SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Disconnecting Auditing


Disconnecting Auditing

Author
Message
Steve Jones
Steve Jones
SSC Guru
SSC Guru (61K reputation)SSC Guru (61K reputation)SSC Guru (61K reputation)SSC Guru (61K reputation)SSC Guru (61K reputation)SSC Guru (61K reputation)SSC Guru (61K reputation)SSC Guru (61K reputation)

Group: Administrators
Points: 61591 Visits: 19099
Comments posted to this topic are about the item Disconnecting Auditing

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Dalkeith
Dalkeith
SSC Veteran
SSC Veteran (281 reputation)SSC Veteran (281 reputation)SSC Veteran (281 reputation)SSC Veteran (281 reputation)SSC Veteran (281 reputation)SSC Veteran (281 reputation)SSC Veteran (281 reputation)SSC Veteran (281 reputation)

Group: General Forum Members
Points: 281 Visits: 1110
If I was starting from a blank state with structures of organisations - I'd generally tend towards divisional setups with depending on the amount of work DBAs tied to individual divisions. I would also put a DBA in the audit section who was not only tasked with monitoring fraudulent wreckless or incompetent database management but also spreading good practice and monitoring backups.

I would hope the slight tension between the audit dba and the section dbas would encourage enough competition to maintain good corporate governance going forward.

I'm not a great fan of limiting network privileges except for the most personal of data I think any improvement on perceived security is at the expense of flexibility and efficient management which in the long term leads to ignorance and incompetence which can be just as expensive as fraud.
Gary Varga
Gary Varga
SSCoach
SSCoach (16K reputation)SSCoach (16K reputation)SSCoach (16K reputation)SSCoach (16K reputation)SSCoach (16K reputation)SSCoach (16K reputation)SSCoach (16K reputation)SSCoach (16K reputation)

Group: General Forum Members
Points: 16114 Visits: 6531
I totally agree that there needs to be a complete disconnect between audit repositories and the IT administration privileges. Perhaps auditing repositories should be read only bins of data that should be able to archive data but only if you jump through hoops to do it (the equivalent of the two key launch system - no I have never seen this in real life but I am using it only as a simple metaphor for a multiple person task).

Perhaps it would be best if there was a standard which could enable the configuring by administrators but as soon as it is configured, there is no way to alter the configuration without the change being audited. It could be based on open standards with plugins available for systems such as SQL Server or generic modules (in the .NET world, assemblies) for bespoke applications. There is also a place for dummy audit repositories for development environments.

In the end, you want IT to be able to deploy, maintain and configure the whole IT system, however, this is one area where ideally IT cannot control the data.

Gaz

-- Stop your grinnin' and drop your linen...they're everywhere!!!
Eric M Russell
Eric M Russell
SSChampion
SSChampion (12K reputation)SSChampion (12K reputation)SSChampion (12K reputation)SSChampion (12K reputation)SSChampion (12K reputation)SSChampion (12K reputation)SSChampion (12K reputation)SSChampion (12K reputation)

Group: General Forum Members
Points: 12038 Visits: 10622
A DBA doesn't necessarily need to be a local admin on the Windows server, and depending on their daily responsibilities, a DBA doesn't need to be a member of the sysadmin role in SQL Server either. For example, there are special server level roles for things like managing backups, bulk loading, or creating databases.

Just for piece of mind, one solution would be to have an external process running on another server (for which the SQL Server admin has no control), that pings the SQL Server instance every couple of minutes, checking the status of the audit trace, running a delta check on server options and permissions, and also pulling across a copy of the audit log.


"The universe is complicated and for the most part beyond your control, but your life is only as complicated as you choose it to be."
djackson 22568
djackson 22568
Ten Centuries
Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)

Group: General Forum Members
Points: 1252 Visits: 1216
In larger organizations that might work. However in the US, most companies are too small to do this, if for no other reason than they don't want to spend the money.

Dave
GeorgeCopeland
GeorgeCopeland
Ten Centuries
Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)

Group: General Forum Members
Points: 1095 Visits: 849
djackson 22568 (8/18/2014)
In larger organizations that might work. However in the US, most companies are too small to do this, if for no other reason than they don't want to spend the money.


All entities should analyze the risk of an insecurity and evaluate the costs accordingly.
GeorgeCopeland
GeorgeCopeland
Ten Centuries
Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)

Group: General Forum Members
Points: 1095 Visits: 849
Gary Varga (8/18/2014)
(the equivalent of the two key launch system - no I have never seen this in real life but I am using it only as a simple metaphor for a multiple person task).


The term you are looking for is two person integrity, TPI. TPI provides substantial security because, while you might find a crook anywhere, the likelihood of finding two crooks in the exact same location are miniscule. TPI systems are commonplace.
Gary Varga
Gary Varga
SSCoach
SSCoach (16K reputation)SSCoach (16K reputation)SSCoach (16K reputation)SSCoach (16K reputation)SSCoach (16K reputation)SSCoach (16K reputation)SSCoach (16K reputation)SSCoach (16K reputation)

Group: General Forum Members
Points: 16114 Visits: 6531
GeorgeCopeland (8/18/2014)
Gary Varga (8/18/2014)
(the equivalent of the two key launch system - no I have never seen this in real life but I am using it only as a simple metaphor for a multiple person task).


The term you are looking for is two person integrity, TPI. TPI provides substantial security because, while you might find a crook anywhere, the likelihood of finding two crooks in the exact same location are miniscule. TPI systems are commonplace.


Thanks George.

TPI systems should be the only way to modify audit data. All audit alterations, including configuration changes and removal should only occur after the attempt has been confirmed as audited.

Gaz

-- Stop your grinnin' and drop your linen...they're everywhere!!!
djackson 22568
djackson 22568
Ten Centuries
Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)

Group: General Forum Members
Points: 1252 Visits: 1216
GeorgeCopeland (8/18/2014)
djackson 22568 (8/18/2014)
In larger organizations that might work. However in the US, most companies are too small to do this, if for no other reason than they don't want to spend the money.


All entities should analyze the risk of an insecurity and evaluate the costs accordingly.


Should? Yes. Read my point about not wanting to spend the money.

Dave
lionfan91
lionfan91
SSCarpal Tunnel
SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)

Group: General Forum Members
Points: 4757 Visits: 429
We actually have a dedicated auditing team. Audits are pulled for every system on a routine basis and the team reviews them, independent of the users and the admins. That said, we are a government organization dealing with classified information, so the requirement for all this is spelled out in regulations. i.e. we don't have a choice but to do it this way.



Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search