[Limited Access] Content:  Purpose  Mechanism  Difficulty  Proposal Database Security & Audit Proposal.

Slides:



Advertisements
Similar presentations
MySQL Access Privilege System
Advertisements

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Security Pertemuan 7 Matakuliah: T0413 Tahun: 2009.
1 Auditing the DBA: What non-technical managers and auditors should know. Presented By Cam Larner Cam Larner President President Absolute Technologies,
Miss Scarlet with a lead pipe, in the library Players: 3 to 6 Contents: Clue game board, six suspect tokens, six murder weapons, 21 cards, secret envelope,
Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.
Chapter 9 Security. Endpoints  A SQL Server endpoint is the point of entering into SQL Server.  It is implemented as a database object that defines.
Logins, Roles and Credentials Lesson 14. Skills Matrix.
Database Management System
Chapter 9 Auditing Database Activities
Anil Desai SQL Saturday #35 (Dallas, TX).  Anil Desai ◦ Independent consultant (Austin, TX) ◦ Author of several SQL Server books ◦ Instructor, “Implementing.
System Administration Accounts privileges, users and roles
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Brian Alderman | MCT, CEO / Founder of MicroTechPoint Pete Harris | Microsoft Senior Content Publisher.
Mike Fal - SQL SERVER SECURITY GRANTING, CONTROLLING, AND AUDITING DATABASE ACCESS March 17, 2011.
Database Security Managing Users and Security Models.
Adapted from Afyouni, Database Security and Auditing DB Auditing Examples (Ch. 9) Dr. Mario Guimaraes.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Administration of Users Dr. Gabriel. 2 Documentation of User Administration Part of the administration process Reasons to document: –Provide a paper trail.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Today’s Objectives Chapters 10 and 11 Security in SQL Server –Manage server logins and database users. –Manage server-level, database-level, and application.
Week 6 Lecture 2 System and Object Privileges. Learning Objectives  Identify and manage system and object privileges  Grant and revoke privileges to.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Chapter 6 : Designing SQL Server Service-Level Security MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide.
Security David Frommer Principal Architect Business Intelligence Microsoft Partner of the Year 2005 & 2007.
MICROSOFT SQL SERVER 2005 SECURITY  Special Purpose Logins and Users  SQL Server 2005 Authentication Modes  Permissions  Roles  Managing Server Logins.
MISSION CRITICAL COMPUTING Moving Data and Other Planning Considerations.
Module 4: Managing Security. Overview Implementing an Authentication Mode Assigning Login Accounts to Users and Roles Assigning Permissions to Users and.
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Module 14 Configuring Security for SQL Server Agent.
Copyright © 2013 Curt Hill Database Security An Overview with some SQL.
Module 10 Assigning Server and Database Roles. Module Overview Working with Server Roles Working with Fixed Database Roles Creating User-defined Database.
Managing users and security Akhtar Ali. Aims Understand and manage profiles Understand and manage users Understand and manage privileges Understand and.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 9 Auditing Database Activities.
Securing SQL Server 2005 Anil Desai. Speaker Information Anil Desai –Independent consultant (Austin, TX) –Author of several SQL Server books –Instructor,
Lara Microsoft. What does it mean? Why do you need to care? How can you achieve your SoD goals?
Permissions Lesson 13. Skills Matrix Security Modes Maintaining data integrity involves creating users, controlling their access and limiting their ability.
Database Security. Multi-user database systems like Oracle include security to control how the database is accessed and used for example security Mechanisms:
INTRO TO SQL SERVER SECURITY By Robert Biddle
Chapter 5 : Integrity And Security  Domain Constraints  Referential Integrity  Security  Triggers  Authorization  Authorization in SQL  Views 
IST 318 Database Administration Lecture 9 Database Security.
SQL Server 2005 Implementation and Maintenance Chapter 6: Security and SQL Server 2005.
SQL Server Administration. Overview  Security  Server roles  Database roles  Object permissions  Application roles  Managing data  Backups  Restoration.
Database Security. Multi-user database systems like Oracle include security to control how the database is accessed and used for example security Mechanisms:
Intro To Oracle :part 1 1.Save your Memory Usage & Performance. 2.Oracle Login ways. 3.Adding Database to DB Trees. 4.How to Create your own user(schema).
1 Copyright © 2009, Oracle. All rights reserved. Controlling User Access.
Database Security. Introduction to Database Security Issues (1) Threats to databases Loss of integrity Loss of availability Loss of confidentiality To.
SQL Server Security The Low Hanging Fruit. Lindsay Clark Database Administrator at American Credit Acceptance
WELCOME! SQL Server Security. Scott Gleason This is my 9 th Jacksonville SQL Saturday Over ten years DBA experience Director of Database Operations
15 Copyright © Oracle Corporation, All rights reserved. Managing Users.
ORACLE's Approach ORALCE uses a proprietary mechanism for security. They user OLS.... ORACLE Labeling Security. They do data confidentiality They do adjudication.
SQL Database Management
Administrating a Database
SQL Server Security & Intrusion Prevention
Recommended Practices & Fundamentals
Microsoft SQL Server 2014 for Oracle DBAs Module 8
Oracle structures on database applications development
Database Security.
Access, Users, Permissions
Introduction to SQL Server 2000 Security
Database Security.
Designing Database Solutions for SQL Server
2018 Microsoft Exam - Get Microsoft PDF With Actual Questions Answers
The Dirty Business of Auditing
5 WAYS TO BYPASS *OR ENSURE* SQL SERVER SECURITY MATT MARTIN
Create New User in Database. First Connect the System.
Copyright © 2013 – 2018 by Curt Hill
PLANNING A SECURE BASELINE INSTALLATION
Administrating a Database
We Need To Talk Security
Presentation transcript:

