Presentation is loading. Please wait.

Presentation is loading. Please wait.

Building a Home Grown Auditing Infrastructure for SQL Server

Published bySabina Shelton Modified over 6 years ago

Similar presentations

Presentation on theme: "Building a Home Grown Auditing Infrastructure for SQL Server"— Presentation transcript:

1 Building a Home Grown Auditing Infrastructure for SQL Server
K. Brian Kelley

2 About Me Infrastructure and security architect
Database Administrator / Architect Former Incident Response team lead Certified Information Systems Auditor (CISA) SQL Server security columnist / blogger Editor for SQL Server benchmarks at Center for Internet Security

3 Contact Information K. Brian Kelley Infrastructure/Security Blog: Personal Development Blog:

4 Agenda What to Audit How to Audit Reporting Your Results
Taking Auditing One Step Further

5 Agenda What to Audit How to Audit Reporting Your Results
Taking Auditing One Step Further

6 Auditing Too Little Compliance / Regulatory requirements
Organizational procedures & standards Comfort level to track change Real time notifications?

7 Auditing Too Much More means slower to process & get results
More means more storage required (cost) More means more complex reporting How much is too much? Can you find the details you need?

8 Design Philosophy Where to filter?
If you filter during the collection, you’ll never have the events/info If you filter during the reporting, you slow collection & reporting This sounds like a data warehouse problem – It is! (more on this later)

9 Agenda What to Audit How to Audit Reporting Your Results
Taking Auditing One Step Further

10 Tools to Use – The Data sys.server_principals sys.database_principals
sys.server_role_members sys.database_role_members sys.databases sys.server_permissions sys.database_permissions

11 Tools to Use – Retrieving Data
DDL Triggers Extended Events Linked Servers SSIS Packages PowerShell scripts SQL Server Agent Task Scheduler

12 Tool Spotlight – DDL Triggers
Including Logon Triggers in this Can fire on particular actions Work across all supported versions of SQL Server If there’s a problem with the trigger, action will be blocked (including login)

13 Tool Spotlight – Extended Events
Each new version has expanded Know what events you have on based on version Useful for alerting Set up to be active at SQL Server service start up

14 Tool Spotlight - SSIS Does require Integration Services to be installed Does require package development Think about what we’re talking about: Extracting Data Comparing Data (Transforming) Loading Data May be easier than PowerShell for you

15 Tool Spotlight - PowerShell
“Swiss Army Knife” Doesn’t require BIDS/SSDT or BIML/Mist Harder to extract and load data than SSIS Doesn’t have additional licensing cost

16 Tool Spotlight – SQL Server Agent
You’re going to want to automate collection Outstanding scheduler / job engine Better than Task Scheduler Can run from audit collection database server

17 Simple Audit DB Design Instances Databases Logins
You’re going to need more than this. This small sample shows some of the issues.

18 Sample Audit DB Schema

19 What Are We Missing? Historic tracking of changes
Who did what and when Other relevant properties – database example Recovery model TDE Trustworthy?

20 Agenda What to Audit How to Audit Reporting Your Results
Taking Auditing One Step Further

21 Focus on Reporting / Tracking
Collecting and storing data is relatively easy Figure out how to compare data to show change Figure out how to filter to only produce what is needed Executives & Management Auditors Application Teams

22 Reporting & Tracking We’re basically talking a data warehouse:
Stage environment to take in data Compare stage environment to previous “warehouse” Store changes for reporting Update “warehouse” for additional reporting

23 Agenda What to Audit How to Audit Reporting Your Results
Taking Auditing One Step Further

24 Where to Go from Here? Exporting key data into other systems
Monitoring the automation Third Party solutions Correcting detected issues automatically

25 Agenda What to Audit How to Audit Reporting Your Results
Taking Auditing One Step Further

26 Contact Information K. Brian Kelley Infrastructure/Security Blog: Personal Development Blog:

Download ppt "Building a Home Grown Auditing Infrastructure for SQL Server"

Similar presentations

Complete Event Log Viewing, Monitoring and Management.

