Auditing in Microsoft SQL Server 2012 Il-Sung Lee Program Manager Microsoft Corporation DBI407.

Slides:



Advertisements
Similar presentations
DBI402. SQL Server Specialist, Financial Industry Boston, MA Conference and INETA Speaker Connections, PASS, TechEd, DevTeach, etc. Author SQL Server.
Advertisements

Kevin Donovan Program Manager, Office BI Microsoft Corporation
Upgrading SSIS Packages to SQL Server 2012 Sven Aelterman Lecturer in Information Systems & Web/Technology Specialist Troy University, Sorrell College.
What's New in Microsoft Deployment Toolkit 2012 Michael Niehaus Senior Program Manager Microsoft Corporation.
Troubleshooting Windows 7 Deployments Michael Niehaus Senior Program Manager Microsoft Corporation.
Customizing the User State Migration Tool Michael Niehaus Senior Program Manager Microsoft Corporation WCL322.
Chapter 9 Auditing Database Activities
Data Mining 2012 with Microsoft Excel 2010 and PowerPivot Mark Tabladillo, Ph.D. Microsoft MVP, Data Mining Architect MarkTab Consulting DBI204.
How to Tell Your Manager You Need Quotas on Your Mailboxes Bhargav Shukla Sr. Premier Field Engineer Microsoft Corporation EXL203.
Business Continuity Solutions for SQL Database* applications on Windows Azure Alexander (Sasha) Nosov Principal Program Manager Microsoft.
Delivering KPIs with Microsoft SQL Server Analysis Services
Operating and Optimizing Multi-Tenant SaaS Applications in Windows Azure: An IT Pro Perspective Rainer Stropek CEO, Co-Founder software architects gmbh.
SQL Azure Administration and Application Self-Servicing Michal Lesiczka Program Manager Microsoft Corporation Vinod Jagannathan Program Manager Microsoft.
4/19/2017 7:47 PM DBI311 Microsoft SQL Server Data Tools: Database Development from Zero to Sixty Gert Drapers Principal Group Program Manager.
Il-Sung Lee Senior Program Manager Microsoft Corporation DAT304.
OLE and ODBC: Taming the Technologies The Third Annual Perl Conference, 1999 Sunday, August 22, 1999Roth Consulting ODBC.
Configuring Kerberos for Microsoft SharePoint 2010 BI in 7 Steps (SQL Server 2012) Chuck Heinzelman Senior Program Manager – BPD CX Microsoft Corporation.
Getting Exchange and SharePoint to Play Together J. Peter Bruzzese Exchange MVP, MCSE, MCT Exchange/SharePoint Administration Instructor for TrainSignal.
Optimizing Microsoft SQL Server Analysis Services for Big Data Adam Jorgensen Microsoft Corporation.
SQL Server Columnstore Performance Tuning Eric N Hanson Principal Program Manager Microsoft Corporation.
Ch 11 Managing System Reliability and Availability 1.
Exploring SQL Server Data Tier Applications Bob Beauchemin Developer Skills Partner SQLskills DBI309.
Best Practices and Lessons Learned: Private Cloud Deployment in the Enterprise Ryan Sokolowski Senior Consultant, Microsoft Consulting Services Microsoft.
Keep Your Information Safe! Josh Heller Sr. Product Manager Microsoft Corporation SIA206.
Using the Windows Server 2012 Server Manager for Remote and Multi-Server Management Wale Martins Senior Program Manager Microsoft Corporation WSV335.
DBI Meets mission critical high availability SLA Integrated Efficient Flexible.
1099 Why Use InterBase? Bill Todd The Database Group, Inc.
SQLCAT: SQL Server HA and DR Design Patterns, Architectures, and Best Practices Using Microsoft SQL Server 2012 AlwaysOn Sanjay Mishra Program Manager.
What's New with IIS 8 Performance, Scalability, and Security Robert McMurray Program Manager Microsoft Corporation WSV332.
Oracle Data Integrator Procedures, Advanced Workflows.
ASP.NET for Mobile and Tablet Development Damian Edwards Senior Program Manager Microsoft Corporation.
Building Self-Service BI Applications Using PowerPivot Julie Strauss Senior Program Manager Lead Microsoft Corporation DBI301.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 9 Auditing Database Activities.
Crouching Admin, Hidden Hacker Techniques for Hiding and Detecting Traces Paula Januszkiewicz Penetration Tester, MVP: Enterprise Security, MCT iDesign.
1 Introduction to Auditing Auditing allows you to track User activities. Microsoft Windows 2000 activities. Windows 2000 records events in the security.
App Controller Tabrez Mohammed Yuan Zheng Program Managers Microsoft Corporation MGT303.
Microsoft SQL Server Data Tools: Database Development from Zero to Sixty Gert Drapers Principal Group Program Manager Microsoft Corporation.
Oracle Architecture - Structure. Oracle Architecture - Structure The Oracle Server architecture 1. Structures are well-defined objects that store the.
Cloud-Ready Data Services. cloud data services.
Windows 7, Configuring. Exam Cram : Configuring Windows 7 Bob Reinsch Senior Technical Instructor Centriq Training, Kansas City (USA)
Log Shipping, Mirroring, Replication and Clustering Which should I use? That depends on a few questions we must ask the user. We will go over these questions.
Customer challenges Security features Protect data-at-rest Transparent Data Encryption Data/Key separation Extensible Key Managements Use strong authentication.
Integrating SQL Server FileTables, Property Search, and FTS/Semantic Search Bob Beauchemin Developer Skills Partner SQLskills.
DBI401 Customer challenges Protect data-at-rest Transparent Data Encryption Data/Key separation Extensible Key Managements Use strong authentication.
Running Reporting Services in SharePoint Integrated Mode: How and Why
6/16/2018 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Introduction to SQL Server Management for the Non-DBA
Auditing in SQL Server 2008 DBA-364-M
Enriching your BI Semantic Models with Data Analysis Expressions (DAX)
Building the Perfect BI Semantic Model for Power View
SIA304 Learning the Basics of Penetration Testing!
11/21/2018 4:57 AM SIA303 Advanced Persistent Threats (APT): Understanding the New Era of Attacks! Marcus Murray Security Team Manager, Microsoft MVP –
Tech·Ed North America /21/2018 6:42 PM
TechEd /23/ :44 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.
TechEd /24/2018 8:21 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.
Better Together: Secure SQL Server on Secure Windows
Auditing in Microsoft SQL Server 2012
The Dirty Dozen: Windows PowerShell Scripts for the Busy DBA
TechEd /11/ :54 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.
TechEd /18/2019 2:43 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Optimizing SQL Server Performance in a Virtual Environment
Pushing Data to and from the Cloud with SQL Azure Data Sync
TechEd /11/ :25 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.
Mikael Nystrom Senior Executive Consultant TrueSec
Service Template Creation from the Ground Up
Running Reporting Services in SharePoint Integrated Mode: How and Why
SharePoint Server Assessment Results
Il-Sung Lee, Jack Richins Microsoft Corp
Presentation transcript:

