Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
IT Pro DayAuditing in SQL Server2012Charley HananiaPrincipal Consultant, QS2 AG – Quality Software Solutionswww.qs2.ch
Now:• Database Consultant at QS2 AGFormerly:• Production Product Owner of MS SQL Server Platform at UBS Investment BankIT ...
AgendaChapter 2/4
AgendaOverviewSQL Server Audit FrameworkPolicy Based Mgt FrameworkWrap-Up
Overview of regulatory standards and
The Complianceand PolicyEcosystemWhy all this is so important…
1. Identify Issues and Risks2. Develop Policies to mitigate them3. Architect Procedures & Solutions(frameworks) to meet (c...
Major frameworksused for establishing IT controls…
• AICPA/CICA Trust Services, Principles, andCriteria• Carnegie Mellon University Software EngineeringInstitute (CMU/SEI) O...
RelevantTechnologyComponentswithin SQL Server
• Complex DBMS :: packed with features.
SQL Server Audit Framework
FeatureOverviewSQL Server Audit Framework
• Based on Extended Events• Components:SQL Server Audit
• sys.fn_get_audit_file• sys.sp_audit_write• System ViewsSQL Server Audit
Enhancements inSQL Server 2012SQL Server Audit Framework
• SQL Server Auditing is more resistant to auditing destinationfailures• Audit log records additional T-SQL stack frame in...
DemoSQL Server Audit Framework
Policy Based Mgt Framework
FeatureOverviewPolicy Based Mgt Framework
•A framework which exposes sql servers propertiesas facets, allows you to create conditions whichreport back the status of...
ConditionsFacetsPoliciesPolicy Based Management
DemoPolicy Based Mgt Framework
Wrap-Up
SummaryWrap-Up
The Audit Feature is enhanced in SQL Server2012It is a tool in the “Security and Compliance”arsenalIt needs to be architec...
REGISTER NOW ANDGET 10% OFFDISCOUNT CODE:CHMTD12(Valid until December 10, 2012)• A Preconference Day with 5-7 paralleltech...
Questions?Wrap-Up
Can Enterprise Roles be Audited? EgAdministrators?• yes, but not out of the box. Adeeper look at how AD groupsand segregat...
Contact InfoWrap-Up
Email: Charley.Hanania@sqlpass.orgWebsite: http://www.sqlpass.chTwitter: http://www.twitter.com/CharleyHananiaBlog: http:/...
TehDays Basel - Auditing in sql server 2012 - charley hanania - tech days basel 2012
Upcoming SlideShare
Loading in …5
×

TehDays Basel - Auditing in sql server 2012 - charley hanania - tech days basel 2012

545 views

Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

TehDays Basel - Auditing in sql server 2012 - charley hanania - tech days basel 2012

