Building a Home Grown Auditing Infrastructure for SQL Server

Slides:

Advertisements

Similar presentations

Complete Event Log Viewing, Monitoring and Management.

Advertisements

Your Data Any Place, Any Time Manageability. SQL Server 2008 Manageability Challenges Challenges face database administrators today : Managing complex.

Andy van den Biggelaar SecIdm Specialist Wortell

Dan Stolts Chief Technology Strategist Microsoft Corporation Blog: Managing and Monitoring Critical Infrastructure.

Compliance on Demand. Introduction ComplianceKeeper is a web-based Licensing and Learning Management System (LLMS), that allows users to manage all Company,

Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.

Slide 1 of 9 Presenting 24x7 Scheduler The art of computer automation Press PageDown key or click to advance.

Talend 5.4 Architecture Adam Pemble Talend Professional Services.

Module 13 Automating SQL Server 2008 R2 Management.

Computer Associates Solutions Managing eBusiness Catalin Matei, April 12, 2005

Copyright © 2007 Quest Software The Changing Role of SQL Server DBA’s Bryan Oliver SQL Server Domain Expert Quest Software.

Maintaining a Microsoft SQL Server 2008 Database SQLServer-Training.com.

SQL Server Integration Services (SSIS) Presented by Tarek Ghazali IT Technical Specialist Microsoft SQL Server (MVP) Microsoft Certified Technology Specialist.

User Manager Pro Suite Taking Control of Your Systems Joe Vachon Sales Engineer November 8, 2007.

Intro to SQL Server Performance Tuning By Robert Biddle.

Informix IDS Administration with the New Server Studio 4.0 By Lester Knutsen My experience with the beta of Server Studio and the new Informix database.

Learningcomputer.com SQL Server 2008 – Administration, Maintenance and Job Automation.

IT 456 Seminar 5 Dr Jeffrey A Robinson. Overview of Course Week 1 – Introduction Week 2 – Installation of SQL and management Tools Week 3 - Creating and.

Module 15 Monitoring SQL Server 2008 R2 with Alerts and Notifications.

4/24/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

Online Conference June 17 th and 18 th SharePoint Online Administration with PowerShell.

SQL Server 2008 R2 Manageability. Challenges facing database administrators today: Scaling management to multiple data centers Proactively monitoring.

What's New for Build Automation in Team Foundation Server 2015 Paul Hacker Solution Architect, Microsoft ALM MVP.

IT System Administration Lesson 3 Dr Jeffrey A Robinson.

Continuous Deployments using SSDT

6/13/2015 Visit the Sponsor tables to enter their end of day raffles. Turn in your completed Event Evaluation form at the end of the day in the Registration.

Rob Sewell Making PowerShell Useful Real-Life Examples of Powershell in Action Slides available here -

Manage your projects efficiently and on a high level PROJECT MANAGEMENT SYSTEM Enovatio Projects Efficient project management Creating project plans Increasing.

Performing a SQL Server Security Risk Assessment K. Brian Kelley, Microsoft Data Platform (SQL Server) MVP.

Get to know SQLDocKit!. Monitoring and administration solutions for SharePoint, Office 365, Windows Servers, Remote Desktop Services, and Citrix admins.

Others Talk, We Listen. Managing Database Projects in Visual Studio 2013.

Moderator Don Pearson Chief Strategy Officer Inductive Automation.

SQL Database Management

1 DB2 Access Recording Services Auditing DB2 on z/OS with “DBARS” A product developed by Software Product Research.

Smarter Technology for Better Business

Performing a SQL Server Security Risk Assessment

Shared Services with Spotfire

Outsourcing Database Administration

Get to know SQL Manager SQL Server administration done right

Protecting Data Across the Environment

Policy Based Management: Introduction & implementation

DBA and IT Professional for ~9 years. Currently I am a Data Architect

Policy Based Management: Introduction & implementation

Example of a page header

Planning an Effective Upgrade from SQL Server 2008

SQL Server Security For Everyone

Basic Work-Flow with SQL Server Standard

Deploying and Configuring SSIS Packages

DevOps Database Administration

SharePoint Saturday Omaha April 2016

The Dirty Business of Auditing

DevOps Database Administration

Making PowerShell Useful

SQL Server Security from the ground up

Migrating your SQL Server Instance

dbatools - PowerShell and SQL Server Working Together

SQL Server Agent The Life Preserver for the Drowning DBA Lance Tidwell.

