Quest InTrust for Databases

InTrust for Databases is a database audit management system that is designed to provide maximum visibility into your database activities and confidence that your data assets are secure. InTrust for Databases addresses the issues of database control, and provides a way to enforce the requirements of external regulations, internal policies, and database best practices. It measures the effectiveness of existing controls on database intrusions, theft, fraud, and corruption, and also identifies new threats and exploits that require additional control solutions.

InTrust for Databases Console monitors critical systems and detects inappropriate or suspicious access and exploits, and then generates reports and automated real-time alerts on these activities. Although InTrust for Databases sees and logs all SQL operations that run on a database, it does not monitor actual customer data. Its auditing capabilities keep a history of database events, which aids in conducting complete forensic investigations. InTrust wizards make it easy to set up policies to define and deal with a compromise to your company's database systems. A separate application, InTrust for Databases Administrator, manages the servers and data collecting agents used by the Console. InTrust features help you perform the following tasks:

New in This Release

Note: To get reports from the command line, you must have Windows PowerShell™ installed on your console and have the Quest.InTrustDB.Commands.dll snap-in registered. The InTrust for Databases Console help system now describes these procedures in detail.

Resolved Issues and Enhancements

The following is a list of issues addressed and enhancements implemented since the release of InTrust for Databases 2.1:

Known Issues

Feature	Known Issue	Change Request
Installation	You must login as root to install an IDB agent.
Installation	Non-English InTrust for Databases user names are not supported. InTrust for Databases does not store user names in Unicode, so multi-byte characters lead to irresolvable user names.
Oracle	Oracle MTS is not supported.
	Oracle Parallel Query is not supported.
	The libquest shared library may slightly increase connect times to Oracle. See Appendix B, The libquest Library, in the InTrust for Databases Installation Guide.
	Non-UTF8 character sets (for example ja16euc, ja16sjis) may have display issues on Oracle on Unix.
	There are limitations to Bind variable support on Unix and Oracle 10g on Windows.
Unix Oracle 8i Limitations
	The row count from queries and the Fetch variable are not supported.
	If you drop a table and then recreate it, the new table and new table ID are not refreshed in the InTrust for Databases cache and policies on the table are not effective until the next cache refresh by dbcon. Workaround: Refresh tables and users from the InTrust for Databases Console. From the menu bar, select Tools \| Refresh Tables and Users.
	If you have an open Oracle session and issue a CONNECT command to connect as a different user, any commands you issue thereafter appear in Forensics as the first user instead of the new user.	CR#0218979
SQL Server
SQL Server	SYM file may not be available for specific SQL Server patches and hot-fixes. See Appendix A, SQL Server SYM File, in the InTrust for Databases Installation Guide.
Performance and Scalability
Performance and Scalability	On HP-UX, the operating system kernel attempts to reserve very large amounts of swap space. The swap space required equals the size of the Oracle process multiplied by the number of concurrent sessions.	CR#0217359
User Console	The UI is designed for screen resolution of 1024 x 768 or higher. Resolutions lower than this or low DPI settings may cut off portions of the UI.
General
General	If you have an agent installed on a VMware image and restart the image, the IDB server will reject the connection. Workaround: Kill the acc process on the InTrust for Databases server.
Profiles	Changes made to profiles do not take effect until the Alerter restarts. Workaround: After you make changes to profiles, restart the Alerter from the InTrust for Databases Console. From the menu bar, select Tools \| Restart Alerter.
Forensics	Forensics only displays the first 5000 executions in any session. InTrust for Databases edits all executions, however. Workaround: To view the additional executions adjust the time window at the top of the screen.
	Forensics only displays the first 1 MB of SQL text for any execution. However, InTrust for Databases audits and stores the entire execution.
	In SQL Server 2005, sessions that exist at the time monitoring starts may appear with the wrong user name in forensics.
	An "unknown execution" error sometimes occurs in the Forensic display. This can occur because: There are recursive SQL statements that are sometimes executed without a parent statement. InTrust is looking at a partial time range (that does not include the end of the parent execution). The Oracle DESCRIBE command was executed in SQL *Plus. In certain cases, this error occurs as a result of executing a compiled PLSQL block. In these cases the SQL text is not visible to InTrust for Databases. The IDB agent can sometimes associate the wrong SQL text with that execution. The rest of the information about the execution is still correct (tables accessed, bind variables, row count, etc.).

