If your company needs to go through a SOX (Sarbanes–Oxley) audit or any security audit, the DBA has to provide security information to them. If you have purchased third party tools to provide this information that is great. If you don't have third party tools and need to go through many servers to provide this information it can be a hassle and very time consuming. So I put together a script to generate a report that I could just review. The script generates a report of all elevated level accounts and any possible security holes.  Read more...

I would like the option on some servers of having a profiler trace running 24x7 in the background. I could then access and read these trace files to investigate issues after the fact - much like the default trace that came out with SQL 2005.   Read more...

The final part of the Security Audit series examines how to secure the Windows Server operating system.  Read more...

What do you do as a DBA if you get asked to cook the books? With the economy doing poorly, some executives will be tempted to mis-report earnings and they might ask the technical people to help. Steve Jones has a few thoughts.  Read more...

What do you do as a DBA if you get asked to cook the books? With the economy doing poorly, some executives will be tempted to mis-report earnings and they might ask the technical people to help. Steve Jones has a few thoughts.  Read more...

What do you do as a DBA if you get asked to cook the books? With the economy doing poorly, some executives will be tempted to mis-report earnings and they might ask the technical people to help. Steve Jones has a few thoughts.  Read more...

The second in the Security Audit series looks at securing an individual database.  Read more...

The first of this three part series on SQL Server Security Auditing focuses on the SQL Server itself and addressing any of its security vulnerabilities.  Read more...

With a continuation of his last article on auditing, Leo Peysakhovich enhances his solution to capture more details using XML.  Read more...

In a recent blog post, see the steps Denny Cherry thinks are vital to monitoring both successful and unsuccessful outside user logins to your SQL Server.  Read more...

I re-cycle my SQL Server log every night using sp_cycle_errorlog. However, before I do, I would like to capture all of the failed logins recorded. I have auditing turned on for failed logins, but I want to make sure that I capture those events into a table so I can report on. How can I do this?  Read more...

Continuing with his series on using auditing information to roll transactions forward or back, David McKinney shows us how to generate audit triggers using XML.  Read more...

This is spurred on by a comment a pen tester made. He was referring to a particular technology and said something to the effect of, "What do you expect? It's 30 year-old technology." I was stunned when the comment was relayed to me. My response...  Read more...

In SQL Server 2008, Microsoft introduced SQL Server Audit. This is much better than anything we had before, and is likely to meet the needs of all but the largest, or most highly-regulated industries. SQL Server 2008 Enterprise Edition includes all of the features, whereas SQL Server 2008 Standard Edition only provides a subset. What is most attractive about it, is that it is easy to administer, as Thomas LaRock explains.  Read more...

Using an audit table to rollback changes to data might be a nice addition to many applications. David McKinney's new series looks at how you can use this data for RollBack or RollForward.  Read more...

How do you protect and monitor your databases? Auditing is one way, but Steve Jones thinks this subsystem in SQL Server needs to mature.  Read more...

How do you protect and monitor your databases? Auditing is one way, but Steve Jones thinks this subsystem in SQL Server needs to mature.  Read more...

How do you protect and monitor your databases? Auditing is one way, but Steve Jones thinks this subsystem in SQL Server needs to mature.  Read more...

How do you protect and monitor your databases? Auditing is one way, but Steve Jones thinks this subsystem in SQL Server needs to mature.  Read more...

An auditor has taken a look at our SQL Servers and has told us that we need to audit login failures to the SQL Servers themselves. How do we do this?  Read more...

This article is the beginner's guide to Default Trace. The article outlines how to query the default trace for key trace events, with a focus on DDL history.  Read more...

This article introduces Profiler presenting what it is, how to use it, and why you might want to use it.  Read more...

The first of this three part series on SQL Server Security Auditing focuses on the SQL Server itself and addressing any of its security vulnerabilities.  Read more...