Complete Event Log Viewing, Monitoring and Management.
Your Data Any Place, Any Time Manageability. SQL Server 2008 Manageability Challenges Challenges face database administrators today : Managing complex.

Your Data Any Place, Any Time Manageability. SQL Server 2008 Manageability Challenges Challenges face database administrators today : Managing complex.
Andy van den Biggelaar SecIdm Specialist Wortell

Andy van den Biggelaar SecIdm Specialist Wortell
Dan Stolts Chief Technology Strategist Microsoft Corporation Blog: Managing and Monitoring Critical Infrastructure.

Dan Stolts Chief Technology Strategist Microsoft Corporation Blog: Managing and Monitoring Critical Infrastructure.
Compliance on Demand. Introduction ComplianceKeeper is a web-based Licensing and Learning Management System (LLMS), that allows users to manage all Company,

Compliance on Demand. Introduction ComplianceKeeper is a web-based Licensing and Learning Management System (LLMS), that allows users to manage all Company,
Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.

Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.
Slide 1 of 9 Presenting 24x7 Scheduler The art of computer automation Press PageDown key or click to advance.

Slide 1 of 9 Presenting 24x7 Scheduler The art of computer automation Press PageDown key or click to advance.
Talend 5.4 Architecture Adam Pemble Talend Professional Services.

Talend 5.4 Architecture Adam Pemble Talend Professional Services.
Module 13 Automating SQL Server 2008 R2 Management.

Module 13 Automating SQL Server 2008 R2 Management.
Computer Associates Solutions Managing eBusiness Catalin Matei, April 12, 2005

Computer Associates Solutions Managing eBusiness Catalin Matei, April 12, 2005
Copyright © 2007 Quest Software The Changing Role of SQL Server DBA’s Bryan Oliver SQL Server Domain Expert Quest Software.

Copyright © 2007 Quest Software The Changing Role of SQL Server DBA’s Bryan Oliver SQL Server Domain Expert Quest Software.
Maintaining a Microsoft SQL Server 2008 Database SQLServer-Training.com.

Maintaining a Microsoft SQL Server 2008 Database SQLServer-Training.com.
SQL Server Integration Services (SSIS) Presented by Tarek Ghazali IT Technical Specialist Microsoft SQL Server (MVP) Microsoft Certified Technology Specialist.

SQL Server Integration Services (SSIS) Presented by Tarek Ghazali IT Technical Specialist Microsoft SQL Server (MVP) Microsoft Certified Technology Specialist.
User Manager Pro Suite Taking Control of Your Systems Joe Vachon Sales Engineer November 8, 2007.

User Manager Pro Suite Taking Control of Your Systems Joe Vachon Sales Engineer November 8, 2007.
Intro to SQL Server Performance Tuning By Robert Biddle.

Intro to SQL Server Performance Tuning By Robert Biddle.
Informix IDS Administration with the New Server Studio 4.0 By Lester Knutsen My experience with the beta of Server Studio and the new Informix database.

Informix IDS Administration with the New Server Studio 4.0 By Lester Knutsen My experience with the beta of Server Studio and the new Informix database.
Learningcomputer.com SQL Server 2008 – Administration, Maintenance and Job Automation.

Learningcomputer.com SQL Server 2008 – Administration, Maintenance and Job Automation.
IT 456 Seminar 5 Dr Jeffrey A Robinson. Overview of Course Week 1 – Introduction Week 2 – Installation of SQL and management Tools Week 3 - Creating and.

IT 456 Seminar 5 Dr Jeffrey A Robinson. Overview of Course Week 1 – Introduction Week 2 – Installation of SQL and management Tools Week 3 - Creating and.
Module 15 Monitoring SQL Server 2008 R2 with Alerts and Notifications.

Module 15 Monitoring SQL Server 2008 R2 with Alerts and Notifications.
4/24/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/24/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

Similar presentations

Ads by Google