To address unauthorized access, it is necessary to establish a mechanism for detecting unauthorized access to databases and monitor access.
Create a mechanism that notifies of detected unauthorized access, such as notifying the manager and the administrator, if an account lock occurs due to the limit for failed login attempts being exceeded.
Create a mechanism that can check for suspicious access to the information below outside of normal access hours, together with implementing measures to address such access.
Monitor logs and detect access during timeframes that have not been applied for
In the event a request for access permission outside of normal access hours is made, the log is checked for any discrepancies in the requested content and work result
Decide on the timeframes during which access to the database is permitted for each general account
Detect access outside of normal access hours from session information logs
To detect access from connection sources that are not permitted, define the sources from where access is permitted, and detect access from connection sources that are not permitted.
Define the access patterns (connection source, operating system user and account) of database administrator accounts and general accounts, and check for access outside of these patterns.
