Enforcing compliancewithpbm kensimmons

746 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
746
On SlideShare
0
From Embeds
0
Number of Embeds
116
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Enforcing compliancewithpbm kensimmons

  1. 1. Enforcing Compliance With Policy-Based Management<br />Ken Simmons, DBA<br />
  2. 2. Contact Info<br />Blog: http://cybersql.blogspot.com/<br />Email: kensimmonsii@gmail.com<br />Twitter: @KenSimmons<br />LinkedIN: http://www.linkedin.com/in/kensimmons<br />
  3. 3. What is Compliance?<br />“Conformity in fulfilling official requirements”*<br />External Regulations<br />HIPAA<br />SOX<br />PCI<br />Internal Standards<br />Naming Conventions<br />http://www.flickr.com/photos/dunechaser/220636504/<br />*http://www.merriam-webster.com/dictionary/compliance<br />
  4. 4. More than 494 million records have been breached since 2005*<br />Unintended Disclosure <br />Payment Card Fraud<br />Physical Loss (Non-Electronic) <br />Insider<br />Hacking or Malware<br />Portable Device Loss<br />Stationary Device Loss<br />Why Does Compliance Matter?<br />474 million<br />http://www.flickr.com/photos/bheathr/2253526798<br />*http://www.privacyrights.org/data-breach/<br />
  5. 5. What’s The Process?<br />Identify Risks<br />Develop Policies To Mitigate Risks<br />Ensure Policies Are Being Enforced<br />Risk Management<br />Governance<br />Compliance<br />
  6. 6. Policy-Based Management Can Help!<br />Gives you the ability to define and enforce standards<br />Auditors Love Policies<br />It is NOT and Enterprise Edition Feature<br />http://www.flickr.com/photos/dunechaser/489467800/<br />
  7. 7. The BIG Picture<br />Servers<br />CMS SQL 2008<br />
  8. 8. EPMFramework<br />http://epmframework.codeplex.com<br />
  9. 9. PBM L33T Speak<br />Targets are objects such as a Instances, Databases, Tables, etc.<br />Facets expose logical groupings of properties for those objects.<br />Conditions are made up of expressions exposed by the properties from a single Facet.<br />A Policy evaluates a Condition against one or more Targets.<br />
  10. 10. Creating Policies<br />Export the Current State of an Object<br />Import Predefined Policies<br />Create Custom Policies Based on Facets<br />Create Custom Policies using Advanced Conditions<br />
  11. 11. Evaluating Policies<br />On Demand<br />Can “Auto Fix” Certain Violations<br />OnSchedule<br />Uses SQL Agent Job<br />On Change – Log Only<br />Writes Violations to SQL and Windows Log<br />On Change – Prevent <br />Uses DDL Triggers to Rollback Changes<br />
  12. 12. Demo<br />http://www.flickr.com/photos/winterhalter/2883847843/<br />
  13. 13. Alerts<br />Error Number by Evaluation Mode<br />On change: prevent (automatic), 34050<br />On change: prevent (on demand), 34051<br />On schedule, 34052<br />On change, 34053<br />Prerequisites<br />Configure Database Mail<br />Create Operator<br />Configure SQL Agent<br />
  14. 14. Server Configuration<br />Predefined Best Practice Policies<br /><ul><li>SAC for Database Engine 2005 and 2000 Features
  15. 15. SAC for Database Engine 2008 Features</li></ul>Service Account<br />Server Facet: Service Account != 'LocalSystem'<br />Log Retention<br />Server Facet: NumberOfLogFiles = 99<br />
  16. 16. Security<br />Advanced Conditions<br /><ul><li>No BuiltinAdministrators
  17. 17. SELECT COUNT(*) FROM sysloginsWHERE name = 'BuiltinAdministrators'
  18. 18. SA Account Disabled
  19. 19. SELECT COUNT(*)FROM sysloginsWHERE name = 'sa' ANDis_disabled = 0</li></ul>Note: Using syslogins instead of sys.server_principals allows you to evaluate SQL 2000 Instances<br />
  20. 20. Encryption<br />Predefined Best Practice Policies<br />Asymmetric Key Encryption Algorithm<br />Symmetric Key Encryption for User Databases<br />Symmetric Key for master Database<br />Symmetric Key for System Databases<br />Transparent Data Encryption<br />Database Facet: EncryptionEnabled = True<br />Extensible Key Management<br />Server Configuration Facet: ExtensibleKeyManagementEnabled = True<br />
  21. 21. Audit<br />Predefined Best Practice Policies<br />SQL Server Default Trace<br />Login Auditing<br />Server Audit Facet: LoginAuditLevel = All<br />SQL Server Audit<br />Server Facet: AuditLevel = All<br />Audit Facet: Enabled = True & OnFailure = Shutdown<br />Database Audit Specification Facet: Enabled = True<br />Server Audit Specification Facet: Enabled = True<br />
  22. 22. Resources<br />Pro SQL Server 2008 Policy-Based Management<br />http://www.apress.com/book/view/9781430229100<br />MSDN Policy-Based Management Blog<br />http://blogs.msdn.com/sqlpbm/<br />SQL Server 2008 Compliance Guide<br />http://www.microsoft.com/downloads/details.aspx?FamilyId=6E1021DD-65B9-41C2-8385-438028F5ACC2&displaylang=en<br />Deploying SQL Server 2008 Based on PCI DSS<br />http://www.parentebeard.com/Uploads/Files/Deploying_SQL_Server_2008_Based_on_PCI_DSS.PDF<br />
  23. 23. Questions?<br />

×