Auditing
Database Logins Using SQL Server Error Logging
DBAs employ various checks to audit and to keep track of any unauthorized activities that might be going on at the server or database level. A key part of any data security strategy is the ability to track who accessed, or attempted to access data. This provides the ability to not only detect unauthorized access attempts, but also any malicious actions by insiders who try to misuse their legitimate access. Furthermore, a rich and robust tracking capability can provide oversight of sensitive configuration changes made by administrators.
Auditing is a mechanism to help us find if the infrastructure setup is efficient and healthy and meets our requirements. It tells us where the nail is to be hammered. Audit logs show us who tried to get into the system but was filtered by the security measures employed by us.
With SQL Server 20012, Microsoft introduced an important new feature that provides a true auditing solution - SQL Server Audit. It offers numerous attractive advantages that will help DBAs achieve their goals of meeting regulatory compliance requirements with just a few clicks of the mouse. SQL Server Audit includes the ability to provide centralized storage of audit logs and integration with System Center, as well as noticeably better performance. Most importantly, it permits fine-grained auditing whereby an audit can be targeted to specific actions by a principal against a particular object.
The architecture level implementation of audits
It’s really appreciable that finally Microsoft has given due consideration to providing the means of efficient auditing at such a granular level which can be managed/archived centrally. Audit files can be reviewed and archived at a customized, centralized path at the DBA's will.
To be able to understand how SQL Server 2008 Audit functionality works, it’s important to be well versed with:
Let us get an insight on each of these, and with an example, we will try to get a closer look at audits.
DBAs employ various checks to audit and to keep track of any unauthorized activities that might be going on at the server or database level. A key part of any data security strategy is the ability to track who accessed, or attempted to access data. This provides the ability to not only detect unauthorized access attempts, but also any malicious actions by insiders who try to misuse their legitimate access. Furthermore, a rich and robust tracking capability can provide oversight of sensitive configuration changes made by administrators.
Auditing is a mechanism to help us find if the infrastructure setup is efficient and healthy and meets our requirements. It tells us where the nail is to be hammered. Audit logs show us who tried to get into the system but was filtered by the security measures employed by us.
With SQL Server 20012, Microsoft introduced an important new feature that provides a true auditing solution - SQL Server Audit. It offers numerous attractive advantages that will help DBAs achieve their goals of meeting regulatory compliance requirements with just a few clicks of the mouse. SQL Server Audit includes the ability to provide centralized storage of audit logs and integration with System Center, as well as noticeably better performance. Most importantly, it permits fine-grained auditing whereby an audit can be targeted to specific actions by a principal against a particular object.
The architecture level implementation of audits
It’s really appreciable that finally Microsoft has given due consideration to providing the means of efficient auditing at such a granular level which can be managed/archived centrally. Audit files can be reviewed and archived at a customized, centralized path at the DBA's will.
To be able to understand how SQL Server 2008 Audit functionality works, it’s important to be well versed with:
1.
Server
Audit
2.
Server
Audit Specifications
3.
Database
Audit Specifications
Let us get an insight on each of these, and with an example, we will try to get a closer look at audits.
No comments:
Post a Comment