April 1, 2008 at 12:34 pm
I have a question about the SQL C2 audit mode. In the documentation it states, "If all audit counters are turned on for all objects, there could be a significant performance impact on the server". How do you turn on or off the specific audit counters?
April 1, 2008 at 12:50 pm
With C2, just about everything is turned on. As a result, you do suffer a performance hit. I've seen it estimated as up to 20% percent. Realize that C2 mode is just an intensive server-side trace. As a result, you can automate a trace that records less, yes, but also consumes less resources.
K. Brian Kelley
@kbriankelley
April 2, 2008 at 6:31 am
Has anyone had the experience of c2 auditing being the bottleneck on an OLTP system?
Nigel Moore
======================
April 2, 2008 at 6:57 am
C2 Auditing? No. Trying to do too much with a server trace? Yes.
K. Brian Kelley
@kbriankelley
April 3, 2008 at 2:56 am
Be aware that the concept of 'C2 Auditing' is obsolete. The C2 level was based on the old US DOD 'Trusted Computer System Evaluation Criteria', that became obsolete almost 2 decades ago.
The C2 measurements cut across the the current 'Common Criteria' standards, and do not really tick any boxes for security professionals. Unless they have been in security for 20 years, they may not even understand what C2 is about 🙂
I recommend you talk to your security people to see what they really want before turning on C2 Auditing.
Original author: https://github.com/SQL-FineBuild/Common/wiki/ 1-click install and best practice configuration of SQL Server 2019, 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005.
When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist - Archbishop Hélder Câmara
April 4, 2008 at 6:06 am
EdVassie (4/3/2008)
Be aware that the concept of 'C2 Auditing' is obsolete. The C2 level was based on the old US DOD 'Trusted Computer System Evaluation Criteria', that became obsolete almost 2 decades ago.The C2 measurements cut across the the current 'Common Criteria' standards, and do not really tick any boxes for security professionals. Unless they have been in security for 20 years, they may not even understand what C2 is about 🙂
I recommend you talk to your security people to see what they really want before turning on C2 Auditing.
2 decades ago = 1988. That's about when the final spec came out for C2. I remember Microsoft working to certify NT 4.0, Windows 2000, and SQL Server 2000 in the mid to late 90s because it was still important for some aspects of DoD (I worked in the USAF's program office for managing IT contracts). I won't disagree that the way Microsoft went about meeting the requirements (NT 4.0 couldn't be plugged into a network, for instance) wasn't very feasible in a lot of cases, but I would disagree that the standard was obsolete 20 years ago.
With that said, I've seen only a handful of cases where folks need to turn on C2. As Ed points out, usually the actual requirements are far less. No reason to kill your SQL Server for something you're never going to use (or have the time to review as C2 auditing produces a LOT of records).
K. Brian Kelley
@kbriankelley
April 4, 2008 at 6:22 am
oops, I overstated it a bit...
The ISO 15408 standard covering what is called Common Criteria was ratified in 1999, and revised in 2005. The drive to create CC came from UK work called ITSEC, Canadian work called CTCPEC, and the good old TCSEC work in the US.
It would be better to say that TCSEC (and therefore C2) was becoming obsolete from about 15 years ago, and has been formally obsolete for 9 years.
I know a few people who have become computer security professionals since 1999, and they are far more familiar with CC than what C2 means.
Original author: https://github.com/SQL-FineBuild/Common/wiki/ 1-click install and best practice configuration of SQL Server 2019, 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005.
When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist - Archbishop Hélder Câmara
Viewing 7 posts - 1 through 7 (of 7 total)
You must be logged in to reply to this topic. Login to reply