[Limited Access] Content:  Purpose  Mechanism  Difficulty  Proposal Database Security & Audit Proposal

[Limited Access] 1. Purpose >Insure data security and not be modified arbitrarily >All operations to Sensitivity data by those who have permissions should be audited.(Contain read/write/…)

[Limited Access] 2. Mechanism >Database Account & Privileges Control >Database Operation Audit >Data files and Backup files security >Data encryption >Sensitivity Data separation

[Limited Access] Database Account & Privileges Control >Prod/UAT Server Server Type Account Account Owner Future Account Owner Owner PrivilegesNote Pord/UAT Server DBA ( Domain Account ) Xiaodan Tang /Hongtan Hongtan/Jian Xu dbcreator 、 SQLAgentOperatorRole 、 db_owner of all DB except "Aud"/"Security" DBA has no privileges to read or create uses in "Aud"/"Security" have more privileges than themselves. SecurityAccout Jiang Jingmin SecurityAdmin Alter any login, Db_datawriter in Security Management Users 、 Manage table in Security. Sqladmin backup accountJianxu ISO Departmentsysadmin An account for backup, in the situation of "sqladmin" forget his password. sqladminJingmin Jiang 非 IT 的人 sysadmin sqlamin have all privileges , For grant Privileges to DBA in some situations. Aud_userXiaodan Tang Audit work groupdb_owner of Security/Aud User AccountApp Team According to the application form and approval For Prod Server, the biggest privileges for app team is db_datareader, db_datawriter for some databases except SVP's approval. 2. Mechanism

[Limited Access] >Dev Server Server TypeAccountAccount Owner Future Account Owner Owner PrivilegesNote Dev Server DBA ( Domain Account ) Xiaodan Tang /HongtanHongtan/JianXu dbcreator 、 alter any login 、 SQLAgentOperatorRole 、 db_owner of all DB except "Aud"/"Security" DBA has no privileges to read or create uses in "Aud" /"Security" have more privileges than themselves. SecurityAccout Hongtan/JianXu SecurityAdmin Alter any login, Db_datawriter in Security Management Users 、 Manage table in Security. Sqladmin backup accountJianxu sysadmin An account for backup, in the situation of "sqladmin" forget his password. sqladminJingmin Jiang sysadmin sqlamin have all privileges , For grant Privileges to DBA in some situations. Aud_userXiaodan TangProject Managerdb_owner of Security/Aud User AccountApp Team According to the application form and For DEV Server, the biggest privileges for app team is db_owner for some databases. Database Account & Privileges Control 2. Mechanism

[Limited Access] Database Audit Method 2. Mechanism

[Limited Access] Database Audit Content Database Audit Content Global TracePrivileges Trace Server start/stop Schema Access Login Failed Filter: User who have sysadmin privileges User in security.dbo.user_data and audit is true User in security.dbo.firecalls And we can just audit specific database listed in Security.dbo.audit_db Object created/Deleted Database scope GDR Event Schema scope GDR Event ADD/GDR/change login event ADD/GDR/change db user/role event Statement permission event Backup/Restore event Note: Global trace is used for all logins and privileges trace is for all users who have sysadmin privileges and specify user in user_data or specify database. Change Audit event Object derived Permissions Server scope GDR event 2. Mechanism

[Limited Access] How to Query Audit Result How to Query Audit Result  Store Procedure: sp_audit_result: Query the audit result in Aud database. [The day before that day ] sp_audit_result_trc: Query the result from trace file. [That day]  User : aud_user  Usage: exec sp_audit_result ‘username’, ‘time’ ----or with no parameter exec sp_audit_result_trc 'username‘----or with no parameter 2. Mechanism

[Limited Access] 2. Mechanism >Data files and Backup files security Infrastructure: Keep the data files directory inaccessible by not related people. Move the backup files to security place at specific time after database backup taken. Audit access or other operations of the users who have permissions to backup/data files. DMS: Encrypt the backup file when backup the database contain Sensitivity data >Data encryption App Team(Optional): Encrypt the sensitivity data columns/Use Keys when design database.

[Limited Access] >Sensitivity Data separation >??????????????????Tan Hong ~~`

[Limited Access] 3. Difficulty >The sysadmin have all permissions, who should hold Sysadmin? If the sysadmin delete the audit database ? >Do Infrastructure monitor the copy operation? If some guys copy the backup file out and …

[Limited Access] 4. Proposal

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.