August 02, 2004
$496 for six users
- Ease of Use:
- Value for Money:
- Overall Rating:
Simple plug-in that enhances the security of data. The ability to revert data values back to original values is as useful as the ability to find where changes originated.
Alerts could be sent by a wider range of media. Greater automation of the querying procedure would allow real-time reactions.
AuditMaster should be mandatory for Pervasive.SQL users working in mission-critical environments. Easy to set up, but powerfully protects data.
Pervasive's SQL database is designed to be embedded in applications designed for small to medium businesses. AuditMaster has been created to ensure that changes to the database are efficiently and accurately logged. The audit trail produced not only allows the database manager to keep track of routine changes, but also sends alerts if and when key data, such as staff salaries or catalog prices, are altered.
As web services mature, more and more applications will talk directly to other applications and their underlying databases. Accurate information is essential to the smooth running of any company, and the challenge is to ensure that the data is not corrupted – either unintentionally, or by malformed or corrupted queries. Even though Pervasive.SQL can be used with encrypted data, this only protects data during transmission, so AuditMaster is required to secure the tables on the server.
The five parameters that AuditMaster measures covers who accessed a record, what changes were made, when and how, and where the change originated. Even if no changes have been made, the fact the data was touched is recorded. More importantly, the data value is recorded before and after the change, which can make repairs much easier.
AuditMaster's log event handler has to run on the database server, but any number of servers can be monitored through the viewer browser, either from one server or through any client on the network. Supported operating systems comprise Windows servers NT4 (SP4), 2000 (SP3) and 2003. Windows XP as a client is also supported.
The default installation wizard loads AuditMaster as a hidden network share, but this can be also be set so that it is displayed, depending on preference.
From a security point of view, it might be preferable to set the default as unshared, given that the user might overlook the share and possibly be open to hacking. This is a small point, because the permissions can exclude unwanted users, but in this era nothing should be left to chance.
Data can be monitored with or without using data definitions. If definitions are imported, it makes life easier for non-technical users. This would normally be advisable, because the job of watching the transactions requires very little skill thanks to the use of a wizard-like Query Builder utility.
The Query Builder is a delight to use because it is logically arranged with tabs labelled in simple English: Who did what; From where; When; How. These are supplemented by tabs for more advanced features: query building, scripting and file viewing.
Despite the Advanced label, the user does not require any real SQL training, because the commands generated are built using pull-down lists. Any time a trigger is set or changed, it is essential to exit from AuditMaster and restart the database services to ensure the trigger has been properly set. If a trigger gives unexpected results, the Scripting function allows the context of a query to be examined – but not changed, and the target record can be viewed using the View File tab.
Obviously, this stage requires planning to determine which data is critical to the organization, so that too many alarms are not set. When a large number of alarms are involved, the ability to alert different people of different events can spread the load, and any incorrect changes or attempts at fraud can be corrected almost in real time.
The changes discovered by a query can be set to trigger an alarm if something has been changed. When a trigger is sprung, an email can be sent to any number of email addresses or a program can be launched. Given the importance of some of the changes, it would be good to see more alerts in future upgrades to send mobile phone SMS messages or pager responses.
If using the Pervasive.SQL version 8.0 Security release, there is a database login phase for any database using a security level higher than the Classic setting – which only requires an operating system or network logon. Although AuditMaster can also be used with Pervasive 8.0, with Service Pack 1, it is best to upgrade to version 8.5 to get the best from AuditMaster.
The difference between the two higher security policies, Mixed and Database, is that Mixed uses the same OS or network names and passwords, but for Database the login names and passwords can be different. In both cases, a group of users has to be created in a category called Auditusers, with all rights granted.
The main feature of AuditMaster is its ability to change settings back to their original values. This can be achieved either manually through the browser control panel or through a self-written application.
In itself, AuditMaster will not make a database any more secure from attack or errors than it was beforehand, but it does mean that changes can be corrected more quickly.
However, the ability to run applications when an alarm is triggered does mean that security can be enhanced and corrective actions can be applied immediately.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Cyber-security must reflect risk not just regulation
- Data centres are on the move - where will they end up?
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report