[limited access] content: purpose mechanism difficulty proposal database security & audit...
TRANSCRIPT
[Limited Access]
Content:Content:
PurposePurpose
MechanismMechanism
DifficultyDifficulty
ProposalProposal
Database Security & Audit Proposal
[Limited Access]
1. Purpose1. Purpose
> Insure data security and not be modified arbitrarily
> All operations to Sensitivity data by those who have permissions should be audited.(Contain read/write/…)
[Limited Access]
2. Mechanism2. Mechanism
>Database Account & Privileges Control
>Database Operation Audit
>Data files and Backup files security
>Data encryption
>Sensitivity Data separation
[Limited Access]
Database Account & Privileges ControlDatabase Account & Privileges Control> Prod/UAT Server
Server Type
AccountAccount Owner
Future Account Owner
Owner Privileges Note
Pord/UAT Server
DBA ( Domain Account )
Xiaodan Tang/Hongtan
Hongtan/JianXu
dbcreator 、SQLAgentOperatorRole 、db_owner of all DB except "Aud"/"Security"
DBA has no privileges to read or create uses in "Aud"/"Security" have more privileges than themselves.
SecurityAccout
Jiang Jingmin
SecurityAdminAlter any login,Db_datawriter in Security
Management Users 、 Manage table in Security.
Sqladmin backup account Jianxu
ISO Department sysadmin
An account for backup, in the situation of "sqladmin" forget his password.
sqladmin Jingmin Jiang 非 IT的人 sysadminsqlamin have all privileges , For grant Privileges to DBA in some situations.
Aud_user Xiaodan TangAudit work group db_owner of Security/Aud
User Account App Team
According to the application form and approval Email
For Prod Server, the biggest privileges for app team is db_datareader, db_datawriter for some databases except SVP's approval.
2. Mechanism
[Limited Access]
> Dev Server
Server Type
Account Account OwnerFuture Account
OwnerOwner Privileges Note
Dev Server
DBA ( Domain Account )
Xiaodan Tang/Hongtan Hongtan/JianXu
dbcreator 、 alter any login 、 SQLAgentOperatorRole 、 db_owner of all DB except "Aud"/"Security"
DBA has no privileges to read or create uses in "Aud" /"Security" have more privileges than themselves.
SecurityAccout
Hongtan/JianXu
SecurityAdminAlter any login,Db_datawriter in Security
Management Users 、 Manage table in Security.
Sqladmin backup account Jianxu Jianxu sysadmin
An account for backup, in the situation of "sqladmin" forget his password.
sqladmin Jingmin Jiang Jingmin Jiang sysadminsqlamin have all privileges , For grant Privileges to DBA in some situations.
Aud_user Xiaodan Tang Project Manager db_owner of Security/Aud
User Account App Team
According to the application form and Email
For DEV Server, the biggest privileges for app team is db_owner for some databases.
Database Account & Privileges ControlDatabase Account & Privileges Control2. Mechanism
[Limited Access]
Database Audit ContentDatabase Audit Content
Global Trace Privileges Trace
Server start/stop Schema Access
Login Failed Filter: User who have sysadmin privileges User in security.dbo.user_data and audit is true User in security.dbo.firecalls And we can just audit specific database listed in Security.dbo.audit_db
Object created/Deleted
Database scope GDR Event
Schema scope GDR Event
ADD/GDR/change login event
ADD/GDR/change db user/role event
Statement permission event
Backup/Restore event Note: Global trace is used for all logins and privileges trace is for all users who have sysadmin privileges and specify user in user_data or specify database.
Change Audit event
Object derived Permissions
Server scope GDR event
2. Mechanism
[Limited Access]
How to Query Audit ResultHow to Query Audit Result
Store Procedure:
sp_audit_result: Query the audit result in Aud database. [The day before that day ]
sp_audit_result_trc: Query the result from trace file. [That day]
User :
aud_user
Usage:
exec sp_audit_result ‘username’, ‘time’ ----or with no parameter
exec sp_audit_result_trc 'username‘----or with no parameter
2. Mechanism
[Limited Access]
2. Mechanism2. Mechanism
>Data files and Backup files security Infrastructure:
Keep the data files directory inaccessible by not related people.
Move the backup files to security place at specific time after database backup taken.
Audit access or other operations of the users who have permissions to backup/data files.
DMS:
Encrypt the backup file when backup the database contain Sensitivity data
>Data encryption
App Team(Optional):
Encrypt the sensitivity data columns/Use Keys when design database.
[Limited Access]
3. Difficulty3. Difficulty
> The sysadmin have all permissions, who should hold Sysadmin?
If the sysadmin delete the audit database?> Do Infrastructure monitor the copy operation? If some guys copy the
backup file out and …