Limiting SQL Server Exposure

DBA for ~4+years, IT Professional for 7.5 years.

Making PowerShell Useful

DAT381 Team Development with SQL Server 2005

Back-End Data Security

Outsourcing Database Administration

SSDT and Database Project Basics

BMC Automation Portal Update

Governing Your Enterprise with Policy-Based Management

SQL Server Security from the ground up

Managing the mystery database

Dimension Load Patterns with Azure Data Factory Data Flows

Presentation transcript:

Building a Home Grown Auditing Infrastructure for SQL Server K. Brian Kelley

About Me Infrastructure and security architect Database Administrator / Architect Former Incident Response team lead Certified Information Systems Auditor (CISA) SQL Server security columnist / blogger Editor for SQL Server benchmarks at Center for Internet Security

Contact Information K. Brian Kelley Email: kbriankelley@acm.org Twitter: @kbriankelley Infrastructure/Security Blog: http://truthsolutions.wordpress.com Personal Development Blog: http://gkdba.wordpress.com

Agenda What to Audit How to Audit Reporting Your Results Taking Auditing One Step Further

Agenda What to Audit How to Audit Reporting Your Results Taking Auditing One Step Further

Auditing Too Little Compliance / Regulatory requirements Organizational procedures & standards Comfort level to track change Real time notifications?

Auditing Too Much More means slower to process & get results More means more storage required (cost) More means more complex reporting How much is too much? Can you find the details you need?

Design Philosophy Where to filter? If you filter during the collection, you’ll never have the events/info If you filter during the reporting, you slow collection & reporting This sounds like a data warehouse problem – It is! (more on this later)

Agenda What to Audit How to Audit Reporting Your Results Taking Auditing One Step Further

Tools to Use – The Data sys.server_principals sys.database_principals sys.server_role_members sys.database_role_members sys.databases sys.server_permissions sys.database_permissions

Tools to Use – Retrieving Data DDL Triggers Extended Events Linked Servers SSIS Packages PowerShell scripts SQL Server Agent Task Scheduler

Tool Spotlight – DDL Triggers Including Logon Triggers in this Can fire on particular actions Work across all supported versions of SQL Server If there’s a problem with the trigger, action will be blocked (including login)

Tool Spotlight – Extended Events Each new version has expanded Know what events you have on based on version Useful for alerting Set up to be active at SQL Server service start up

Tool Spotlight - SSIS Does require Integration Services to be installed Does require package development Think about what we’re talking about: Extracting Data Comparing Data (Transforming) Loading Data May be easier than PowerShell for you

Tool Spotlight - PowerShell “Swiss Army Knife” Doesn’t require BIDS/SSDT or BIML/Mist Harder to extract and load data than SSIS Doesn’t have additional licensing cost

Tool Spotlight – SQL Server Agent You’re going to want to automate collection Outstanding scheduler / job engine Better than Task Scheduler Can run from audit collection database server

Simple Audit DB Design Instances Databases Logins You’re going to need more than this. This small sample shows some of the issues.

Sample Audit DB Schema

What Are We Missing? Historic tracking of changes Who did what and when Other relevant properties – database example Recovery model TDE Trustworthy?

Agenda What to Audit How to Audit Reporting Your Results Taking Auditing One Step Further

Focus on Reporting / Tracking Collecting and storing data is relatively easy Figure out how to compare data to show change Figure out how to filter to only produce what is needed Executives & Management Auditors Application Teams

Reporting & Tracking We’re basically talking a data warehouse: Stage environment to take in data Compare stage environment to previous “warehouse” Store changes for reporting Update “warehouse” for additional reporting

Agenda What to Audit How to Audit Reporting Your Results Taking Auditing One Step Further

Where to Go from Here? Exporting key data into other systems Monitoring the automation Third Party solutions Correcting detected issues automatically

Agenda What to Audit How to Audit Reporting Your Results Taking Auditing One Step Further

Contact Information K. Brian Kelley Email: kbriankelley@acm.org Twitter: @kbriankelley Infrastructure/Security Blog: http://truthsolutions.wordpress.com Personal Development Blog: http://gkdba.wordpress.com