Auditing in Microsoft SQL Server 2012 Il-Sung Lee Program Manager Microsoft Corporation DBI407

Audit supported on all SKUsImproved ResilienceUser-Defined Audit EventRecord FilteringT-SQL Stack Information

SQL Server Express 6

Select… Rollback 7

Audit Log hr.viewsalaryhr.viewsalary hr.payrollhr.payroll exec hr.viewsalary select salary from hr.payroll

demo T-SQL Stack Information

exec sp_audit_write 1234, 1, @user_defined_info Audit Log

demo User-Defined Audit Event

CREATE SERVER AUDIT audit_name TO { [ FILE ( [,...n ]) ] | APPLICATION_LOG | SECURITY_LOG } [ WITH ( [,...n ] ) ] [ FILTER = ] } … ::= { [ NOT ] | {( ) } [ { AND | OR } [ NOT ] { | ( ) } ] [,...n ] }

demo Record Filtering

Workload 1Workload 2Workload 3Workload 4Workload 5 11 dbs, ranging from 1.94 MB to MB. 755 tables with average of 2761 rows 1,219,234 stmts executed. 2 dbs ranging from 64 MB to MB 35 tables with average of 49,141 rows 1,633,557 stmts executed 3 dbs ranging from 1.94 MB to MB 154 tables with average of 586 rows, Here is the activity 585,400 stmts executed 1 db at MB 84 tables with average of 144,245 rows 3,435,303 stmts executed. 1 db at MB 152 tables with average of 4,108 rows 296,642 stmts executed.

Windows Security Log “Tamper-proof” log DBA cannot clear log (assuming not an Administrator) System Center Operations Manager Audit Collection Service Copy Audit logs to secure location Directory or share inaccessible by service account or DBA Audit logs files are shared-read and cannot be tampered with while active Possible momentary exposure if using multiple logs Combination of the two Audit “tamper” activity to Security Log, e.g., DBA modifying Audit All other Audit events are sent to file

Audit Events Buffered Audit buffer size varies but is around 4MB (equivalent to at least 170 events, depending upon statement text) Server Blocks New Activity Generating Audit Event Does not effect other Audits Blocks until buffer space freed or audit disabled Audit Session Turned Off Buffered data is discarded and error written to errorlog Continue trying to write future events to Audit log Automatically try to restart Audit session when next event is generated Buffer filled System error

Audit Events Buffered Audit buffer size varies but is around 4MB (equivalent to at least 170 events, depending upon statement text) Server Fails New Activity Generating Audit Event Does not effect other Audits Fails new operations until buffer space freed or audit disabled Buffered audit events persist and continuously re-attempted tp write until audit disabled or server shut down Buffer filled

Option 1 Correct source of error E.g., file system full Option 2 Single-user mode, “-m” Audit is active but shutdown-on-failure behavior deactivated Audit Admin can fix Audit configuration Option 3 Minimal configuration mode, “-f” Audit disabled but Audit DDL can still be issued. Bonus If “Fail Operation” and “AUDIT_ CHANGE_GROUP”, use DAC connection Audit event still generated but will not fail operation

demo Using SQL Server Audit with Policy-Based Management

Bare Metal Microsoft SQL Server 2012 Deployment and Management (S. Hall B WRK Rm 1) Microsoft SQL Server: Mission Critical Confidence - Organizational Security and Compliance Demo Station (S. Hall A) Find Me Later At The Mission Critical Booth In The Expo

Il-Sung Lee /b/sqlsecurity/ I’m not a tweeter

Connect. Share. Discuss. Learning Microsoft Certification & Training Resources TechNet Resources for IT Professionals Resources for Developers

Required Slide Complete an evaluation on CommNet and enter to win!