• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
TehDays Basel - Auditing in sql server 2012 - charley hanania - tech days basel 2012

TehDays Basel - Auditing in sql server 2012 - charley hanania - tech days basel 2012






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment
  • SQL Server as a complex DBMS comes packed with features to cover a wide range of operational and development needs.A group of complementing components focus on Operational Security and Compliance, such as:

TehDays Basel - Auditing in sql server 2012 - charley hanania - tech days basel 2012 TehDays Basel - Auditing in sql server 2012 - charley hanania - tech days basel 2012 Presentation Transcript

  • IT Pro DayAuditing in SQL Server2012Charley HananiaPrincipal Consultant, QS2 AG – Quality Software Solutionswww.qs2.ch
  • Now:• Database Consultant at QS2 AGFormerly:• Production Product Owner of MS SQL Server Platform at UBS Investment BankIT Professional since 1992SQL Server Certified since 1988• On SQL Server since 1995• Version 4 on OS/2Community• Microsoft MVP: SQL Server• PASS Chapter Leader – Switzerland• PASS Regional Mentor – Europe• European PASS Conference Lead• International Event Speaker• MCT Regional Lead (Switzerland)• Database Days Conference Switzerland LeadB.Sc (Computing), MCP, MCDBA, MCITP, MCTS, MCT, Microsoft MVP: SQL Server, MCT Regional Lead (Switzerland)
  • AgendaChapter 2/4
  • AgendaOverviewSQL Server Audit FrameworkPolicy Based Mgt FrameworkWrap-Up
  • Overview of regulatory standards and
  • The Complianceand PolicyEcosystemWhy all this is so important…
  • 1. Identify Issues and Risks2. Develop Policies to mitigate them3. Architect Procedures & Solutions(frameworks) to meet (comply with) Policies4. Implement methods to report compliancelevels5. Implement methods & countermeasures forexceptions and comprised systems6. Implement Process Improvementmethodologies for framework maturity
  • Major frameworksused for establishing IT controls…
  • • AICPA/CICA Trust Services, Principles, andCriteria• Carnegie Mellon University Software EngineeringInstitute (CMU/SEI) OCTAVE• CICA CoCo – Criteria of Control Framework• CICA IT Control Guidelines• CMMI – Capability Maturity Model Integration• CobiT – Control Objectives for Information andrelated Technology• COSO – Internal Control Integrated Framework• GAISP – Generally Accepted InformationSecurity Principles• ISF Standard of Good Practice for InformationSecurity• ISO 17799:2005• ISO 9000• ITIL – the IT Infrastructure Library• Malcolm Baldridge National Quality Program• Organization for Economic Cooperation andDevelopment (OECD) Principles of CorporateGovernance• OPMMM – Organizational Project ManagementMaturity Model• Six Sigma• OECD - Organization for Economic Cooperationand Development Guidelines on the Protection ofPrivacy and Transborder Flows of Personal Data• NIST SP 800-53 - Recommended SecurityControls for Federal Information Systems• The FFIEC Information Technology ExaminationHandbook seriesThe major players in the IT framework arena are:source: www.unifiedcompliance.comNote: There is no single framework that is all encompassing and "complete" Some frameworks focus on process maturity analysis and others focus more on standardised policies andchecklists. These frameworks are used to bring organisations closer to compliance with one or more regulatory standards
  • RelevantTechnologyComponentswithin SQL Server
  • • Complex DBMS :: packed with features.
  • SQL Server Audit Framework
  • FeatureOverviewSQL Server Audit Framework
  • • Based on Extended Events• Components:SQL Server Audit
  • • sys.fn_get_audit_file• sys.sp_audit_write• System ViewsSQL Server Audit
  • Enhancements inSQL Server 2012SQL Server Audit Framework
  • • SQL Server Auditing is more resistant to auditing destinationfailures• Audit log records additional T-SQL stack frame information whenavailable• Audit information is filtered before it is written into the audit target• Maximum number of audit files available• Stored procedure - sp_audit_write• New columns in audit related views and functions
  • DemoSQL Server Audit Framework
  • Policy Based Mgt Framework
  • FeatureOverviewPolicy Based Mgt Framework
  • •A framework which exposes sql servers propertiesas facets, allows you to create conditions whichreport back the status of those facets, and thencreate policies around those conditions.•You can just report on those or enforce them. Youcan also import and export them and apply them tomultiple servers.Policy Based Management
  • ConditionsFacetsPoliciesPolicy Based Management
  • DemoPolicy Based Mgt Framework
  • Wrap-Up
  • SummaryWrap-Up
  • The Audit Feature is enhanced in SQL Server2012It is a tool in the “Security and Compliance”arsenalIt needs to be architected into the overalloperational strategy, alongside strategictools, policies and processes.
  • REGISTER NOW ANDGET 10% OFFDISCOUNT CODE:CHMTD12(Valid until December 10, 2012)• A Preconference Day with 5-7 paralleltechnical workshops, focussed on criticalrole-based skills for Data Professionals.• Two days of conference seminars across 3technical tracks:- Database Administration- Business Intelligence- Data Platform Application Development.Check out www.databasedays.com
  • Questions?Wrap-Up
  • Can Enterprise Roles be Audited? EgAdministrators?• yes, but not out of the box. Adeeper look at how AD groupsand segregations of rights areimplemented is needed, and theapplication of auditing againstthese should then be done.Which Editions is audit available on?• All editions, but with limitations.Enterprise Edition allows formore granular auditing that isunavailable in the other SKU’sWhich SKU’s is PBM available on?Why would reducing the queue delay to 0in the Audit properties have an negativeeffect on performance?• Reducing the delay to 0 tells theaudit feature to work in synchronousmode, so every write to the logneeds to be persisted before it isreleased. This essentially has asimilar effect to what the transactionlog has on the system from a commitperspective.• Also, if flushes occur too frequently, itmay have detrimental effects as thedisk subsystem may be slow oroverloaded.• When set to say 10,000 (10 seconds) itwill only flush the buffer if it is full, orit has reached the timer valuespecified.
  • Contact InfoWrap-Up
  • Email: Charley.Hanania@sqlpass.orgWebsite: http://www.sqlpass.chTwitter: http://www.twitter.com/CharleyHananiaBlog: http://blogs.mssqltips.com/blogs/charleyhananiaLinked-in: http://www.linkedin.com/in/charleyhananiaDatabase Days: http://www.databasedays.com