SQL server security monitoring

<<

Florin

Newbie
Newbie

Posts: 29

Joined: Thu May 03, 2007 8:57 am

Post Thu Sep 17, 2009 2:37 pm

SQL server security monitoring

Hi everyone,

I need some advice regarding a solution/method that can be used to monitor actions like update/delete/insert at record level on a SQL Server.
I made some research on the subject and found out that SQL Profiler (which uses SQL trace) can be used in this regard. I took also in consideration various SIEM solutions, most of them being able to perform monitoring also if trace is enabled.

Knowing the above, I have asked the database administrators to activate trace, but they argued that by activating it additional overhead is created on the server which might have an unexpected impact on server's performance.
I "googled" a little bit and found out that they might have a point, but, not having any database administrator experience, I am not 100% that this is the case.

1. From your experience/knowledge is the activation of SQL trace so dangerous to the availability/performance of the server? Which are the options to minimize the impact? (additional memory, CPU power etc.)
2. Which other SQL record level monitoring solution/method do you know/use? (very interested in how this is performed in other companies).

Thanks in advance for all the answers.
Security+, OSCP, CISM, CISSP
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Thu Sep 17, 2009 3:04 pm

Re: SQL server security monitoring

If you want to track every transaction in the database, you can try using C2 Auditing features in SQL server.   The feature will generate quite a bit of log data, so you have to be mindful of storage, but it works very well.

SQL Trace will use more resources than C2 Auditing features in my experience.   I don't know the mechanics behind C2 Auditing, but it seems to be faster.

http://msdn.microsoft.com/en-us/library/ms187634%28SQL.90%29.aspx

http://www.sqlshare.com/enabling-c2-auditing-in-sql-server_563.aspx
Last edited by Ketchup on Thu Sep 17, 2009 3:19 pm, edited 1 time in total.
~~~~~~~~~~~~~~
Ketchup

Return to Other

Who is online

Users browsing this forum: No registered users and 1 guest

cron
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software