question

aijazahmedece avatar image
aijazahmedece asked

SQL Server Security monitoring (For Data leakage Protection)

Hi, Can anybody suggest me a security monitoring solution (Preferably open source) which can help to - 1) Track/alert the unauthorized access attempts in a SQL database. 2) Track/alert the "Authorized" access attempts (views) on a particular table (and alerts) We are trying to implement DLP (data leakage prevention) in our company by which we can monitor and control the leakage of sensitive information. For normal files like word, excel, etc. our end point security solution is capable of monitoring and controlling unauthorized access (or leakage) based on content and context of the files. However we have a ERP department and many programmers have access to critical databases like finance and HR. We want to monitor who is reading which table or entries (database), etc. I know a good DBA can configure the database to do the above but the management believes in "guarding the guards". I am an IT security admin and not familiar with SQL. Thanks in advance. Mohammed Aijaz Ahmed
securitysqlserver2008
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
sp_lock avatar image
sp_lock answered
One way to tackle this would be to use the audit function within SQL Server. It is limited to Enterprise and has it draw backs. I would start with reading the Brad's [article][1] and pay close attention to the limitations i.e. Performance, audit destination etc. This [MSDN][2] article also has some good information. If you are not familiar with auditing (or SQL Server), I would advise you test first or consult with an experienced DBA. When I have enabled this in the past I havent done so for general application auditing (as it had one in built), but for people/groups that had direct access via SSMS (like DBA's). This in my case reduce the audit log size, but satisfied the business in terms of "guarding the guards". [1]: http://bradmcgehee.com/2010/03/30/an-introduction-to-sql-server-2008-audit/ [2]: http://technet.microsoft.com/en-us/library/dd392015(v=sql.100).aspx
2 comments
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

aijazahmedece avatar image aijazahmedece commented ·
Thank you for the response. The problem is that the management doesn't trust the DBA(for auditing and security) and it is not possible for any other staff from IT department to work on SQL database directly. Therefore i am looking for a third party solution which can be used by an IT security admin to monitor the activity on databases.
0 Likes 0 ·
sp_lock avatar image sp_lock aijazahmedece commented ·
Hi, there are some 3rd party tools out there. But i'm not aware of any free ones other than the what Microsoft offers.
0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.