Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
Log in  ::  Register  ::  Not logged in

Disconnecting Auditing

By Steve Jones,

We know security is becoming more and more of a topic for IT professionals. As we realy more heavily on our computer systems, we have to be sure that the information contained in them is secure. We know that we can't necessarily anticipate and protect the applications from every attack, but we can usually detect and respond to incidents. To do that, we need good auditing of all the events that occur.

The problem, in my mind, is that our auditing efforts and implementations are too tightly tied to the administration of our systems. The auditing features must be configured by administrators, who are also often tasked with the review of the auditing data and logs. This is a fundamental problem as it's entirely possible that an administrator or privileged user might be just the person that will violate security practices. With their rights inside of the computer system, it's likely that the same person perpetrating the malicious activity would be able to easily cover up or remove any evidence of the incident.

I think that auditing is fundamentally implemented poorly. Auditing features in software, including SQL Server, should be separated out from administration, perhaps even configured and enabled by a separate user or account than the person who administers the system. I would anticipate that a person in the finance or accounting departments at most companies might be responsible for managing the audit data. Even if they were unsure of the meaning of the data, having control over the information would prevent problems with the auditing data being compromised. I could even see auditing services being offered by third parties that interpret or review the data for companies without a dedicated security department.

I doubt we'll see a disconnect anytime soon, but I do think that the value of auditing is drastically reduced when we don't have a strong separation of rights, responsibility, and capabilities between auditing and administration.

Total article views: 88 | Views in the last 30 days: 1
Related Articles

Administering Securely

A common request is how can you secure SQL Server data and prevent the system administrator from vie...


Stairway to SQL Server Security Level 11: Auditing

By defining server- and database-level audits, you can record just about any kind of event that occu...


SQL 2005 Security Audit

Security Audits for SQL 2005 stnd


How to prevent our database to access any person

How to prevent our database to access any person while other person is administrator


Security Managemen Systems

problem with Security Managemen Systems


Join the most active online SQL Server Community

SQL knowledge, delivered daily, free:

Email address:  

You make SSC a better place

As a member of SQLServerCentral, you get free access to loads of fresh content: thousands of articles and SQL scripts, a library of free eBooks, a weekly database news roundup, a great Q & A platform… And it’s our huge, buzzing community of SQL Server Professionals that makes it such a success.

Join us!

Steve Jones

Already a member? Jump in:

Email address:   Password:   Remember me: Forgotten your password?
Steve Jones