplish this is to restrict access to your data center machine room. This means:

• Restricting machine room access to authorized personnel only or to escorted guests

• Maintaining a log of all escorted visitors

• In the case of unescorted visitors,

• Logging off any administrative users

• Turning off the entire system

• Screening non-operations personnel who require long term access to the machine room as if they were prospective operations staff employees.

• Reviewing the list of authorized personnel and updating it regularly

• Instructing the operations staff to challenge any unauthorized personnel they encounter in the machine room

• Storing any media containing sensitive data in a secure area

The Teradata RDBMS Security Administration Guide contains many other guidelines for controlling physical access to your Teradata RDBMS.

Introduction to the Teradata RDBMS for UNIX

11-13
Security and Integrity

Auditing and Accountability

Auditing and Accountability

This topic introduces the tools you can use to audit and account for Introduction 11 activity on your Teradata RDBMS.

The Teradata RDBMS supplies numerous system views for System Views 11 accessing information in the Data Dictionary/Directory. Logs are

initiated and terminated with the BEGIN LOGGING and END LOGGING Teradata SQL statements.

The following table illustrates system views that provide information about users and access rights and grant, logon, and access activities.

View Name Description
DBC.AccessLog Records privilege checks performed against a Teradata SQL request based on the criterion defined in a BEGIN LOGGING statement.
DBC.AccLogRules Logs entries as the result of executing BEGIN LOGGING and END LOGGING statements. Used by the system to determine which privilege checks should result in entries being generated in the DBC.AccLogTbl table.
DBC.AllRights Provides information about all users who have been automatically or explicitly granted privileges and the objects on which those privileges were granted.
DBC.DeleteAccessLog Used as the parameter of a Teradata SQL DELETE statement to remove access log row entries older than 30 days.
DBC.LogOnOff Records logon and logoff activity, the associated session number, and attempted logon events. Event data indicates why a logon attempt was unsuccessful.
DBC.LogonRules Stores entries as a result of GRANT LOGON and REVOKE LOGON statements. Used by the system to determine whether to allow or prevent system access.
DBC.Users Extracts information about the user submitting the request and all users owned by that user.

11-14

Introduction to the Teradata RDBMS for UNIX
Previous << 1 .. 48 49 50 51 52 53 < 54 > 55 56 57 58 59 60 .. 76 >> Next