 |
|
| Systems Channel Tips: |
|
|
|
DATABASE MANAGEMENT SERVICES
SQL Server security: Auditing
Hilary Cotter, Contributor
03.14.2008
Rating: --- (out of 5)
|
Auditing requirements have had an impact on SQL Server security. Like with authentication and permissions, auditing requirements have become more stringent and encompassing, especially those in HIPAA, Sarbanes-Oxley and Basel II. Many companies now have a legal obligation to track not only who modified a particular piece of data but also who viewed it.
Since SQL Server 6 it has been possible to run Profiler to capture most queries and Data Manipulation Language (DML). SQL Server 2005 allows for richer auditing of events; for example, with Data Definition Language (DDL) triggers, you can audit schema changes and use Profiler to audit querying activity to see who views a particular table. However, using Profiler for auditing consumes significant resources.
SQL Server 2008 introduces:
- Login triggers: These triggers will execute when a user logs on, to enable more granular control over what occurs during a login.
- Expanded auditing: SQL Server 2008 allows for more granular auditing. For example, you can audit an event such as someone increasing or decreasing inventory above or below a certain event. In addition, SQL Server 2008 allows auditing of any predefined server and database actions. These audits can be written to a file, Windows Application Log or the Windows Server log. SQL Server 2008 also introduces All Actions Audited, a setting that causes all database events to be audited, to comply with the most stringent auditing requirements.
- Policy-based management: SQL Server 2008 introduces Declared Management Framework (DMF), allowing policies to be created to monitor and report on objects' compliance with specific server, database or table settings. For example, you can increase SQL Server's security posture by using DMF to set a policy that all user tables belong to user schemas and do not belong to the dbo schema. If an object falls out of compliance, a script can be run that makes it complaint or sends out an alert.
About the author
Hilary Cotter has been involved in IT for more than 20 years as a Web and database consultant. Microsoft first awarded Cotter the Microsoft SQL Server MVP award in 2001. Cotter received his bachelor of applied science degree in mechanical engineering from the University of Toronto and subsequently studied economics at the University of Calgary and computer science at UC Berkeley. He is the author of a book on SQL Server transactional replication and is currently working on books on merge replication and Microsoft search technologies.
Go to page: 1 - 2 - 3
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSystemsChannel.com.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
|
|
|
| TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of . |
|
| | |
All Rights Reserved, , TechTarget |
|
|
|
|
|