  1. 1. IT Pro DayAuditing in SQL Server2012Charley HananiaPrincipal Consultant, QS2 AG – Quality Software Solutionswww.qs2.ch
  2. 2. Now:• Database Consultant at QS2 AGFormerly:• Production Product Owner of MS SQL Server Platform at UBS Investment BankIT Professional since 1992SQL Server Certified since 1988• On SQL Server since 1995• Version 4 on OS/2Community• Microsoft MVP: SQL Server• PASS Chapter Leader – Switzerland• PASS Regional Mentor – Europe• European PASS Conference Lead• International Event Speaker• MCT Regional Lead (Switzerland)• Database Days Conference Switzerland LeadB.Sc (Computing), MCP, MCDBA, MCITP, MCTS, MCT, Microsoft MVP: SQL Server, MCT Regional Lead (Switzerland)
  3. 3. AgendaChapter 2/4
  4. 4. AgendaOverviewSQL Server Audit FrameworkPolicy Based Mgt FrameworkWrap-Up
  5. 5. Overview of regulatory standards and
  6. 6. The Complianceand PolicyEcosystemWhy all this is so important…
  7. 7. 1. Identify Issues and Risks2. Develop Policies to mitigate them3. Architect Procedures & Solutions(frameworks) to meet (comply with) Policies4. Implement methods to report compliancelevels5. Implement methods & countermeasures forexceptions and comprised systems6. Implement Process Improvementmethodologies for framework maturity
  8. 8. Major frameworksused for establishing IT controls…
  9. 9. • AICPA/CICA Trust Services, Principles, andCriteria• Carnegie Mellon University Software EngineeringInstitute (CMU/SEI) OCTAVE• CICA CoCo – Criteria of Control Framework• CICA IT Control Guidelines• CMMI – Capability Maturity Model Integration• CobiT – Control Objectives for Information andrelated Technology• COSO – Internal Control Integrated Framework• GAISP – Generally Accepted InformationSecurity Principles• ISF Standard of Good Practice for InformationSecurity• ISO 17799:2005• ISO 9000• ITIL – the IT Infrastructure Library• Malcolm Baldridge National Quality Program• Organization for Economic Cooperation andDevelopment (OECD) Principles of CorporateGovernance• OPMMM – Organizational Project ManagementMaturity Model• Six Sigma• OECD - Organization for Economic Cooperationand Development Guidelines on the Protection ofPrivacy and Transborder Flows of Personal Data• NIST SP 800-53 - Recommended SecurityControls for Federal Information Systems• The FFIEC Information Technology ExaminationHandbook seriesThe major players in the IT framework arena are:source: www.unifiedcompliance.comNote: There is no single framework that is all encompassing and "complete" Some frameworks focus on process maturity analysis and others focus more on standardised policies andchecklists. These frameworks are used to bring organisations closer to compliance with one or more regulatory standards
  10. 10. RelevantTechnologyComponentswithin SQL Server
  11. 11. • Complex DBMS :: packed with features.
  12. 12. SQL Server Audit Framework
  13. 13. FeatureOverviewSQL Server Audit Framework
  14. 14. • Based on Extended Events• Components:SQL Server Audit
  15. 15. • sys.fn_get_audit_file• sys.sp_audit_write• System ViewsSQL Server Audit
  16. 16. Enhancements inSQL Server 2012SQL Server Audit Framework
  17. 17. • SQL Server Auditing is more resistant to auditing destinationfailures• Audit log records additional T-SQL stack frame information whenavailable• Audit information is filtered before it is written into the audit target• Maximum number of audit files available• Stored procedure - sp_audit_write• New columns in audit related views and functions
  18. 18. DemoSQL Server Audit Framework
  19. 19. Policy Based Mgt Framework
  20. 20. FeatureOverviewPolicy Based Mgt Framework
  21. 21. •A framework which exposes sql servers propertiesas facets, allows you to create conditions whichreport back the status of those facets, and thencreate policies around those conditions.•You can just report on those or enforce them. Youcan also import and export them and apply them tomultiple servers.Policy Based Management
  22. 22. ConditionsFacetsPoliciesPolicy Based Management
  23. 23. DemoPolicy Based Mgt Framework
  24. 24. Wrap-Up
  25. 25. SummaryWrap-Up
  26. 26. The Audit Feature is enhanced in SQL Server2012It is a tool in the “Security and Compliance”arsenalIt needs to be architected into the overalloperational strategy, alongside strategictools, policies and processes.
  27. 27. REGISTER NOW ANDGET 10% OFFDISCOUNT CODE:CHMTD12(Valid until December 10, 2012)• A Preconference Day with 5-7 paralleltechnical workshops, focussed on criticalrole-based skills for Data Professionals.• Two days of conference seminars across 3technical tracks:- Database Administration- Business Intelligence- Data Platform Application Development.Check out www.databasedays.com
  28. 28. Questions?Wrap-Up
  29. 29. Can Enterprise Roles be Audited? EgAdministrators?• yes, but not out of the box. Adeeper look at how AD groupsand segregations of rights areimplemented is needed, and theapplication of auditing againstthese should then be done.Which Editions is audit available on?• All editions, but with limitations.Enterprise Edition allows formore granular auditing that isunavailable in the other SKU’sWhich SKU’s is PBM available on?Why would reducing the queue delay to 0in the Audit properties have an negativeeffect on performance?• Reducing the delay to 0 tells theaudit feature to work in synchronousmode, so every write to the logneeds to be persisted before it isreleased. This essentially has asimilar effect to what the transactionlog has on the system from a commitperspective.• Also, if flushes occur too frequently, itmay have detrimental effects as thedisk subsystem may be slow oroverloaded.• When set to say 10,000 (10 seconds) itwill only flush the buffer if it is full, orit has reached the timer valuespecified.
  30. 30. Contact InfoWrap-Up
  31. 31. Email: Charley.Hanania@sqlpass.orgWebsite: http://www.sqlpass.chTwitter: http://www.twitter.com/CharleyHananiaBlog: http://blogs.mssqltips.com/blogs/charleyhananiaLinked-in: http://www.linkedin.com/in/charleyhananiaDatabase Days: http://www.databasedays.com

×