THE FANTASTIC 12 OF 2012 1 2 3 4 5 6 7 8 9 10 11 12
ORGANIZATIONAL SECURITY & COMPLIANCEHELP ENABLE SECURITY & COMPLIANCE WITH BUILT-IN SECURITY & IT CONTROLS
AUDIT SUPPORTED ON ALL SKUSBasic Audit on all SKUsServer Audit Specs onlyDB Audit Specs for EnterpriseNo longer need SQLTraceEnjoy advantages of AuditPerformanceMultiple Audits and multiple targetsPersist stateAudit Resilience
AUDIT PERFORMANCEDepends upon:The workloadWhat’s being auditedComparison of SQL Server Audit against SQL Trace for 5 differenttypical customer workloads…
OTHER THINGS YOU SHOULD KNOWParameterized queriesAudit Xevent Sessions may not be manipulated by XeventDDL.Audit logs are not encrypted or compressedAudit events are fired with permission checksWriting to files are much faster than to event logNo auditing of result sets
OTHER THINGS YOU SHOULD KNOWBoth Audit and Audit Specifications have STATEparameters.Can only change state outside user transaction.All other audit changes can be done in a transaction, but with Audit or AuditSpecification OFF.
SECURELY AND EASILY TRACK DB ACTIVITYConsider SQL Server Audit for all security auditing requirementsand leverage the 2012 enhancementsCarefully devise a strategy for what needs to be audited andwhere to send the audit information based on security andperformance needsMonitor administrator activity and prevent tampering of thelogs.
EXTENDED EVENTS REFRESHERReal-time data captureNo performance penaltyBased on Event Tracing for Windows (ETW)Full programmability support
EXTENDED EVENTS OBJECT MODELPackagesEvents and ActionsFilters and PredicatesSessionsTargets
WHAT DOES THAT GIVE ME?Errors reportedNon-yielding schedulersDeadlocksInternal and external wait infosp_server_diagnostics outputPersisted to file or in memory
VIEWING A REAL-TIME SNAPSHOT OF SYSTEM_HEALTHSELECT CAST(xet.target_data as xml)FROM sys.dm_xe_session_targets xetJOIN sys.dm_xe_sessions xeON (xe.address = xet.event_session_address)WHERE xe.name = system_health
WHAT OTHER THINGS CAN YOU LOOK AT?SQLserver PackagePage splits – see Jonathan Kehayias blogauto_statsbegin / end transactionOver 500 different items!SQLOS Packagewait_infowait_info_externalspinlock_backoffsSixty different items
• SQL Server delivers industry-leading security (3rd party white paper)• SQL Server delivers industry-leading security (3rd party white paper – updated to include Windows Server)• SQL Server Security Best Practice – Operational and Administrative Tasks• SQL Server Label Security Toolkit for Classified Databases Codeplex• SQL Server Label Security Toolkit for Classified Databases Whitepaper• SQL Server Data Masking Toolkit Codeplex• SQL Server Security Public Web Site• SQL Server Engine Security Blog• PCI 2.0 Compliance with SQL Server• HIPAA Compliance with SQL Server• SQL Server Separation of Duties for Application Developer• SQL Server Separation of Duties for DBA• SQL Server in FIPS 140-2-compliance mode• Enterprise Policy Management Framework with SQL Server