SQL Clone
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

Disconnecting Auditing

By Steve Jones,

We know security is becoming more and more of a topic for IT professionals. As we realy more heavily on our computer systems, we have to be sure that the information contained in them is secure. We know that we can't necessarily anticipate and protect the applications from every attack, but we can usually detect and respond to incidents. To do that, we need good auditing of all the events that occur.

The problem, in my mind, is that our auditing efforts and implementations are too tightly tied to the administration of our systems. The auditing features must be configured by administrators, who are also often tasked with the review of the auditing data and logs. This is a fundamental problem as it's entirely possible that an administrator or privileged user might be just the person that will violate security practices. With their rights inside of the computer system, it's likely that the same person perpetrating the malicious activity would be able to easily cover up or remove any evidence of the incident.

I think that auditing is fundamentally implemented poorly. Auditing features in software, including SQL Server, should be separated out from administration, perhaps even configured and enabled by a separate user or account than the person who administers the system. I would anticipate that a person in the finance or accounting departments at most companies might be responsible for managing the audit data. Even if they were unsure of the meaning of the data, having control over the information would prevent problems with the auditing data being compromised. I could even see auditing services being offered by third parties that interpret or review the data for companies without a dedicated security department.

I doubt we'll see a disconnect anytime soon, but I do think that the value of auditing is drastically reduced when we don't have a strong separation of rights, responsibility, and capabilities between auditing and administration.

Total article views: 91 | Views in the last 30 days: 1
Related Articles

SQL Server System Audit Report

Ensuring that your SQL Server is secure is the job of every Database Administrator. In this article ...


Administering Securely

A common request is how can you secure SQL Server data and prevent the system administrator from vie...


Stairway to SQL Server Security Level 11: Auditing

By defining server- and database-level audits, you can record just about any kind of event that occu...


SQL 2005 Security Audit

Security Audits for SQL 2005 stnd


Security Managemen Systems

problem with Security Managemen Systems