Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

How to secure SQL Server audit log Expand / Collapse
Author
Message
Posted Friday, August 21, 2009 4:23 PM


SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Monday, September 16, 2013 8:08 AM
Points: 1,987, Visits: 210
Working on instructions for securing a SQL 2005/2008 server for credit card PCI compliance. Below are the specific requirements from the PCI spec that I am using SQL Server auditing to cover.

The specific items; 10.2.3 and 10.2.6 are the requirements I am solving for. Can I audit these actions?

10.2.2 All actions taken by any individual with root or administrative privileges
10.2.3 Access to all audit trails
10.2.4 Invalid logical access attempts
10.2 5 Use of identification and authentication mechanisms
10.2.6 Initialization of the audit logs


Thanks
Post #775474
Posted Sunday, August 23, 2009 12:13 AM
SSC Eights!

SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!

Group: General Forum Members
Last Login: Yesterday @ 1:52 PM
Points: 968, Visits: 964
Can you elaborate on the audit logs you are referring to?
Post #775629
Posted Sunday, August 23, 2009 7:25 AM


SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Monday, September 16, 2013 8:08 AM
Points: 1,987, Visits: 210
Sure, its the log that gets the entries when someone does a login or logout of SQL Server. You can then view the logs in SQL Server Management Studio by clicking on Management/SQL Server Logs.
Post #775668
Posted Sunday, August 23, 2009 8:21 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 6:27 AM
Points: 7,004, Visits: 8,449
- You can indeed switch your sqlserver instance to "audit login all", that will insert a row for every logon attempt in the sqlserver instance Errorlog file.
Off course you'll have to secure that file at os level and take copies at frequent inverval,...

- to trace what's going on you could use my little article "
SQL Server and SOX" to get started.
http://www.sqlservercentral.com/articles/Security/3203/

- Keep in mind at windows level you can also audit the (windows) logons at os-level.


- you can also capture sqlserver login events yourself ( see "Scope: The drastic caveat with Logon Triggers." !
at http://www.sqlservercentral.com/articles/Administration/64974/ )


Johan


Don't drive faster than your guardian angel can fly ...
but keeping both feet on the ground won't get you anywhere

- How to post Performance Problems
- How to post data/code to get the best help


- How to prevent a sore throat after hours of presenting ppt ?


"press F1 for solution", "press shift+F1 for urgent solution"


Need a bit of Powershell? How about this

Who am I ? Sometimes this is me but most of the time this is me
Post #775672
Posted Sunday, August 23, 2009 8:36 AM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Friday, June 13, 2014 10:40 AM
Points: 368, Visits: 543
All you need is C2 Administrator’s and User’s Security Guide Revision 1.1
you can donwload this guide from :
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=71C146F3-9907-40CD-BABF-3506ECD33254


Regards,
Sarabpreet Singh
SQLServerGeeks.com/blogs/sarab
www.Sarabpreet.com
Twitter: @Sarab_SQLGeek
Post #775673
Posted Sunday, August 23, 2009 8:37 AM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Friday, June 13, 2014 10:40 AM
Points: 368, Visits: 543
You can download the guide from here also.

Regards,
Sarabpreet Singh
SQLServerGeeks.com/blogs/sarab
www.Sarabpreet.com
Twitter: @Sarab_SQLGeek


  Post Attachments 
C2SecGuide.doc (35 views, 499.00 KB)
Post #775675
Posted Sunday, August 23, 2009 11:18 AM


SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Monday, September 16, 2013 8:08 AM
Points: 1,987, Visits: 210
Thanks guys, this looks like good stuff!
Post #775705
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse