Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase 12»»

Disconnecting Auditing Expand / Collapse
Author
Message
Posted Saturday, August 16, 2014 11:26 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Today @ 1:28 PM
Points: 31,368, Visits: 15,836
Comments posted to this topic are about the item Disconnecting Auditing






Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #1604119
Posted Monday, August 18, 2014 2:32 AM


SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Monday, December 15, 2014 11:18 PM
Points: 111, Visits: 836
If I was starting from a blank state with structures of organisations - I'd generally tend towards divisional setups with depending on the amount of work DBAs tied to individual divisions. I would also put a DBA in the audit section who was not only tasked with monitoring fraudulent wreckless or incompetent database management but also spreading good practice and monitoring backups.

I would hope the slight tension between the audit dba and the section dbas would encourage enough competition to maintain good corporate governance going forward.

I'm not a great fan of limiting network privileges except for the most personal of data I think any improvement on perceived security is at the expense of flexibility and efficient management which in the long term leads to ignorance and incompetence which can be just as expensive as fraud.
Post #1604304
Posted Monday, August 18, 2014 4:06 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 11:58 AM
Points: 5,819, Visits: 3,739
I totally agree that there needs to be a complete disconnect between audit repositories and the IT administration privileges. Perhaps auditing repositories should be read only bins of data that should be able to archive data but only if you jump through hoops to do it (the equivalent of the two key launch system - no I have never seen this in real life but I am using it only as a simple metaphor for a multiple person task).

Perhaps it would be best if there was a standard which could enable the configuring by administrators but as soon as it is configured, there is no way to alter the configuration without the change being audited. It could be based on open standards with plugins available for systems such as SQL Server or generic modules (in the .NET world, assemblies) for bespoke applications. There is also a place for dummy audit repositories for development environments.

In the end, you want IT to be able to deploy, maintain and configure the whole IT system, however, this is one area where ideally IT cannot control the data.


Gaz

-- Stop your grinnin' and drop your linen...they're everywhere!!!
Post #1604335
Posted Monday, August 18, 2014 7:16 AM


SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Yesterday @ 11:21 AM
Points: 1,793, Visits: 5,044
A DBA doesn't necessarily need to be a local admin on the Windows server, and depending on their daily responsibilities, a DBA doesn't need to be a member of the sysadmin role in SQL Server either. For example, there are special server level roles for things like managing backups, bulk loading, or creating databases.

Just for piece of mind, one solution would be to have an external process running on another server (for which the SQL Server admin has no control), that pings the SQL Server instance every couple of minutes, checking the status of the audit trace, running a delta check on server options and permissions, and also pulling across a copy of the audit log.
Post #1604436
Posted Monday, August 18, 2014 7:32 AM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: Monday, December 15, 2014 7:14 AM
Points: 494, Visits: 819
In larger organizations that might work. However in the US, most companies are too small to do this, if for no other reason than they don't want to spend the money.

Dave
Post #1604446
Posted Monday, August 18, 2014 10:41 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Wednesday, December 10, 2014 9:48 AM
Points: 197, Visits: 300
djackson 22568 (8/18/2014)
In larger organizations that might work. However in the US, most companies are too small to do this, if for no other reason than they don't want to spend the money.


All entities should analyze the risk of an insecurity and evaluate the costs accordingly.
Post #1604561
Posted Monday, August 18, 2014 10:43 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Wednesday, December 10, 2014 9:48 AM
Points: 197, Visits: 300
Gary Varga (8/18/2014)
(the equivalent of the two key launch system - no I have never seen this in real life but I am using it only as a simple metaphor for a multiple person task).


The term you are looking for is two person integrity, TPI. TPI provides substantial security because, while you might find a crook anywhere, the likelihood of finding two crooks in the exact same location are miniscule. TPI systems are commonplace.
Post #1604565
Posted Monday, August 18, 2014 11:02 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 11:58 AM
Points: 5,819, Visits: 3,739
GeorgeCopeland (8/18/2014)
Gary Varga (8/18/2014)
(the equivalent of the two key launch system - no I have never seen this in real life but I am using it only as a simple metaphor for a multiple person task).


The term you are looking for is two person integrity, TPI. TPI provides substantial security because, while you might find a crook anywhere, the likelihood of finding two crooks in the exact same location are miniscule. TPI systems are commonplace.


Thanks George.

TPI systems should be the only way to modify audit data. All audit alterations, including configuration changes and removal should only occur after the attempt has been confirmed as audited.


Gaz

-- Stop your grinnin' and drop your linen...they're everywhere!!!
Post #1604574
Posted Monday, August 18, 2014 11:08 AM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: Monday, December 15, 2014 7:14 AM
Points: 494, Visits: 819
GeorgeCopeland (8/18/2014)
djackson 22568 (8/18/2014)
In larger organizations that might work. However in the US, most companies are too small to do this, if for no other reason than they don't want to spend the money.


All entities should analyze the risk of an insecurity and evaluate the costs accordingly.


Should? Yes. Read my point about not wanting to spend the money.


Dave
Post #1604577
Posted Tuesday, August 19, 2014 7:38 AM


Hall of Fame

Hall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of Fame

Group: General Forum Members
Last Login: Yesterday @ 6:51 AM
Points: 3,876, Visits: 343
We actually have a dedicated auditing team. Audits are pulled for every system on a routine basis and the team reviews them, independent of the users and the admins. That said, we are a government organization dealing with classified information, so the requirement for all this is spelled out in regulations. i.e. we don't have a choice but to do it this way.


Post #1604909
« Prev Topic | Next Topic »

Add to briefcase 12»»

Permissions Expand / Collapse