Once there was a security breach on my client machine and they wanted to know who made changes to the SysAdmin role. They contacted me and my first question was that, are you are auditing such changes and as expected answer was No. I gave them answer that nothing can be done as a consultant. They still wanted my suggestion to prevent this in future. So, they want to track if someone does such things in future. Let us see a script to audit login and role member change.
ApexSQL Audit is a tool which is used to audit SQL Server events for the purpose of general auditing as well as to meet strict SQL Server compliance standards. ApexSQL Audit can be used to audit more than 170 SQL Server events, including DDL and DML operations, SQL Server logins, security events, query execution… ApexSQL Audit can be used by DBA to meet complex database auditing requirements as well as several compliance standards, including HIPAA, SOX, PCI, FISMA, FERPA, FDA and more.
Talk to any financial institution or bank they will be super paranoid when it comes to security and auditing policies applied to their organizations. In a recent session to one of our customers, I had to enter their premises and I had to go through some screening. From the entrance, car parking, reception, elevators and everywhere there was someone asking us for some information. The more I think about it, the more frustrated I become. After returning home, I thought through the complete incident with my family. I was pleasantly surprised the calmness at which they were talking to me about an audit process.
As database administrators, we are constantly quizzed by our superiors to answer questions such as: how secure is our network, how secure is our data, is data secure at rest, is data secure in transition, who is accessing my data? All these are basic yet compelling queries businesses ask. In this age of competitive businesses, organizations are becoming tech savvy in building a secure fort for their critical data. Having worked on many projects in the past, these security measures are something I know are non-negotiable from an implementation point of view for administrators. When on this topic, I am reminded of a conversation about SQL Compliance Manager, I had with a junior DBA named Siva.
I was recently working on security auditing for one of my clients. In this project, there was a requirement that all successful logins in the servers should be recorded. The solution for this requirement is a breeze! Just create logon triggers. I created logon trigger on server to catch all successful windows authentication as well SQL authenticated solutions. When I was done with this project, I made an interesting observation of executing a logon trigger multiple times. It was absolutely unexpected for me! As I was logging only once, naturally, I was expecting the entry only once. However, it did it multiple times on different threads – indeed an eccentric phenomenon at first sight!