Third Party Known Issues

On Windows 2000 machines, the InTrust for Databases Console application may encounter an access violation error when minimizing or resizing the InTrust for Databases window.

If you plan to monitor databases that run on AIX 5.2 or 5.3, there is a bug in the AIX kernel that affects InTrust for Databases. On these systems, there is a rare chance of having processes from Oracle sessions that die and their data collectors remain in the system. They do not perform any work, but remain in the process table and cannot be removed. The following APARs describe the bug and link to a patch:

Upgrade and Compatibility

See the InTrust for Databases Installation Guide 2.2 for instructions on how to upgrade from version 2.0 or 2.1 or for instructions on how to install a patch.

If you are using an older version of InTrust for Databases, please contact Quest Support.

System Requirements

There are three system components to consider when you install InTrust for Databases: Console, IDB Server, and Monitored Instances on database hosts. Each has separate requirements. For more information, see the InTrust for Databases Installation Guide.

Console Requirements

You must be a USER in the Power User Group to install InTrust for Databases (Console and Administrator) on a Windows system. Your system must meet the following minimum hardware and software requirements:

IDB Server Requirements

The InTrust for Databases (IDB) Server is a Windows or Linux machine that performs the following functions:

Note: The IDB server requires the installation of Quest Agent Manager software.

Before installing InTrust for Databases server software, ensure your system meets the following minimum hardware and software requirements:

Monitored Instances on Database Hosts

Monitored Instances are databases to which you apply your audit policies. The database hosts are any machines that InTrust for Databases supports and contain the monitored instances.

Note: These hosts require the manual installation of the Quest Agent Manager framework and an IDB agent.

Before installing InTrust for Databases agent software, ensure your system meets the following minimum hardware and software requirements:

Global Operations

This section contains information about installing and operating this product in non-English configurations, such as those needed by customers outside of North America. This section does not replace the materials about supported platforms and configurations found elsewhere in the product documentation.

This release is Unicode-enabled and supports any character set. In this release, all product components should be configured to use the same or compatible character encodings and should be installed to use the same locale and regional options. This release is targeted to support operations in the following regions: North America, Western Europe and Latin America, Central and Eastern Europe, Far-East Asia, Japan.

This release has the following known capabilities or limitations: InTrust for Databases users and passwords are not unicode enabled. Oracle databases with a charset (as opposed to ncharset) that is not UTF8 (like ja16euc or ja16sjis) will not display non-ascii letters correctly.

Getting Started

Contents of the Release Package

The InTrust for Databases 2..2.1 release package contains the following products:

Installation Instructions

Refer to the InTrust for Databases Installation Guide for installation instructions.

You can install the IDB server and IDB agent from the InTrust for Databases Administrator console. You need an ADMIN role to run the Administrator console.

For More Information

Contacting Quest Software:

Contacting Quest Support:

Quest Support is available to customers who have a trial version of a Quest product or who have purchased a commercial version and have a valid maintenance contract.
Quest Support provides around the clock coverage with SupportLink, our web self-service. Visit SupportLink at http://support.quest.com.

View the Global Support Guide for a detailed explanation of support programs, online services, contact information, and policy and procedures.
The guide is available at: http://support.quest.com/pdfs/Global Support Guide.pdf.

This document contains proprietary information protected by copyright. The software described in this document is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser’s personal use without the written permission of Quest Software, Inc.

If you have any questions regarding your potential use of this material, contact:

Trademarks

Quest, Quest Software, the Quest Software logo, Aelita, AppAssure, Benchmark Factory, Big Brother, DataFactory, DeployDirector, ERDisk, Foglight, Funnel Web, I/Watch, Imceda, InLook, IntelliProfile, Internet Weather Report, InTrust, IT Dad, JClass, Jint, JProbe, LeccoTech, LiteSpeed, LiveReorg, NBSpool, NetBase, Npulse, PerformaSure, PL/Vision, Quest Central, RAPS, SharePlex, Sitraka, SmartAlarm, Spotlight, SQL LiteSpeed, SQL Navigator, SQLab, SQL Watch, Stat, Stat!, StealthCollect, Tag and Follow, Toad, T.O.A.D., Toad World, Vintela, Virtual DBA, Xaffire, and XRT are trademarks and registered trademarks of Quest Software, Inc in the United States of America and other countries. Other trademarks and registered trademarks used in this guide are property of their respective owners.

