TehDays Basel - Auditing in sql server 2012 - charley hanania - tech days basel 2012


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • SQL Server as a complex DBMS comes packed with features to cover a wide range of operational and development needs.A group of complementing components focus on Operational Security and Compliance, such as:
  • TehDays Basel - Auditing in sql server 2012 - charley hanania - tech days basel 2012

    1. 1. IT Pro DayAuditing in SQL Server2012Charley HananiaPrincipal Consultant, QS2 AG – Quality Software Solutionswww.qs2.ch
    2. 2. Now:• Database Consultant at QS2 AGFormerly:• Production Product Owner of MS SQL Server Platform at UBS Investment BankIT Professional since 1992SQL Server Certified since 1988• On SQL Server since 1995• Version 4 on OS/2Community• Microsoft MVP: SQL Server• PASS Chapter Leader – Switzerland• PASS Regional Mentor – Europe• European PASS Conference Lead• International Event Speaker• MCT Regional Lead (Switzerland)• Database Days Conference Switzerland LeadB.Sc (Computing), MCP, MCDBA, MCITP, MCTS, MCT, Microsoft MVP: SQL Server, MCT Regional Lead (Switzerland)
    3. 3. AgendaChapter 2/4
    4. 4. AgendaOverviewSQL Server Audit FrameworkPolicy Based Mgt FrameworkWrap-Up
    5. 5. Overview of regulatory standards and
    6. 6. The Complianceand PolicyEcosystemWhy all this is so important…
    7. 7. 1. Identify Issues and Risks2. Develop Policies to mitigate them3. Architect Procedures & Solutions(frameworks) to meet (comply with) Policies4. Implement methods to report compliancelevels5. Implement methods & countermeasures forexceptions and comprised systems6. Implement Process Improvementmethodologies for framework maturity
    8. 8. Major frameworksused for establishing IT controls…
    9. 9. • AICPA/CICA Trust Services, Principles, andCriteria• Carnegie Mellon University Software EngineeringInstitute (CMU/SEI) OCTAVE• CICA CoCo – Criteria of Control Framework• CICA IT Control Guidelines• CMMI – Capability Maturity Model Integration• CobiT – Control Objectives for Information andrelated Technology• COSO – Internal Control Integrated Framework• GAISP – Generally Accepted InformationSecurity Principles• ISF Standard of Good Practice for InformationSecurity• ISO 17799:2005• ISO 9000• ITIL – the IT Infrastructure Library• Malcolm Baldridge National Quality Program• Organization for Economic Cooperation andDevelopment (OECD) Principles of CorporateGovernance• OPMMM – Organizational Project ManagementMaturity Model• Six Sigma• OECD - Organization for Economic Cooperationand Development Guidelines on the Protection ofPrivacy and Transborder Flows of Personal Data• NIST SP 800-53 - Recommended SecurityControls for Federal Information Systems• The FFIEC Information Technology ExaminationHandbook seriesThe major players in the IT framework arena are:source: www.unifiedcompliance.comNote: There is no single framework that is all encompassing and "complete" Some frameworks focus on process maturity analysis and others focus more on standardised policies andchecklists. These frameworks are used to bring organisations closer to compliance with one or more regulatory standards
    10. 10. RelevantTechnologyComponentswithin SQL Server
    11. 11. • Complex DBMS :: packed with features.
    12. 12. SQL Server Audit Framework
    13. 13. FeatureOverviewSQL Server Audit Framework
    14. 14. • Based on Extended Events• Components:SQL Server Audit
    15. 15. • sys.fn_get_audit_file• sys.sp_audit_write• System ViewsSQL Server Audit
    16. 16. Enhancements inSQL Server 2012SQL Server Audit Framework
    17. 17. • SQL Server Auditing is more resistant to auditing destinationfailures• Audit log records additional T-SQL stack frame information whenavailable• Audit information is filtered before it is written into the audit target• Maximum number of audit files available• Stored procedure - sp_audit_write• New columns in audit related views and functions
    18. 18. DemoSQL Server Audit Framework
    19. 19. Policy Based Mgt Framework
    20. 20. FeatureOverviewPolicy Based Mgt Framework
    21. 21. •A framework which exposes sql servers propertiesas facets, allows you to create conditions whichreport back the status of those facets, and thencreate policies around those conditions.•You can just report on those or enforce them. Youcan also import and export them and apply them tomultiple servers.Policy Based Management
    22. 22. ConditionsFacetsPoliciesPolicy Based Management
    23. 23. DemoPolicy Based Mgt Framework
    24. 24. Wrap-Up
    25. 25. SummaryWrap-Up
    26. 26. The Audit Feature is enhanced in SQL Server2012It is a tool in the “Security and Compliance”arsenalIt needs to be architected into the overalloperational strategy, alongside strategictools, policies and processes.
    27. 27. REGISTER NOW ANDGET 10% OFFDISCOUNT CODE:CHMTD12(Valid until December 10, 2012)• A Preconference Day with 5-7 paralleltechnical workshops, focussed on criticalrole-based skills for Data Professionals.• Two days of conference seminars across 3technical tracks:- Database Administration- Business Intelligence- Data Platform Application Development.Check out www.databasedays.com
    28. 28. Questions?Wrap-Up
    29. 29. Can Enterprise Roles be Audited? EgAdministrators?• yes, but not out of the box. Adeeper look at how AD groupsand segregations of rights areimplemented is needed, and theapplication of auditing againstthese should then be done.Which Editions is audit available on?• All editions, but with limitations.Enterprise Edition allows formore granular auditing that isunavailable in the other SKU’sWhich SKU’s is PBM available on?Why would reducing the queue delay to 0in the Audit properties have an negativeeffect on performance?• Reducing the delay to 0 tells theaudit feature to work in synchronousmode, so every write to the logneeds to be persisted before it isreleased. This essentially has asimilar effect to what the transactionlog has on the system from a commitperspective.• Also, if flushes occur too frequently, itmay have detrimental effects as thedisk subsystem may be slow oroverloaded.• When set to say 10,000 (10 seconds) itwill only flush the buffer if it is full, orit has reached the timer valuespecified.
    30. 30. Contact InfoWrap-Up
    31. 31. Email: Charley.Hanania@sqlpass.orgWebsite: http://www.sqlpass.chTwitter: http://www.twitter.com/CharleyHananiaBlog: http://blogs.mssqltips.com/blogs/charleyhananiaLinked-in: http://www.linkedin.com/in/charleyhananiaDatabase Days: http://www.databasedays.com