Disclaimer

The information in this document is provided in connection with Quest products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Quest products. EXCEPT AS SET FORTH IN QUEST'S TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, QUEST ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL QUEST BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF QUEST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Quest makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Quest does not make any commitment to update the information contained in this document.

Feature	Resolved Issue	Change Request
Reports	Privileged Sessions reports no longer issue an "Invalid SQL Id" message. This problem occurred on Windows 2000 under VMWare.	CR#43397
Oracle	InTrust for Databases for Oracle on Windows now supports row count and bind variable collection when enabled.
Forensics
Forensics	Forensics no longer displays an "unknown execution" message for exceptions that occur during the execution of a SQL statement.
Support Bundle	InTrust for Databases Administrator can generate a support bundle for an IDB server running on Windows. You can generate Support bundles for IDB agents and IDB servers on all supported platforms.

Platform	Microsoft Windows 2000 with Service Pack 4 or XP on Intel (or compatible) 32-bit
Memory	512 MB RAM minimum: 1 GB of RAM recommended
Hard Disk Space	80 MB for installation Note: The disk space required may vary based on options selected for installation. You may remove the Packages folder after installing IDB servers and agents.
Monitor	SVGA monitor, 1024 x 768 resolution, small fonts
CD-ROM	CD-ROM drive (required for installation only)
Printer	Printer (optional) to print reports
Additional Software	Microsoft® .Net 2.0 PDF Viewer Adobe® Acrobat® Reader 5.0 or later (for viewing the Installation and User Guides)

Linux Platform	RedHat ES 3, 4 or Suse LE 9, 10 32-bit
Windows Platform	2000 with Service Pack 4, 2003 (on Intel or compatible)
Memory	1 GB RAM minimum, 2 GB recommended
Hard Disk Space	50 MB for the IDB server software. Significant additional disk space is required to store the collected audit data. The total amount of space required depends on the level of activity on your audited databases as well as the frequency that you purge data. For test purposes, it is recommended that you allocate a minimum of 1 GB of disk space. The audit of a busy production database can accumulate many times this amount of storage.
CD-ROM	CD-ROM drive (required for manual installation of Quest Agent Manager framework only)

Oracle Platform	Linux on Intel (or compatible) 32-bit with OS: RedHat ES 3, 4 Suse LE 9, 10 Linux on AMD64 \ EMT64 64-bit with OS: RedHat ES 4 Suse LE 9, 10 Sun SPARC 64-bit with OS: Solaris 9, 10 AIX PowerPC 64-bit with OS: AIX 5 HP-UX PA-RISC 64-bit with OS: HP-UX 11.11, 11.23 Note: On HP-UX, the operating system kernel attempts to reserve very large amounts of swap space. The swap space required equals the size of the Oracle process multiplied by the number of concurrent sessions. Windows Intel 32-bit on: Windows Note: The above systems all run with Oracle 9.2, 10.1, 10.2, 11.1. There is limited support for Oracle 8.1.7.
SQL Server Platform	Windows 2000 or 2003 32-bit running SQL Server 2000 with Service Pack 4, 2005 with Service Pack 1 or Service Pack 2 Windows 2003 AMD64 \ EMT64 64-bit running SQL Server 2005 with Service Pack 1 or Service Pack 2 Note: InTrust for Databases supports all SQL Server editions including Express.
Memory	The memory required may vary based on the following: Amount of database activity Number of concurrent users accessing the databases Note: Typically, each session requires an additional 0.5-1.5 MB of virtual memory.
Hard Disk Space	50 MB of disk space for installation of Quest Agent Manager framework and agent software. Additional storage space is needed for buffering data when the InTrust for Databases server is down or unreachable.
CD-ROM	CD-ROM drive (required for manual installation of Quest Agent Manager framework only)

Email	info@quest.com
Mail	Quest Software, Inc. World Headquarters 5 Polaris Way Aliso Viejo, CA 92656 USA
Web	http://www.quest.com

Welcome to InTrust for Databases	New in this Release	Resolved Issues and Enhancements	Known Issues	Third Party Known Issues
Upgrade and Compatibility	System Requirements	Global Operations	Getting Started	For More Information